🔧 NMSF - Nmap to Metasploit Resource Script Generator

⚠️ IMPORTANT: Don't forget to set your Mistral AI API key to use AI report features!

Set API Key via Tool Menu:

./nmsf
# Select option 3 (AI Options)
# Select option 1 (Set/Update Mistral API key)
# Enter your API key when prompted

All-in-One Terminal Tool - Convert Nmap XML scans to Metasploit resource scripts with automatic scanning capabilities.

🚀 Features

• 🔍 Automatic Nmap Scanning: Scan targets directly from the tool
• 🔄 Automatic Conversion: Convert XML results to Metasploit .rc scripts
• 📊 AI-Powered Reports: Generate intelligent reports using Mistral AI
• 📁 Organized Output: Timestamped directories for each scan
• ⚙️ Custom Nmap Options: Full control over scan parameters
• 🧪 Built-in Testing: Sample data for testing
• 🐳 Docker Support: Containerized execution
• 🛡️ Safe Modules Only: Focus on enumeration, not exploitation
• 🤖 Multiple Report Formats: Markdown, JSON, HTML, and plain text

📦 Installation

# Make executable
chmod +x nmsf

# Install dependencies (if needed)
pip install PyYAML requests

🎯 Usage

Interactive Mode (Recommended)

./nmsf

Menu Options

1. 🔍 Scan & Convert - Automatic scanning and conversion
2. 📊 Generate Reports - Generate reports from existing XML
3. 🤖 AI Options - Set Mistral API key and AI features
4. ⚙️ Settings - View configurations and mappings
5. 🚪 Exit - Exit the tool

🔍 Scan & Convert Mode

The Scan & Convert mode allows you to:

1. Enter target: IP address, range, or hostname
2. Select scan type:
   • Quick scan (top 1000 ports)
   • Full scan (all 65535 ports)
   • Service detection scan
   • Custom scan with your own Nmap options
3. Choose workspace name
4. Automatic execution in Metasploit
5. AI report generation (optional)

Custom Nmap Options Examples

-sS -sV -sC -T4 -p 1-1000
-sS -sV -sC -T4 --top-ports 100
-sS -sV -sC -T4 -p 22,80,443,8080

📁 Output Organization

Each scan creates a timestamped directory:

scan_192.168.1.1_2025-01-10_14-30-15/
├── scan_result.xml          # Nmap XML output
├── workspace_name.rc        # Metasploit resource script
├── msf_output.txt           # Metasploit execution output
├── _wrapper.rc              # Wrapper script for output capture
└── ai_report.*              # AI-generated reports (if enabled)

🤖 AI Options

The tool includes AI-powered report generation using Mistral API:

Setting Up Mistral API Key

1. Run the tool: ./nmsf
2. Select option 3 (AI Options)
3. Select option 1 (Set/Update Mistral API key)
4. Enter your Mistral API key when prompted

AI Report Features

• Multiple Formats: Generate reports in Markdown, JSON, HTML, or plain text
• Intelligent Analysis: AI analyzes Metasploit output and creates comprehensive reports
• Executive Summaries: High-level overviews of scan results
• Service Analysis: Detailed breakdown of discovered services
• Recommendations: AI-generated next steps and security recommendations

Using AI Reports

After running a scan and Metasploit script:

1. The tool will ask if you want to generate AI reports
2. Select your preferred format(s)
3. AI will analyze the output and generate professional reports

⚙️ Settings

Access additional features through the Settings menu:

Service Mappings

View all supported service mappings:

• HTTP/HTTPS: Version detection, methods, directory scanning
• SSH: Version detection, user enumeration
• FTP: Version detection, anonymous access
• SMB: Version detection, share enumeration
• SNMP: Login attempts, enumeration
• MySQL: Version detection, login attempts
• RDP: Scanner modules
• And more...

Test with Sample Data

Test the tool with built-in sample data:

1. Select option 4 (Settings)
2. Select option 2 (Test with sample data)
3. Tool will create sample XML and test conversion

Create Sample XML

Generate a sample XML file for testing:

1. Select option 4 (Settings)
2. Select option 3 (Create sample XML file)

🛡️ Supported Services

The tool automatically maps detected services to appropriate Metasploit modules:

• HTTP/HTTPS: Version detection, methods, directory scanning
• SSH: Version detection, user enumeration
• FTP: Version detection, anonymous access
• SMB: Version detection, share enumeration
• SNMP: Login attempts, enumeration
• MySQL: Version detection, login attempts
• RDP: Scanner modules
• And more...

🚀 Metasploit Integration

Generated scripts include:

• Workspace creation
• Service-specific module selection
• RHOSTS configuration
• Background job execution (run -j)
• Safe enumeration modules only

🐳 Docker Support

# Build image
docker build -t nmsf .

# Run container
docker run -v $(pwd)/output:/app/output nmsf

🎯 Example Workflow

1. Start the tool: ./nmsf
2. Set up AI (optional): Select option 3 (AI Options) → Set Mistral API key
3. Select Scan & Convert: Option 1
4. Enter target: 192.168.1.0/24
5. Choose scan type: Custom scan
6. Enter options: -sS -sV -sC -T4
7. Set workspace: network_scan
8. Wait for completion
9. Run in Metasploit: msfconsole -r scan_20250110_143015/network_scan.rc
10. Generate AI reports: Select format when prompted

📊 Report Formats

AI-Generated Reports

• Markdown: Professional documentation with headers and formatting
• JSON: Structured data for programmatic analysis
• HTML: Web-ready reports with styling
• Plain Text: Simple text format for quick review

Fallback Reports

If AI is unavailable, the tool generates basic reports with:

• Executive summary
• Service findings
• Recommendations
• Next steps

🔒 Security Note

This tool is designed for authorized penetration testing only. Always ensure you have proper authorization before scanning any network or system.

📝 License

Educational project for authorized testing purposes only.

---

Version: 4.0 (Enhanced Edition)
Author: Student Project
Purpose: Educational and authorized testing only