pythonsubprocessmetasploit

User input passed as a variable to subprocess.call


Im trying to pass a variable into another program that is being launched. I having issues with the variable working

here is the code It all works up until the passing of RHOST, metasploit takes it as %RHOST

I need to pass the RHOST variable straight after set RHOSTS . Help please :)

#!/usr/bin/python
import os,sys,re,subprocess
RHOST=raw_input("Enter ipaddress range:")
print ("Your Address range is\n" + RHOST + "!")
subprocess.call("xterm -e msfconsole -x 'sleep 2; use auxiliary/scanner/discovery/arp_sweep; set RHOSTS '%RHOST'; exploit'",shell=True)
end = raw_input('Hit Enter to Exit.')

Solution

  • use string format:

    "xterm -e msfconsole -x 'sleep 2; use auxiliary/scanner/discovery/arp_sweep; set RHOSTS '\%{0}'; exploit'".format(RHOST)