/metasploit_json_parser

Parser for the JSON database included in metasploit-framework that emits a CSV file of modules keyed by vulnerability IDs and references. NOTE: Superseded by git_vul_driller linked below.

Primary LanguagePythonMIT LicenseMIT

Important

This project has been superseded by the parse_metasploit_metadata.py in our git_vul_driller project.

Metasploit Database Parser

The open-source metasploit framework https://github.com/rapid7/metasploit-framework contains a JSON database listing each module within the tool along with a list of references to source URLs, vulnerability IDs, etc.

The code in this repository performs the following tasks:

  1. Clones or pulls the latest metasploit code from github
  2. Parses the JSON database
  3. Extracts the relevant data from the JSON database
  4. Emits two CSV files:
    • A complete list of every file with every reference
    • A list of only CVE references and accompanying files

Usage

Clone this repository.

git clone <clone_url_for_this_repo>

Check out the branch you want (main or develop depending on your bug tolerance)

git checkout <branch>

Use of a virtual environment such as anaconda is highly recommended to avoid polluting your native python installation with potentially incompatible packages.

This script was written using python 3.9. It should probably work for any version 3 python interpreter, although I make no guarantees of that.

conda create --name myenv python=3.9
conda activate myenv
pip install -r requirements.txt

Edit the config.yaml as needed.

Run main.py

python main.py

Skim the output, or have a look at the resulting CSV files (in ./DATA by default).