Find Metasploit Exploits by Port Number

So you are just starting out with nmap and metasploit. You learn how to run some port scans and fire up msfconsole. One of the biggest questions that people have is:

What exploits work against port n?

The traditional answer is that to find out you must continue enumerating, find out the versions of the listening services, and search for vulns, exploits, etc. In practice though you’ll probably just try and search within Metasploit for service name and version number hoping for a match. It is then you enter the ‘no fun zone’. The free version of Metasploit does NOT have a very nice search feature at all. Unless you want to pay for a pro license, you’ll be doomed like many noobs to bang your head against Metasploit search, searchsploit, exploit-db, et al.

Don’t get me wrong. This is great experience and practice. But damn… hours… perhaps literally days… gone. Until you stumble upon some blog write-up where they mention the one exploit that pops the reverse meterpreter shell in two seconds. The one exploit with the crazy name that happened to match ZERO of your search terms. DAMN! If only you could have found that one sooner. And you could have, if only you could have just searched for the open port number to begin with.

Listing Exploits by Default RPORT number

As a quick and dirty solution using metasploit spool feature, intermediate resource files, and some command-line text gymnastics, I generated a flat file that lists the exploits along with their RPORT defaults. Just CTRL-F “RPORT 80” to find webserver related exploits, etc.

Is it perfect? No. Is it elegant? Hell no. Could it save someone hours of life? Definitely.

Perhaps one day I’ll add in an RPORT keyword into the open source metasploit project’s search feature and shoot them a pull request, but I’m going to go ahead and assume that 1) they are smart enough to have thought of it already and/or 2) have been around long enough for others to suggest it and thus 3) they are leaving it out on purpose.

In the meantime, the Github Gist is embedded below and here’s the File

Written on January 3, 2017