Metasploit/MethodAutofilter

Metasploit provides functionality to automate exploitation via the autopwn command. When you write a module, there are certain requirements for it to be used within the autopwn routine.


 * 1) Use a universal return address. Or
 * 2) Set a DefaultTarget. Or
 * 3) Define a method called "autofilter" within your module:

The method must return true or false.

This method is responsible for determining the correct target when used for automated exploitation. In the future, this method will be able to query the database to look for target-specific information about the target. The autofilter method can set the TARGET datastore value along with any other common parameters. As long as the final return value is true, the module will be executed as part of autopwn.

Autofilter examples
def autofilter false end

... will prevent your module from being executed in autopwn. Should MSF one day be able to determine the target host via other means, autopwn will determine the target automatically.

def autofilter # Common vulnerability scanning tools report port 445/139 # due to how they test for the vulnerability. Remap this # back to 2103 for automated exploitation rport = datastore['RPORT'].to_i if ( rport == 139 or rport == 445 ) datastore['RPORT'] = 2103 end # The NetBIOS hostname is required to exploit this bug reliably. if (not datastore['HNAME']) # XXX automatically determine the hostname return false end true end

... is an example where the module contains its own detection mechanisim.