name: "rpcclient" command: "python3" args: - "-c" - | import shlex import subprocess import sys if len(sys.argv) < 2: sys.stderr.write("缺少目标地址\n") sys.exit(1) target = sys.argv[1] username = sys.argv[2] if len(sys.argv) > 2 else "" password = sys.argv[3] if len(sys.argv) > 3 else "" domain = sys.argv[4] if len(sys.argv) > 4 else "" commands = sys.argv[5] if len(sys.argv) > 5 else "" extra = sys.argv[6] if len(sys.argv) > 6 else "" cmd = ["rpcclient"] if username: cred = username if password: cred = f"{username}%{password}" cmd.extend(["-U", cred]) elif password: # 如果只提供了密码,仍然尝试以空用户名连接 cmd.extend(["-U", f"%{password}"]) if domain: cmd.extend(["-W", domain]) if commands: cmd.extend(["-c", commands]) if extra: cmd.extend(shlex.split(extra)) cmd.append(target) proc = subprocess.run(cmd, capture_output=True, text=True) if proc.stdout: sys.stdout.write(proc.stdout) if proc.stderr: sys.stderr.write(proc.stderr) sys.exit(proc.returncode) enabled: true short_description: "RPC枚举工具" description: | Rpcclient是一个RPC客户端工具,用于枚举Windows/Samba系统信息。 **主要功能:** - RPC枚举 - 用户和组枚举 - 域信息查询 - 系统信息收集 **使用场景:** - Windows系统渗透测试 - Samba枚举 - 域环境侦察 - 安全测试 parameters: - name: "target" type: "string" description: "目标IP地址" required: true position: 0 format: "positional" - name: "username" type: "string" description: "用户名" required: false default: "" position: 1 format: "positional" - name: "password" type: "string" description: "密码" required: false default: "" position: 2 format: "positional" - name: "domain" type: "string" description: "域名" required: false default: "" position: 3 format: "positional" - name: "commands" type: "string" description: "RPC命令(分号分隔)" required: false default: "enumdomusers;enumdomgroups;querydominfo" position: 4 format: "positional" - name: "additional_args" type: "string" description: | 额外的rpcclient参数。用于传递未在参数列表中定义的rpcclient选项。 **示例值:** - 根据工具特性添加常用参数示例 **注意事项:** - 多个参数用空格分隔 - 确保参数格式正确,避免命令注入 - 此参数会直接追加到命令末尾 required: false default: "" position: 5 format: "positional"