This is more or less just for fun, but it does allow you to remotely control a metasploit instance, kind of like db_nmap lets you control nmap from msf. Since I wrote this, foundation (I think) rewrote the msfrpcd-bruteforce script, and the msgpack implementation he wrote in pure lua could probably be substituted instead, but I learned a lot doing this and am making slides for what I learned. This was briefed at AHA in "turbo-talk" style. I'll be uploading a more readable version soon
7. You probably can’t hear this
http://nmap.org/presentations/BHDC10/ 24th Minute
8. I.E. Because I Can
or I at least thought I could
It’s Also All the “Flame”
These Days
9. For Lua Need:
Lua 5.1 for now
sockets – luasocket
http – luasocket*
msgpack – let’s talk
* http://w3.impa.br/~diego/software/luasocket/
10. Lua 5.1
Default package for most Linux
“Sweet spot” right now
apt-get install lua5.1 liblua5.1-0-dev # <-- this is key#
LuaSocket too!
liblua5.1-socket2 liblua5.1-socket-dev liblua-socket-doc
16. NSE Integration:
I used cmsgpack, so clib
Created nse_cmsgpack.h
cmsgpack.c => nse_cmsgpack.c
- edited for 5.2
Edited nse_main.cc
Edited Makefile.in
17. Prayed a lot.
Got lots of help from #nmap
near the end
nse_main.cc = pastebin.com/aCYNfUA5
Makefile.in = pastebin.com/AjinN6Y8
nse_cmsgpack.h = pastebin.com/zz0z6TWC
nse_cmsgpack.c = pastebin.com/SJbcmB9N
I will finish updating these pastes and put in github.com/kernelsmith