Rework the Metasploit implementation
Metasploit is a fundamental tool. However, we are currently unable to leverage its whole potential.
Distinguish session types
We need to create separate implementations for Meterpreter and shell sessions. Now, the user is unable to execute custom commands on some Meterpreter sessions (linux/local/docker_daemon_privilege_escalation), which also affects the execution of the following instructions at the same time.
For example:
Give the user the ability to execute his command (shell -c whoami
in MSF)
shell_command: whoami
Meterpreter commands (prebuilt functionality by MSF that works on all systems)
meterpreter_command: shell -c whoami
meterpreter_command: ps
This means the sessions' information must be saved in a database or pooled from MSF (to decide the type of the session).
Other commands that don't use session
Also, the user must be able to give commands to MSF. For example: db_nmap
, sessions -l
, sessions -u <id>
, create a proxy, etc.
output gathering
Rework the output gathering, since it is all over the place.
Also, make sure the output can be serialized if the user wants to serialize it => make sure only OUTPUT from the command is returned and nothing else (the command itself, inputs, random MSF options, etc.).
closing notes
Move all of the MSF-related functionality to the Worker since it will be easier to manage.