|0.1.2||Mar 2, 2023|
|0.1.0||Mar 2, 2023|
#245 in Filesystem
Catsploit is an open-source modern exploitation framework inspired by Metasploit.
Catsploit is currently in early development and the project is aiming to attract contributors who are interested in building the next generation exploitation framework in Rust. The project is intended to stay 100% open-source with no premium version, and is licensed under GPLv3.
To install as a crate:
cargo install catsploit
To build from source:
git clone https://github.com/tirax-lab/catsploit cd catsploit/catsploit cargo build --release sudo cp ./target/release/catsploit /usr/local/bin
Example Usage - Exploiting the VSFTPD v2.3.4 Backdoor
In this exploitation a virtual machine with Metasploitable2 is running at
172.16.187.128, which has a vulnerable
VSFTPD server running:
- The default reverse shell
nc_mkfifo_reverse_tcppayload has its
172.16.1.1which is where VMware routes back to the host machine
VSFTPDexploit has its
172.16.187.128and the default
21for the FTP server
runis called, the exploit runs and the payload runs a pretask which starts a listening TCP server for the shell connection
- The exploit is successful and the payload executes on the Metasploitable2 system, the listening TCP server receives a connection and a root shell is opened
- Module Types, catsploit currently has exploit and payload module types defined. Auxiliary, Evasion, Encoder, and many other module types should be created
- More modules, more exploits, payloads and others written so that catsploit becomes usable in a general pentest
- Better documentation for new users, tutorials, videos, etc.
catsploitdirectory contains only the code to create the CLI app, such as the user input loop and dealing with setting module options.
catsploitinteracts with the
catsploit_libdirectory contains the library.
catsploit_libcontains the functional code for carrying out tasks with Catsploit. For example the
Exploittrait and also the individual modules such as the
This structure of a split between the CLI app and the library allows other custom applications to hook into
catsploit_lib and use its functionality. For example an
axum server could be written in the future to allow calling of
catsploit_lib code from a website.
Some points on automated testing within Catsploit:
- Tests are written for logical functionality. For example in
catsploit_lib/src/core/exploit/remote_tcp.rs, tests are written for the both
custom_connectbut not for
opts. A test could be written for
optsthat iterates through the values looking for
RHOSTetc., but this makes the changing the
optsfunction more involved for not much benefit
- Tests are not written for functions that only print to STDOUT with no side effects. Example being
- It's fine to modify a functions parameters and code block solely to make it more testable. For example
catsploit/src/cli/cmd/show.rstakes a boolean indicating if the function is running in a test or not, to prevent it from printing the full exploit table to STDOUT during tests. There may be possible ways to block the STDOUT printing in the tests using closures etc., that wouldn't need to modify the
show_exploitsfunction signature. The added complexity and development time for that isn't worth it to avoid a simple parameter change.
To run tests for both the catsploit library and the CLI application:
cargo test --manifest-path=catsploit_lib/Cargo.toml && cargo test --manifest-path=catsploit/Cargo.toml