Metasploit mailing list archives

MSFXDC #1 First modules


From: richard.k.miles at googlemail.com (Richard Miles)
Date: Tue, 13 Jan 2009 14:18:59 -0300

Hello

Yes, this idea appear good. Today are a lot of good modules (like the
MC ones) which are not at SVN. Maybe this could be a good approach to
enhance Metasploit.

Thank you for answer.

Regards

On Tue, Jan 13, 2009 at 12:27 PM, Patrick Webster <patrick at aushack.com> wrote:
I'm happy to include them, but there are a few issues:

1) What license are they released under? MSF? BSD? Commercial/Leaked? A lot
of rogue modules state MSF_LICENSE, but this may have been ignored by the
author (who actually reads licenses, anyway? :P)
2) We need to review the quality of the code, bugs, exploit, references,
reliability etc.
3) Test the exploits... hard to find for large enterprise software (legally,
anyway).
4) Do the authors even want their modules added, and what of their
name/nick/email etc.

The main issue being #1.

There must be over 100 uncommitted modules out there... but it is not easy
to track the authors down.

Perhaps we should include a "# Please submit new modules to msfdev@" in the
framework module comments header (for all existing modules). If people copy
a module in the future to make their own, maybe a few authors will read it
and action. Better than none.

I guess JA can ask the authors these questions.

-Patrick




Current thread: