Persistence Exploit Suggester_MSF:POST-MULTI-RECON-PERSISTENCE_SUGGESTER-

Description

This module suggests persistence modules that can be used. The modules are suggested based on the architecture and platform that the user has a shell opened as well as the...

Visit Original Source

Basic Information

ID MSF:POST-MULTI-RECON-PERSISTENCE_SUGGESTER-

Published Oct 24, 2025 at 19:01

Affected Product

Affected Versions ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post

include Msf::Auxiliary::Report

def initialize(info = {})
super(
update_info(
info,
'Name' => 'Persistence Exploit Suggester',
'Description' => %q{
This module suggests persistence modules that can be used.
The modules are suggested based on the architecture and platform
that the user has a shell opened as well as the available exploits
in meterpreter.
It's important to note that not all modules will be checked.
Exploits are chosen based on these conditions: session type,
platform, architecture, and required default options.
},
'License' => MSF_LICENSE,
'Author' => [ 'h00die' ],
'Platform' => all_platforms,
'SessionTypes' => [ 'meterpreter', 'shell' ],
'Notes' => {
'Stability' => [],
'Reliability' => [],
'SideEffects' => []
}
)
)
register_options [
Msf::OptInt.new('SESSION', [ true, 'The session to run this module on' ]),
Msf::OptBool.new('SHOWDESCRIPTION', [true, 'Displays a detailed description for the available exploits', false])
]

register_advanced_options(
[
# most linux persistence modules are arch-cmd but for payload purposes only
# but usually we end up with a meterpreter session, thus making these invalid
# so disable this check by default
Msf::OptBool.new('ValidateArch', [true, 'Validate architecture', false]),
Msf::OptBool.new('ValidatePlatform', [true, 'Validate platform', true]),
Msf::OptBool.new('ValidateMeterpreterCommands', [true, 'Validate Meterpreter commands', false]),
# https://github.com/rapid7/rex-text/blob/a72151d409cd812978f63ad0c330efbc8f44b977/lib/rex/text/color.rb#L13
Msf::OptString.new('Colors', [false, 'Valid, Invalid and Ignored colors for module checks (unset to disable)', 'grn/red/blu'])
]
)
end

def valid_colors?(color_str = datastore['Colors'])
tokens = color_str.split('/')
tokens.each do |tok|
print_warning "#{tok} is unlikely to have any functionality for printing colors." if tok == 'clr'

unless Rex::Text::Color::SUPPORTED_FORMAT_CODES.include?("%#{tok}")
print_error "#{tok} is NOT valid color. Please see https://github.com/rapid7/rex-text/blob/a72151d409cd812978f63ad0c330efbc8f44b977/lib/rex/text/color.rb#L13 for valid color options"
return false
end
end
true
end

def all_platforms
Msf::Module::Platform.subclasses.collect { |c| c.realname.downcase }
end

def session_arch
# Prefer calling native arch when available, as most LPEs will require this (e.g. x86, x64) as opposed to Java/Python Meterpreter's values (e.g. Java, Python)
session.respond_to?(:native_arch) ? session.native_arch : session.arch
end

def is_module_arch?(mod)
mod_arch = mod.target.arch || mod.arch
mod_arch.include?(session_arch)
rescue StandardError => e
print_error "Failed to check module arch for #{mod.fullname} => #{e}"
end

def is_module_wanted?(mod)
mod[:result][:incompatibility_reasons].empty?
end

def is_session_type?(mod)
# There are some modules that do not define any compatible session types.
# We could assume that means the module can run on all session types,
# Or we could consider that as incorrect module metadata.
mod.session_types.include?(session.type)
end

def is_module_platform?(mod)
return false if mod.target.nil?

platform_obj = Msf::Module::Platform.find_platform session.platform

module_platforms = mod.target.platform ? mod.target.platform.platforms : mod.platform.platforms
module_platforms.include? platform_obj
rescue ArgumentError => e
# When not found, find_platform raises an ArgumentError
elog('Could not find a platform', error: e)
return false
end

def has_required_module_options?(mod)
get_all_missing_module_options(mod).empty?
end

def get_all_missing_module_options(mod)
missing_options = []
mod.options.each_pair do |option_name, option|
missing_options << option_name if option.required && option.default.nil? && mod.datastore[option_name].blank?
end
missing_options
end

def valid_incompatibility_reasons(mod, verify_reasons)
# As we can potentially ignore some `reasons` (e.g. accepting arch values which are, on paper, not compatible),
# this keeps track of valid reasons why we will not consider the module that we are evaluating to be valid.
valid_reasons = []
valid_reasons << "Missing required module options (#{get_all_missing_module_options(mod).join('. ')})" unless verify_reasons[:has_required_module_options]

incompatible_opts = []
incompatible_opts << 'architecture' unless verify_reasons[:is_module_arch]
incompatible_opts << 'platform' unless verify_reasons[:is_module_platform]
incompatible_opts << 'session type' unless verify_reasons[:is_session_type]
valid_reasons << "Not Compatible (#{incompatible_opts.join(', ')})" if incompatible_opts.any?

valid_reasons << 'Missing/unloadable Meterpreter commands' if verify_reasons[:missing_meterpreter_commands].any?
valid_reasons
end

def set_module_options(mod)
ignore_list = ['ACTION', 'TARGET'].freeze
datastore.each_pair do |k, v|
mod.datastore[k] = v unless ignore_list.include?(k.upcase)
end
if !mod.datastore['SESSION'] && session.present?
mod.datastore['SESSION'] = session.sid
end
end

def set_module_target(mod)
session_platform = Msf::Module::Platform.find_platform(session.platform)
target_index = mod.targets.find_index do |target|
# If the target doesn't define its own compatible platforms or architectures, default to the parent (module) values.
target_platforms = target.platform&.platforms || mod.platform.platforms
target_architectures = target.arch || mod.arch

target_platforms.include?(session_platform) && target_architectures.include?(session_arch)
end
mod.datastore['Target'] = target_index if target_index
end

def setup
return unless session

print_status "Collecting persistence modules for #{session.session_type}..."

setup_validation_options
if valid_colors?
setup_color_options
else
fail_with(Failure::BadConfig, 'Colors options set incorrectly')
end

# Collects persistence modules into an array
@persistence_modules = []
exploit_refnames = framework.exploits.module_refnames
exploit_refnames.each_with_index do |name, index|
print "%bld%blu[*]%clr Collecting exploit #{index + 1} / #{exploit_refnames.count}\r"
next unless name.include? '/persistence/'

mod = framework.exploits.create name
next unless mod

set_module_options mod
set_module_target mod
verify_result = verify_mod(mod)
@persistence_modules << { module: mod, result: verify_result } if verify_result[:has_check]
end
end

def verify_mod(mod)
return { has_check: false } unless mod.is_a?(Msf::Exploit::Local) && mod.has_check?

result = {
has_check: true,
is_module_platform: (@validate_platform ? is_module_platform?(mod) : true),
is_module_arch: (@validate_arch ? is_module_arch?(mod) : true),
has_required_module_options: has_required_module_options?(mod),
missing_meterpreter_commands: (@validate_meterpreter_commands && session.type == 'meterpreter') ? meterpreter_session_incompatibility_reasons(session) : [],
is_session_type: is_session_type?(mod)
}
result[:incompatibility_reasons] = valid_incompatibility_reasons(mod, result)
result
end

def setup_validation_options
@validate_arch = datastore['ValidateArch']
@validate_platform = datastore['ValidatePlatform']
@validate_meterpreter_commands = datastore['ValidateMeterpreterCommands']
end

def setup_color_options
@valid_color, @invalid_color, @ignored_color =
(datastore['Colors'] || '').split('/')

@valid_color = "%#{@valid_color}" unless @valid_color.blank?
@invalid_color = "%#{@invalid_color}" unless @invalid_color.blank?
@ignored_color = "%#{@ignored_color}" unless @ignored_color.blank?
end

def show_found_exploits
unless datastore['VERBOSE']
print_status "#{@persistence_modules.length} exploit checks are being tried..."
return
end

vprint_status "The following #{@persistence_modules.length} exploit checks are being tried:"
@persistence_modules.each do |x|
vprint_status x[:module].fullname
end
end

def run
runnable_exploits = @persistence_modules.select { |mod| is_module_wanted?(mod) }
if runnable_exploits.empty?
print_error 'No suggestions available.'
vprint_line
vprint_session_info
vprint_status unwanted_modules_table(@persistence_modules.reject { |mod| is_module_wanted?(mod) })
return
end

show_found_exploits
results = runnable_exploits.map.with_index do |mod, index|
print "%bld%blu[*]%clr Running check method for exploit #{index + 1} / #{runnable_exploits.count}\r"
begin
checkcode = mod[:module].check
rescue StandardError => e
elog("#Local Persistence Suggester failed with: #{e.class} when using #{mod[:module].shortname}", error: e)
vprint_error "Check with module #{mod[:module].fullname} failed with error #{e.class}"
next { module: mod[:module], errors: ['The check raised an exception.'] }
end

if checkcode.nil?
vprint_error "Check failed with #{mod[:module].fullname} for unknown reasons"
next { module: mod[:module], errors: ['The check failed for unknown reasons.'] }
end

# See def is_check_interesting?
unless is_check_interesting? checkcode
vprint_status "#{mod[:module].fullname}: #{checkcode.message}"
next { module: mod[:module], errors: [checkcode.message] }
end

# Prints the full name and the checkcode message for the exploit
print_good "#{mod[:module].fullname}: #{checkcode.message}"

# If the datastore option is true, a detailed description will show
if datastore['SHOWDESCRIPTION']
# Formatting for the description text
Rex::Text.wordwrap(Rex::Text.compress(mod[:module].description), 2, 70).split(/\n/).each do |line|
print_line line
end
end

next { module: mod[:module], checkcode: checkcode.message }
end

print_line
print_status valid_modules_table(results)

vprint_line
vprint_session_info
vprint_status unwanted_modules_table(@persistence_modules.reject { |mod| is_module_wanted?(mod) })

report_data = {}
results.each do |result|
report_data[result[:module].fullname] = result[:checkcode] if result[:checkcode]
end

report_note({
host: session.session_host,
type: 'persistence.suggested_module',
data: report_data
})
end

def valid_modules_table(results)
name_styler = ::Msf::Ui::Console::TablePrint::CustomColorStyler.new
check_styler = ::Msf::Ui::Console::TablePrint::CustomColorStyler.new

# Split all the results by their checkcode.
# We want the modules that returned a checkcode to be at the top.
checkcode_rows, without_checkcode_rows = results.partition { |result| result[:checkcode] }
rows = (checkcode_rows + without_checkcode_rows).map.with_index do |result, index|
color = result[:checkcode] ? @valid_color : @invalid_color
check_res = result.fetch(:checkcode) { result[:errors].join('. ') }
name_styler.merge!({ result[:module].fullname => color })
check_styler.merge!({ check_res => color })

[
index + 1,
result[:module].fullname,
result[:checkcode] ? 'Yes' : 'No',
check_res
]
end

Rex::Text::Table.new(
'Header' => "Valid modules for session #{session.sid}:",
'Indent' => 1,
'Columns' => [ '#', 'Name', 'Potentially Vulnerable?', 'Check Result' ],
'SortIndex' => -1,
'WordWrap' => false, # Don't wordwrap as it messes up coloured output when it is broken up into more than one line
'ColProps' => {
'Name' => {
'Stylers' => [name_styler]
},
'Potentially Vulnerable?' => {
'Stylers' => [::Msf::Ui::Console::TablePrint::CustomColorStyler.new({ 'Yes' => @valid_color, 'No' => @invalid_color })]
},
'Check Result' => {
'Stylers' => [check_styler]
}
},
'Rows' => rows
)
end

def unwanted_modules_table(unwanted_modules)
arch_styler = ::Msf::Ui::Console::TablePrint::CustomColorStyler.new
platform_styler = ::Msf::Ui::Console::TablePrint::CustomColorStyler.new
session_type_styler = ::Msf::Ui::Console::TablePrint::CustomColorStyler.new

rows = unwanted_modules.map.with_index do |mod, index|
begin
platforms = mod[:module].target.platform&.platforms&.any? ? mod[:module].target.platform.platforms : mod[:module].platform.platforms
rescue NoMethodError
platforms = nil
end
platforms ||= []
begin
arch = mod[:module].target.arch&.any? ? mod[:module].target.arch : mod[:module].arch
rescue NoMethodError
arch = nil
end
arch ||= []

arch.each do |a|
if a != session_arch
if @validate_arch
color = @invalid_color
else
color = @ignored_color
end
else
color = @valid_color
end

arch_styler.merge!({ a.to_s => color })
end

platforms.each do |module_platform|
if module_platform != ::Msf::Module::Platform.find_platform(session.platform)
if @validate_platform
color = @invalid_color
else
color = @ignored_color
end
else
color = @valid_color
end

platform_styler.merge!({ module_platform.realname => color })
end

mod[:module].session_types.each do |session_type|
color = session_type == session.type ? @valid_color : @invalid_color
session_type_styler.merge!(session_type.to_s => color)
end

[
index + 1,
mod[:module].fullname,
mod[:result][:incompatibility_reasons].join('. '),
platforms.any? ? platforms.map(&:realname).sort.join(', ') : 'No defined platforms',
arch.any? ? arch.sort.join(', ') : 'No defined architectures',
mod[:module].session_types.any? ? mod[:module].session_types.sort.join(', ') : 'No defined session types'
]
end

Rex::Text::Table.new(
'Header' => "Incompatible modules for session #{session.sid}:",
'Indent' => 1,
'Columns' => [ '#', 'Name', 'Reasons', 'Platform', 'Architecture', 'Session Type' ],
'WordWrap' => false,
'ColProps' => {
'Architecture' => {
'Stylers' => [arch_styler]
},
'Platform' => {
'Stylers' => [platform_styler]
},
'Session Type' => {
'Stylers' => [session_type_styler]
}
},
'Rows' => rows
)
end

def vprint_session_info
vprint_status 'Current Session Info:'
vprint_status " Session Type: #{session.type}"
vprint_status " Architecture: #{session_arch}"
vprint_status " Platform: #{session.platform}"
end

def is_check_interesting?(checkcode)
[
Msf::Exploit::CheckCode::Vulnerable,
Msf::Exploit::CheckCode::Appears,
Msf::Exploit::CheckCode::Detected
].include? checkcode
end

def print_status(msg = '')
super(session ? "#{session.session_host} - #{msg}" : msg)
end

def print_good(msg = '')
super(session ? "#{session.session_host} - #{msg}" : msg)
end

def print_error(msg = '')
super(session ? "#{session.session_host} - #{msg}" : msg)
end
end

{
    "lastseen": "2025-10-24T19:10:47",
    "description": "This module suggests persistence modules that can be used.           The modules are suggested based on the architecture and platform           that the user has a shell opened as well as the...",
    "published": "2025-10-24T19:01:07",
    "modified": "2025-10-24T19:01:07",
    "type": "metasploit",
    "title": "Persistence Exploit Suggester",
    "source": "",
    "references": "",
    "id": "MSF:POST-MULTI-RECON-PERSISTENCE_SUGGESTER-",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n\n  include Msf::Auxiliary::Report\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        'Name' => 'Persistence Exploit Suggester',\n        'Description' => %q{\n          This module suggests persistence modules that can be used.\n          The modules are suggested based on the architecture and platform\n          that the user has a shell opened as well as the available exploits\n          in meterpreter.\n          It's important to note that not all modules will be checked.\n          Exploits are chosen based on these conditions: session type,\n          platform, architecture, and required default options.\n        },\n        'License' => MSF_LICENSE,\n        'Author' => [ 'h00die' ],\n        'Platform' => all_platforms,\n        'SessionTypes' => [ 'meterpreter', 'shell' ],\n        'Notes' => {\n          'Stability' => [],\n          'Reliability' => [],\n          'SideEffects' => []\n        }\n      )\n    )\n    register_options [\n      Msf::OptInt.new('SESSION', [ true, 'The session to run this module on' ]),\n      Msf::OptBool.new('SHOWDESCRIPTION', [true, 'Displays a detailed description for the available exploits', false])\n    ]\n\n    register_advanced_options(\n      [\n        # most linux persistence modules are arch-cmd but for payload purposes only\n        # but usually we end up with a meterpreter session, thus making these invalid\n        # so disable this check by default\n        Msf::OptBool.new('ValidateArch', [true, 'Validate architecture', false]),\n        Msf::OptBool.new('ValidatePlatform', [true, 'Validate platform', true]),\n        Msf::OptBool.new('ValidateMeterpreterCommands', [true, 'Validate Meterpreter commands', false]),\n        # https://github.com/rapid7/rex-text/blob/a72151d409cd812978f63ad0c330efbc8f44b977/lib/rex/text/color.rb#L13\n        Msf::OptString.new('Colors', [false, 'Valid, Invalid and Ignored colors for module checks (unset to disable)', 'grn/red/blu'])\n      ]\n    )\n  end\n\n  def valid_colors?(color_str = datastore['Colors'])\n    tokens = color_str.split('/')\n    tokens.each do |tok|\n      print_warning \"#{tok} is unlikely to have any functionality for printing colors.\" if tok == 'clr'\n\n      unless Rex::Text::Color::SUPPORTED_FORMAT_CODES.include?(\"%#{tok}\")\n        print_error \"#{tok} is NOT valid color. Please see https://github.com/rapid7/rex-text/blob/a72151d409cd812978f63ad0c330efbc8f44b977/lib/rex/text/color.rb#L13 for valid color options\"\n        return false\n      end\n    end\n    true\n  end\n\n  def all_platforms\n    Msf::Module::Platform.subclasses.collect { |c| c.realname.downcase }\n  end\n\n  def session_arch\n    # Prefer calling native arch when available, as most LPEs will require this (e.g. x86, x64) as opposed to Java/Python Meterpreter's values (e.g. Java, Python)\n    session.respond_to?(:native_arch) ? session.native_arch : session.arch\n  end\n\n  def is_module_arch?(mod)\n    mod_arch = mod.target.arch || mod.arch\n    mod_arch.include?(session_arch)\n  rescue StandardError => e\n    print_error \"Failed to check module arch for #{mod.fullname} => #{e}\"\n  end\n\n  def is_module_wanted?(mod)\n    mod[:result][:incompatibility_reasons].empty?\n  end\n\n  def is_session_type?(mod)\n    # There are some modules that do not define any compatible session types.\n    # We could assume that means the module can run on all session types,\n    # Or we could consider that as incorrect module metadata.\n    mod.session_types.include?(session.type)\n  end\n\n  def is_module_platform?(mod)\n    return false if mod.target.nil?\n\n    platform_obj = Msf::Module::Platform.find_platform session.platform\n\n    module_platforms = mod.target.platform ? mod.target.platform.platforms : mod.platform.platforms\n    module_platforms.include? platform_obj\n  rescue ArgumentError => e\n    # When not found, find_platform raises an ArgumentError\n    elog('Could not find a platform', error: e)\n    return false\n  end\n\n  def has_required_module_options?(mod)\n    get_all_missing_module_options(mod).empty?\n  end\n\n  def get_all_missing_module_options(mod)\n    missing_options = []\n    mod.options.each_pair do |option_name, option|\n      missing_options << option_name if option.required && option.default.nil? && mod.datastore[option_name].blank?\n    end\n    missing_options\n  end\n\n  def valid_incompatibility_reasons(mod, verify_reasons)\n    # As we can potentially ignore some `reasons` (e.g. accepting arch values which are, on paper, not compatible),\n    # this keeps track of valid reasons why we will not consider the module that we are evaluating to be valid.\n    valid_reasons = []\n    valid_reasons << \"Missing required module options (#{get_all_missing_module_options(mod).join('. ')})\" unless verify_reasons[:has_required_module_options]\n\n    incompatible_opts = []\n    incompatible_opts << 'architecture' unless verify_reasons[:is_module_arch]\n    incompatible_opts << 'platform' unless verify_reasons[:is_module_platform]\n    incompatible_opts << 'session type' unless verify_reasons[:is_session_type]\n    valid_reasons << \"Not Compatible (#{incompatible_opts.join(', ')})\" if incompatible_opts.any?\n\n    valid_reasons << 'Missing/unloadable Meterpreter commands' if verify_reasons[:missing_meterpreter_commands].any?\n    valid_reasons\n  end\n\n  def set_module_options(mod)\n    ignore_list = ['ACTION', 'TARGET'].freeze\n    datastore.each_pair do |k, v|\n      mod.datastore[k] = v unless ignore_list.include?(k.upcase)\n    end\n    if !mod.datastore['SESSION'] && session.present?\n      mod.datastore['SESSION'] = session.sid\n    end\n  end\n\n  def set_module_target(mod)\n    session_platform = Msf::Module::Platform.find_platform(session.platform)\n    target_index = mod.targets.find_index do |target|\n      # If the target doesn't define its own compatible platforms or architectures, default to the parent (module) values.\n      target_platforms = target.platform&.platforms || mod.platform.platforms\n      target_architectures = target.arch || mod.arch\n\n      target_platforms.include?(session_platform) && target_architectures.include?(session_arch)\n    end\n    mod.datastore['Target'] = target_index if target_index\n  end\n\n  def setup\n    return unless session\n\n    print_status \"Collecting persistence modules for #{session.session_type}...\"\n\n    setup_validation_options\n    if valid_colors?\n      setup_color_options\n    else\n      fail_with(Failure::BadConfig, 'Colors options set incorrectly')\n    end\n\n    # Collects persistence modules into an array\n    @persistence_modules = []\n    exploit_refnames = framework.exploits.module_refnames\n    exploit_refnames.each_with_index do |name, index|\n      print \"%bld%blu[*]%clr Collecting exploit #{index + 1} / #{exploit_refnames.count}\\r\"\n      next unless name.include? '/persistence/'\n\n      mod = framework.exploits.create name\n      next unless mod\n\n      set_module_options mod\n      set_module_target mod\n      verify_result = verify_mod(mod)\n      @persistence_modules << { module: mod, result: verify_result } if verify_result[:has_check]\n    end\n  end\n\n  def verify_mod(mod)\n    return { has_check: false } unless mod.is_a?(Msf::Exploit::Local) && mod.has_check?\n\n    result = {\n      has_check: true,\n      is_module_platform: (@validate_platform ? is_module_platform?(mod) : true),\n      is_module_arch: (@validate_arch ? is_module_arch?(mod) : true),\n      has_required_module_options: has_required_module_options?(mod),\n      missing_meterpreter_commands: (@validate_meterpreter_commands && session.type == 'meterpreter') ? meterpreter_session_incompatibility_reasons(session) : [],\n      is_session_type: is_session_type?(mod)\n    }\n    result[:incompatibility_reasons] = valid_incompatibility_reasons(mod, result)\n    result\n  end\n\n  def setup_validation_options\n    @validate_arch = datastore['ValidateArch']\n    @validate_platform = datastore['ValidatePlatform']\n    @validate_meterpreter_commands = datastore['ValidateMeterpreterCommands']\n  end\n\n  def setup_color_options\n    @valid_color, @invalid_color, @ignored_color =\n      (datastore['Colors'] || '').split('/')\n\n    @valid_color = \"%#{@valid_color}\" unless @valid_color.blank?\n    @invalid_color = \"%#{@invalid_color}\" unless @invalid_color.blank?\n    @ignored_color = \"%#{@ignored_color}\" unless @ignored_color.blank?\n  end\n\n  def show_found_exploits\n    unless datastore['VERBOSE']\n      print_status \"#{@persistence_modules.length} exploit checks are being tried...\"\n      return\n    end\n\n    vprint_status \"The following #{@persistence_modules.length} exploit checks are being tried:\"\n    @persistence_modules.each do |x|\n      vprint_status x[:module].fullname\n    end\n  end\n\n  def run\n    runnable_exploits = @persistence_modules.select { |mod| is_module_wanted?(mod) }\n    if runnable_exploits.empty?\n      print_error 'No suggestions available.'\n      vprint_line\n      vprint_session_info\n      vprint_status unwanted_modules_table(@persistence_modules.reject { |mod| is_module_wanted?(mod) })\n      return\n    end\n\n    show_found_exploits\n    results = runnable_exploits.map.with_index do |mod, index|\n      print \"%bld%blu[*]%clr Running check method for exploit #{index + 1} / #{runnable_exploits.count}\\r\"\n      begin\n        checkcode = mod[:module].check\n      rescue StandardError => e\n        elog(\"#Local Persistence Suggester failed with: #{e.class} when using #{mod[:module].shortname}\", error: e)\n        vprint_error \"Check with module #{mod[:module].fullname} failed with error #{e.class}\"\n        next { module: mod[:module], errors: ['The check raised an exception.'] }\n      end\n\n      if checkcode.nil?\n        vprint_error \"Check failed with #{mod[:module].fullname} for unknown reasons\"\n        next { module: mod[:module], errors: ['The check failed for unknown reasons.'] }\n      end\n\n      # See def is_check_interesting?\n      unless is_check_interesting? checkcode\n        vprint_status \"#{mod[:module].fullname}: #{checkcode.message}\"\n        next { module: mod[:module], errors: [checkcode.message] }\n      end\n\n      # Prints the full name and the checkcode message for the exploit\n      print_good \"#{mod[:module].fullname}: #{checkcode.message}\"\n\n      # If the datastore option is true, a detailed description will show\n      if datastore['SHOWDESCRIPTION']\n        # Formatting for the description text\n        Rex::Text.wordwrap(Rex::Text.compress(mod[:module].description), 2, 70).split(/\\n/).each do |line|\n          print_line line\n        end\n      end\n\n      next { module: mod[:module], checkcode: checkcode.message }\n    end\n\n    print_line\n    print_status valid_modules_table(results)\n\n    vprint_line\n    vprint_session_info\n    vprint_status unwanted_modules_table(@persistence_modules.reject { |mod| is_module_wanted?(mod) })\n\n    report_data = {}\n    results.each do |result|\n      report_data[result[:module].fullname] = result[:checkcode] if result[:checkcode]\n    end\n\n    report_note({\n      host: session.session_host,\n      type: 'persistence.suggested_module',\n      data: report_data\n    })\n  end\n\n  def valid_modules_table(results)\n    name_styler = ::Msf::Ui::Console::TablePrint::CustomColorStyler.new\n    check_styler = ::Msf::Ui::Console::TablePrint::CustomColorStyler.new\n\n    # Split all the results by their checkcode.\n    # We want the modules that returned a checkcode to be at the top.\n    checkcode_rows, without_checkcode_rows = results.partition { |result| result[:checkcode] }\n    rows = (checkcode_rows + without_checkcode_rows).map.with_index do |result, index|\n      color = result[:checkcode] ? @valid_color : @invalid_color\n      check_res = result.fetch(:checkcode) { result[:errors].join('. ') }\n      name_styler.merge!({ result[:module].fullname => color })\n      check_styler.merge!({ check_res => color })\n\n      [\n        index + 1,\n        result[:module].fullname,\n        result[:checkcode] ? 'Yes' : 'No',\n        check_res\n      ]\n    end\n\n    Rex::Text::Table.new(\n      'Header' => \"Valid modules for session #{session.sid}:\",\n      'Indent' => 1,\n      'Columns' => [ '#', 'Name', 'Potentially Vulnerable?', 'Check Result' ],\n      'SortIndex' => -1,\n      'WordWrap' => false, # Don't wordwrap as it messes up coloured output when it is broken up into more than one line\n      'ColProps' => {\n        'Name' => {\n          'Stylers' => [name_styler]\n        },\n        'Potentially Vulnerable?' => {\n          'Stylers' => [::Msf::Ui::Console::TablePrint::CustomColorStyler.new({ 'Yes' => @valid_color, 'No' => @invalid_color })]\n        },\n        'Check Result' => {\n          'Stylers' => [check_styler]\n        }\n      },\n      'Rows' => rows\n    )\n  end\n\n  def unwanted_modules_table(unwanted_modules)\n    arch_styler = ::Msf::Ui::Console::TablePrint::CustomColorStyler.new\n    platform_styler = ::Msf::Ui::Console::TablePrint::CustomColorStyler.new\n    session_type_styler = ::Msf::Ui::Console::TablePrint::CustomColorStyler.new\n\n    rows = unwanted_modules.map.with_index do |mod, index|\n      begin\n        platforms = mod[:module].target.platform&.platforms&.any? ? mod[:module].target.platform.platforms : mod[:module].platform.platforms\n      rescue NoMethodError\n        platforms = nil\n      end\n      platforms ||= []\n      begin\n        arch = mod[:module].target.arch&.any? ? mod[:module].target.arch : mod[:module].arch\n      rescue NoMethodError\n        arch = nil\n      end\n      arch ||= []\n\n      arch.each do |a|\n        if a != session_arch\n          if @validate_arch\n            color = @invalid_color\n          else\n            color = @ignored_color\n          end\n        else\n          color = @valid_color\n        end\n\n        arch_styler.merge!({ a.to_s => color })\n      end\n\n      platforms.each do |module_platform|\n        if module_platform != ::Msf::Module::Platform.find_platform(session.platform)\n          if @validate_platform\n            color = @invalid_color\n          else\n            color = @ignored_color\n          end\n        else\n          color = @valid_color\n        end\n\n        platform_styler.merge!({ module_platform.realname => color })\n      end\n\n      mod[:module].session_types.each do |session_type|\n        color = session_type == session.type ? @valid_color : @invalid_color\n        session_type_styler.merge!(session_type.to_s => color)\n      end\n\n      [\n        index + 1,\n        mod[:module].fullname,\n        mod[:result][:incompatibility_reasons].join('. '),\n        platforms.any? ? platforms.map(&:realname).sort.join(', ') : 'No defined platforms',\n        arch.any? ? arch.sort.join(', ') : 'No defined architectures',\n        mod[:module].session_types.any? ? mod[:module].session_types.sort.join(', ') : 'No defined session types'\n      ]\n    end\n\n    Rex::Text::Table.new(\n      'Header' => \"Incompatible modules for session #{session.sid}:\",\n      'Indent' => 1,\n      'Columns' => [ '#', 'Name', 'Reasons', 'Platform', 'Architecture', 'Session Type' ],\n      'WordWrap' => false,\n      'ColProps' => {\n        'Architecture' => {\n          'Stylers' => [arch_styler]\n        },\n        'Platform' => {\n          'Stylers' => [platform_styler]\n        },\n        'Session Type' => {\n          'Stylers' => [session_type_styler]\n        }\n      },\n      'Rows' => rows\n    )\n  end\n\n  def vprint_session_info\n    vprint_status 'Current Session Info:'\n    vprint_status \"  Session Type: #{session.type}\"\n    vprint_status \"  Architecture: #{session_arch}\"\n    vprint_status \"  Platform: #{session.platform}\"\n  end\n\n  def is_check_interesting?(checkcode)\n    [\n      Msf::Exploit::CheckCode::Vulnerable,\n      Msf::Exploit::CheckCode::Appears,\n      Msf::Exploit::CheckCode::Detected\n    ].include? checkcode\n  end\n\n  def print_status(msg = '')\n    super(session ? \"#{session.session_host} - #{msg}\" : msg)\n  end\n\n  def print_good(msg = '')\n    super(session ? \"#{session.session_host} - #{msg}\" : msg)\n  end\n\n  def print_error(msg = '')\n    super(session ? \"#{session.session_host} - #{msg}\" : msg)\n  end\nend\n",
    "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/multi/recon/persistence_suggester.rb",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://www.rapid7.com/db/modules/post/multi/recon/persistence_suggester/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply