rubymetasploit

How to get started writing Metasploit modules/exploits?


I want to contribute code to the Metasploit Framework but I haven't got to know their formatting guidelines and code requirements. What are the contribution guidelines to get started to write your own Metasploit modules?


Solution

  • If you follow this link:

    How to get started with writing an auxiliary module

    You'll find not only a helpful reference for setting up a metasploit module, but also an entire wiki with (at time of writing) 106 pages on metasploit development and use.

    Now, I say reference and not tutorial because making metasploit modules 10% boilerplate code that you need to look up and 90% good-old-ruby that has nothing to do with metasploit.

    Take, for example, this simple template module:

    require 'msf/core'
    
    class MetasploitModule < Msf::Auxiliary
    
      include Msf::Auxiliary::Scanner
    
      def initialize(info = {})
        super(update_info(info,
          'Name'           => 'Module name',
          'Description'    => %q{
            Say something that the user might want to know.
          },
          'Author'         => [ 'Name' ],
          'License'        => MSF_LICENSE
        ))
      end
    
      def run
        # use `print_status` to print to the metasploit console, instead of `puts`
      end
    
    end
    

    Walking through it line by line:

    require 'msf/core'
    

    First we require the metasploit files so we can use them.

    class MetasploitModule < Msf::Auxiliary
    

    Then we define a new class which inherits from the metasploit auxiliary class.

      include Msf::Auxiliary::Scanner
    

    Here we include the metasploit scanner so we can use it in our code. You can include any of metasploit's modules here to use them within your own module; however, you likely won't find tutorials for the modules. You're expected to read the documentation to learn how to use them.

      def initialize(info = {})
        super(update_info(info,
          'Name'           => 'Module name',
          'Description'    => %q{
            Say something that the user might want to know.
          },
          'Author'         => [ 'Name' ],
          'License'        => MSF_LICENSE
        ))
      end
    

    This initialize method is basically boilerplate code that tells metasploit information about your module so it can display said information to users inside the metasploit console.

      def run
        # use `print_status` to print to the metasploit console, instead of `puts`
      end
    

    This is where your code goes! This is also where metasploit ends and good-old-ruby begins. If you're making an HTTP server to echo a malicious payload, use an http server gem and write your logic. You can use metasploit modules here, but you use them (and learn how to use them) the same way you would any other ruby gem or library: look up the documentation and the API reference.

    end
    

    And that's it! Ultimately, you're discovering what makes IT security such a difficult field. There aren't any tutorials that can teach you how to hack or frameworks that can help you create exploits. Metasploit is more of a tool for curating collections of exploits, and writing your own module is just "plugging" your exploit into metasploit so other people can easily use it. The exploit itself is simply some ruby code, made to do something clever using basic network libraries.

    Creating a completely new and useful hacking tool would be a big deal that some paid security professionals only dream of achieving. I suggest you pick a hacking tool which already exists (password cracker, network scanner, web crawler, etc), research that tool's purpose and functions, get well-acquainted with using it, and work on creating your own version of one. Then, once you've got it doing what you want, take your code and wrap it in a metasploit template so it can be accessed from metasploit.

    If you get stuck along the way, you can come back to StackOverflow with more specific questions (eg "How can I scan for open ports on an IP?" or "How do I access options inside a metasploit module?") and we'll be happy to help you with those!

    Cheers and good luck!