Browsing exploits with Metasploit console
There's a couple of ways you could do this, that spring to mind
First up would be using search which will show exploits matching the search term, (eg, search fileformat would return modules matching that term. The other was would be to use the tab completion, so if you type:
use exploit/windows/fileformat/
and then hit Tab. It'll scroll through all the exploits under that folder.
In msf console,
- you can use the autocomplete feature (as Rory suggests)
- you can use the search command:
search windows/fileformat -t exploit
If not restrained to the console, another idea is to browse them online here http://www.metasploit.com/modules/exploit/windows/fileformat/
You can also use things like Armitage to browse exploits in a nicer way or other various interfaces.
If you're looking to list certain properties of the exploits (for instance, targets), have a look at the tools directory:
user@disko:~/framework/tools$ ./module_rank.rb
Module Ranks
============
Module Rank
------ ----
auxiliary/admin/2wire/xslt_password_reset 300
auxiliary/admin/backupexec/dump 300
... [snip]
If you're comfortable looking at source, i use a lot of this bash function (stuck in my .bashrc). While it may be overkill, you'll find lots of interesting tidbits in the source / comments:
function rgrep() {
find -L . -type f -name \*.*rb -exec grep -n -i -H --color "$1" {} \;
}
user@disko:~/framework/modules$ rgrep "backup exec"
./auxiliary/admin/backupexec/dump.rb:22: 'Name' => 'Veritas Backup Exec Windows Remote File Access',
./auxiliary/admin/backupexec/dump.rb:24: This module abuses a logic flaw in the Backup Exec Windows Agent to download
./auxiliary/admin/backupexec/dump.rb:26: remain anonymous and affects all known versions of the Backup Exec Windows Agent.
... [snip]
... And probably what you're really looking for (as stated above) is the search command inside msfconsole. Note that you can search by name, path, platform, type, app, author, cve, bid, or osvdb.