mcp: Metasploit parity with Hexstrike — auto-start msfrpcd (no sudo), HTTP transport, adapter updates

2026-03-07 14:23:20 +00:00 · 2026-01-14 13:54:53 -07:00
parent 19bdff87b9
commit 23434bb5f1
4 changed files with 142 additions and 16 deletions
--- a/scripts/setup.ps1
+++ b/scripts/setup.ps1
@@ -152,18 +152,24 @@ if (Test-Path -Path $msReq) {

 # Optionally auto-start msfrpcd if configured in .env
 if (($env:LAUNCH_METASPLOIT_MCP -eq 'true') -and ($env:MSF_PASSWORD)) {
-    if (Get-Command bash -ErrorAction SilentlyContinue) {
-        $msfUser = if ($env:MSF_USER) { $env:MSF_USER } else { 'msf' }
-        $msfServer = if ($env:MSF_SERVER) { $env:MSF_SERVER } else { '127.0.0.1' }
-        $msfPort = if ($env:MSF_PORT) { $env:MSF_PORT } else { '55553' }
-        Write-Host "Attempting to start msfrpcd (user=$msfUser, host=$msfServer, port=$msfPort)..."
+    $msfUser = if ($env:MSF_USER) { $env:MSF_USER } else { 'msf' }
+    $msfServer = if ($env:MSF_SERVER) { $env:MSF_SERVER } else { '127.0.0.1' }
+    $msfPort = if ($env:MSF_PORT) { $env:MSF_PORT } else { '55553' }
+    Write-Host "Starting msfrpcd (user=$msfUser, host=$msfServer, port=$msfPort) without sudo (background)..."
+    # Start msfrpcd without sudo; if it's already running the cmd will fail harmlessly.
+    if (Get-Command msfrpcd -ErrorAction SilentlyContinue) {
        try {
-            & bash -lc "sudo msfrpcd -U $msfUser -P '$($env:MSF_PASSWORD)' -a $msfServer -p $msfPort -S"
+            if ($env:MSF_SSL -eq 'true' -or $env:MSF_SSL -eq '1') {
+                Start-Process -FilePath msfrpcd -ArgumentList "-U", $msfUser, "-P", $env:MSF_PASSWORD, "-a", $msfServer, "-p", $msfPort, "-S" -NoNewWindow -WindowStyle Hidden
+            } else {
+                Start-Process -FilePath msfrpcd -ArgumentList "-U", $msfUser, "-P", $env:MSF_PASSWORD, "-a", $msfServer, "-p", $msfPort -NoNewWindow -WindowStyle Hidden
+            }
+            Write-Host "msfrpcd start requested; check with: netstat -an | Select-String $msfPort"
        } catch {
-            Write-Host "Warning: Failed to start msfrpcd via bash: $($_.Exception.Message)" -ForegroundColor Yellow
+            Write-Host "Warning: Failed to start msfrpcd: $($_.Exception.Message)" -ForegroundColor Yellow
        }
    } else {
-        Write-Host "Warning: Cannot auto-start msfrpcd: 'bash' not available. Start msfrpcd manually with msfrpcd -U <user> -P <password> -a <host> -p <port> -S" -ForegroundColor Yellow
+        Write-Host "msfrpcd not found; please install Metasploit Framework to enable Metasploit RPC." -ForegroundColor Yellow
    }
 }

--- a/scripts/setup.sh
+++ b/scripts/setup.sh
@@ -126,7 +126,7 @@ if [ -f "third_party/MetasploitMCP/requirements.txt" ]; then
 fi

 # Optionally auto-start Metasploit RPC daemon if configured
-# Requires `msfrpcd` (from metasploit-framework) and sudo to run as a service.
+# Start `msfrpcd` without sudo if LAUNCH_METASPLOIT_MCP=true and MSF_PASSWORD is set.
 if [ "${LAUNCH_METASPLOIT_MCP,,}" = "true" ] && [ -n "${MSF_PASSWORD:-}" ]; then
    if command -v msfrpcd >/dev/null 2>&1; then
        MSF_USER="${MSF_USER:-msf}"
@@ -134,11 +134,18 @@ if [ "${LAUNCH_METASPLOIT_MCP,,}" = "true" ] && [ -n "${MSF_PASSWORD:-}" ]; then
        MSF_PORT="${MSF_PORT:-55553}"
        MSF_SSL="${MSF_SSL:-false}"
        echo "Starting msfrpcd (user=${MSF_USER}, host=${MSF_SERVER}, port=${MSF_PORT})..."
-        if sudo -n true 2>/dev/null; then
-            sudo msfrpcd -U "$MSF_USER" -P "$MSF_PASSWORD" -a "$MSF_SERVER" -p "$MSF_PORT" -S || echo "Warning: msfrpcd failed to start."
+        # Start msfrpcd as a background process without sudo. The daemon will bind to the loopback
+        # interface and does not require root privileges on modern systems for ephemeral ports.
+        msfrpcd_cmd=$(command -v msfrpcd || true)
+        if [ -n "$msfrpcd_cmd" ]; then
+            if [ "${MSF_SSL,,}" = "true" ] || [ "${MSF_SSL}" = "1" ]; then
+                "$msfrpcd_cmd" -U "$MSF_USER" -P "$MSF_PASSWORD" -a "$MSF_SERVER" -p "$MSF_PORT" -S &>/dev/null &
+            else
+                "$msfrpcd_cmd" -U "$MSF_USER" -P "$MSF_PASSWORD" -a "$MSF_SERVER" -p "$MSF_PORT" &>/dev/null &
+            fi
+            echo "msfrpcd started (check with: ss -ltn | grep $MSF_PORT)"
        else
-            echo "msfrpcd requires sudo. You may be prompted for your password to start it interactively." 
-            sudo msfrpcd -U "$MSF_USER" -P "$MSF_PASSWORD" -a "$MSF_SERVER" -p "$MSF_PORT" -S || echo "Failed to start msfrpcd. Start it manually with: sudo msfrpcd -U $MSF_USER -P <password> -a $MSF_SERVER -p $MSF_PORT -S"
+            echo "msfrpcd not found; please install Metasploit Framework to enable Metasploit RPC."
        fi
    else
        echo "msfrpcd not found; please install Metasploit Framework to enable Metasploit RPC."