MetasploitExpress::Parser

Update: I have already uploaded the module to CPAN. The module can be found at: http://search.cpan.org/~jabra/MetasploitExpress-Parser/lib/MetasploitExpress/Parser.pod

In Vegas I ran into the developer of Seccubus at one of the speaker parties. We talked about the things were are currently working on (Fierce v2, Automation, etc). After a few minutes, he told me about his planned to improve Seccubus to be able to leverage many different tools in a single interface. After re-freshing my memory that Seccubus is also written in Perl, I thought, … well why not add Metasploit Express interation… Well, since you are reading the post I’m sure you can guess what happened.. I coded for around 4 hours at Defcon and MetasploitExpress::Parser was ready before his presentation on sunday.

Here is an example of using MetasploitExpress::Parser:

my $msf = new MetatsploitExpress::Parser;

my $parser = $msf->parse_file(‘test1.xml’);
#a MetasploitExpress::Parser Object

my @hosts = $parser->get_all_hosts();
#an Array of MetasploitExpress::Parser::Host Objects

my @services = $parser->get_all_services();
#an Array of MetasploitExpress::Parser::Service Objects

my @tasks = $parser->get_all_tasks();
#an Array of MetasploitExpress::Parser::Task Objects

my @events = $parser->get_all_events();
#an Array of MetasploitExpress::Parser::Event Objects

my @reports = $parser->get_all_reports();
#an Array of MetasploitExpress::Parser::Report Objects

Abstract:

Security Maturity

The maturity of an information security program can be judged by various
factors. The most important of which is understanding the environment, the
goals of the organization and teams/roles that are involved. This presentation
will discuss methods that can used to determine the state of an organizations
security program and ways to improve it in the future. Building a mature
security program doesn’t happen over night, however constant improvement over a
period of time will lead to a strong security program.

We will cover a few key concepts that are important for organizations that are
building strong security programs. The concepts we will cover include:
internal/external security assessments, web application development and risk
management.

BIO:

Joshua “Jabra” Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has  extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. He has spoken at BlackHat, DefCon, ShmooCon, SANs Pentest Summit, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ. He is frequently quoted in the media regarding Microsoft Patch Tuesday and web application security by ComputerWorld, DarkReading and SC Magazine.

Advertisements

2 Responses to MetasploitExpress::Parser

  1. Tim says:

    looks Great and I can’t wait to see the module

    Tim

    @ubuntumongol

  2. […] MetasploitExpress::Parser – spl0it.wordpress.com I coded for around 4 hours at Defcon and MetasploitExpress::Parser was ready before his presentation on Sunday. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: