Metasploit/MethodAutofilter

Metasploit provides functionality to automate exploitation via the autopwn command[1]. When you write a module, there are certain requirements for it to be used within the autopwn routine.

  1. Use a universal return address. Or
  2. Set a DefaultTarget. Or
  3. Define a method called "autofilter" within your module:

The method must return true or false.

This method is responsible for determining the correct target when used for automated exploitation. In the future, this method will be able to query the database to look for target-specific information about the target. The autofilter method can set the TARGET datastore value along with any other common parameters. As long as the final return value is true, the module will be executed as part of autopwn.

Autofilter examples edit

	def autofilter
		false
	end

... will prevent your module from being executed in autopwn. Should MSF one day be able to determine the target host via other means, autopwn will determine the target automatically.


	def autofilter
		# Common vulnerability scanning tools report port 445/139
		# due to how they test for the vulnerability. Remap this
		# back to 2103 for automated exploitation
		
		rport = datastore['RPORT'].to_i
		if ( rport == 139 or rport == 445 )
			datastore['RPORT'] = 2103
		end
		
		# The NetBIOS hostname is required to exploit this bug reliably.
		if (not datastore['HNAME'])
			# XXX automatically determine the hostname
			return false
		end
		
		true
	end

... is an example where the module contains its own detection mechanisim.