Growl Metasploit Plugin on Ubuntu

Growl Metasploit plugin was developed, in ruby, by Carlos Perez, aka Dark Operator. This plugin permit you to send a Growl notification to your Mac OS X when a Metasploit session is created or shutdown. Each notification will contain informations about the related session.

Installation :

To install the Growl Metasploit plugin, you first need to update your Ruby Gem with the following commands (Thanks to Carlos, helping me to update gem).

sudo gem install rubygems-update
cd /var/lib/gems/1.8/bin
sudo ./update_rubygems

Then you will be install the needed Growl Gem needed by the plugin.

sudo gem install ruby-growl

After this, just download the growl.rb script from Github and install the script in the Metasploit plugin directory, by default “/opt/metasploit3/msf3/plugins/“.

Don’t forget to give the right user access to the script and launch Metasploit.

sudo msfconsole

Growl plugin setup :

To setup the Growl plugin settings you first need to install Growl on your Mac OS X, if you don’t have it. Then configure Growl to “Listen for incoming connections” and “Allow remote application registration“, and provide a password in the password field.

Growl configuration
Growl configuration

Don’t forget to restart Growl after the setup. Also Growl is communicating on 9887/UDP, so accept incoming connexions after the following Metasploit Growl plugin “growl_start” command.

In Metasploit load the plugin and configure it by the following commands :

Growl Metasploit plugin configuration
Growl Metasploit plugin configuration

load growl” command allow you to load the Growl Metasploit plugin.

growl_set_host” command allow you to provide the IP address where Growl is running.

growl_set_password” command allow you to provide the Growl password, to authenticate you.

growl_set_sticky” command, “false” or “true“, allow you to make the notification stick until clicked.

grow_set_source” command, allow you to identify the Metasploit instance how will send the notification. For example, if you have two Metasploit instances, you will be available to distinguish the source of the notification.

Just replace all the screenshot configuration settings with your settings 🙂

Then save the configuration with the “growl_save” command :

Growl Metasploit plugin configuration saving
Growl Metasploit plugin configuration saving

As you can see all the configuration settings are save into a “.yaml” file.

If you want to see all the configuration settings from the “.yaml” file just type the “growl_show_parms” command.

Growl Metasploit Plugin configuration display
Growl Metasploit Plugin configuration display

Then to start the growl plugin, run “growl_start” command.

Starting Growl Metasploit Plugin
Starting Growl Metasploit Plugin

Now each time you will have a new Metasploit session, or if a session is shutdown, a Growl notification will be send to the configured Growl IP address. Here under a demonstration video.