Running rb module without msfconsole

[s0i37]

Summary

Hello!
Is it possible to run specified module without running the whole metasploit?
Like a RUBYLIB=/usr/share/metasploit-framework/lib irb exploit/path/to/some.rb
In python I can do this via importing from metasploit import module.

Relevant information

I have an automation tool which run a lot of metasploit modules for checking vulnerabilities. And it spend a lot of time and CPU because of loading msfconsole every time.

Thank you for attention!

[bcoles]

Hello! Is it possible to run specified module without running the whole metasploit? Like a RUBYLIB=/usr/share/metasploit-framework/lib irb exploit/path/to/some.rb In python I can do this via importing from metasploit import module.

There are a very small number of standalone modules which are designed to be run without msfconsole. For example, https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/smb/smb_loris.rb

I have an automation tool which run a lot of metasploit modules for checking vulnerabilities.

The typical approach to automation is to use RPC. Refer to:

• https://docs.rapid7.com/metasploit/rpc-api/
• https://docs.rapid7.com/metasploit/running-metasploit-remotely/

And it spend a lot of time and CPU because of loading msfconsole every time.

In the short term, you can speed up your existing automation implementation with the --defer-module-loads flag. Using this flag significantly increases the msfconsole startup time.

It is also worth noting that several patches were applied recently (in the two most recent releases). If you have not yet updated, these patches should cut the msfconsole startup time in half.