-
Notifications
You must be signed in to change notification settings - Fork 1
Loading External Modules
If you're in the business of writing or collecting Metasploit modules that aren't part of the standard distribution, then you need a convenient way to load those modules in Metasploit. Never fear, it's pretty easy, using Metasploit's default local module search path, $HOME/.msf4/modules
, and there are just a couple caveats:
You must first set up a directory structure that fits with Metasploit's expectations of path names. What this typically means is that you should first create an "exploits" directory structure, like so:
mkdir -p $HOME/.msf4/modules/exploit
If you are using auxiliary
or post
modules, or are writing payloads
you'll want to mkdir
those as well.
Modules are sorted by (somewhat arbitrary) categories. These can be anything you like; I usually use test
or private
, but if you are developing a module with an eye toward providing it to the main Metasploit distribution, you will want to mirror the real module path. For example:
mkdir -p $HOME/.msf4/modules/exploits/windows/fileformat
... if you are developing a file format exploit for Windows.
Once you have a directory to place it in, feel free to download or start writing your module.
If you already have msfconsole running, use a reload_all
command to pick up your new modules. If not, just start msfconsole and they'll be picked up automatically. If you'd like to test with something generic, I have a module posted up as a gist, here: https://gist.github.com/todb-r7/5935519 , so let's give it a shot:
mkdir -p $HOME/.msf4/modules/exploits/test
curl -Lo ~/.msf4/modules/exploits/test/test_module.rb https://gist.github.com/todb-r7/5935519/raw/17f7e40ab9054051c1f7e0655c6f8c8a1787d4f5/test_module.rb
todb@ubuntu:~$ mkdir -p $HOME/.msf4/modules/exploits/test
todb@ubuntu:~$ curl -Lo ~/.msf4/modules/exploits/test/test_module.rb https://gist.github.com/todb-r7/5935519/raw/6e5d2da61c82b0aa8cec36825363118e9dd5f86b/test_module.rb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1140 0 1140 0 0 3607 0 --:--:-- --:--:-- --:--:-- 7808
Then, in my msfconsole window:
msf > reload_all
[*] Reloading modules from all module paths...
IIIIII dTb.dTb _.---._
II 4' v 'B .'"".'/|\`.""'.
II 6. .P : .' / | \ `. :
II 'T;. .;P' '.' / | \ `.'
II 'T; ;P' `. / | \ .'
IIIIII 'YvP' `-.__|__.-'
I love shells --egypt
=[ metasploit v4.6.2-2013052901 [core:4.6 api:1.0]
+ -- --=[ 1122 exploits - 707 auxiliary - 192 post
+ -- --=[ 307 payloads - 30 encoders - 8 nops
msf > use exploit/test/test_module
msf exploit(test_module) > info
Name: Fake Test Module
Module: exploit/test/test_module
Version: 0
Platform: Windows
Privileged: No
License: Metasploit Framework License (BSD)
Rank: Excellent
Provided by:
todb <[email protected]>
Available targets:
Id Name
-- ----
0 Universal
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
DATA Hello, world! yes The output data
Payload information:
Description:
If this module loads, you know you're doing it right.
References:
http://cvedetails.com/cve/1970-0001/
msf exploit(test_module) > exploit
[*] Started reverse handler on 192.168.145.1:4444
[+] Hello, world!
msf exploit(test_module) >
That's really all there is to it. The most common problems that people (including myself) run into are:
- Attempting to create a module in
$HOME/.msf4/modules/
. This won't work because you need to specify if it's an exploit or a payload or something. Checkls /opt/metasploit/apps/pro/msf3/modules/
(or where your install of Metasploit lives). - Attempting to create a module in
$HOME/.msf4/modules/auxiliary/
. This won't work because you need at least one level of categorization. It can be new, likeauxiliary/0day/
, or existing, likeauxiliary/scanner/scada/
. - Attempting to create a module in
$HOME/.msf4/exploit/
or$HOME/.msf4/posts/
. Note the pluralization of the directory names; they're different for different things. Exploits, payloads, encoders, and nops are plural, while auxiliary and post are singular.
Note that the $HOME
directory for Metasploit Community Edition is going to be root
and not your own user directory, so if you are expecting modules to show up in the Metasploit CE (or Express, or Pro) web UIs, you will want to stash your external modules in /root/.msf4/modules
. Of course, this means you need root access to the machine in question, but hey, you're a l33t Metasploit user, so that shouldn't be too hard.
For Windows users, the above is all true, except for accessing the modules from the web GUI. Sadly, you're a little out of luck; the module load paths on Windows are a little more restrictive and don't allow for external modules. However, the Console2-based Metasploit Console (Start > Programs > Metasploit > Metasploit Console) will work out just fine.
Any module that requires on changes to core library functions, such as new protocol parsers or other library mixins, aren't going to work out for you this way -- you're going to end up spewing errors all over the place as your module tries to load these classes. It's possible to write modules as completely self-contained in nearly all cases (thanks to Ruby's open class architecture), but such modules nearly always get refactored later to make the protocol and other mixin bits available to other modules.
In this case, it would be better to work with modules like that using a proper GitHub checkout with a development branch -- see the dev environment setup docs for tons more on that.
If you are loading new and exciting Metasploit modules, know that these things will tend to have access to anything you have access to; doubly so if you're dropping them in root. Metasploit modules are plain text Ruby, so you can read them -- but please be careful, and only add external modules from trusted sources; don't just go grabbing any old thing you see on the Internet, because you may find yourself backdoored (or worse) in short order.
- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
-
Setting Up a Metasploit Development Environment From
apt-get install
togit push
. - Landing Pull Requests Working with other people's contributions.
- Using Git All about Git and GitHub.
- Acceptance Guidelines What should your modules look like?
- Contributing to Metasploit Be a part of our open source community.