Announcing the Unstable Module Tree

[HD Moore <hdm () metasploit com>]

http://blog.metasploit.com/2011/03/announcing-unstable-module-tree.html

Exploit reliability has been a primary goal of the Metasploit Framework
since the beginning. We require all modules to be consistent, reliable,
and in cases where targeting is tricky, for this to be reflected in the
Exploit Rank and in the default target settings. This policy has
resulted in us turning down community submissions and withholding
exploits that just didn't quite make the cut for mass distribution. Over
the years our core developers and contributors have amassed dozens of
modules that suffer from minor flaws or require just a bit more time to
get right. These modules tend to be forgotten and eventually lose
compatibility with the rest of the framework.

This process is not optimal; even when a module isn't "done", it may
still be useful as a proof of concept or as a starting point for another
developer to bring it to the next step. A half-finished exploit still
provides a level of technical insight into a vulnerability that is
difficult to obtain from most public vulnerability databases.

In an effort to improve this situation, we are happy to announce the
Metasploit Framework "unstable" module tree. This tree provides a place
for rough cut modules and proof of concepts to be submitted, shared, and
easily used by other members of the community. Once a module is improved
to the point that it meets the standards for inclusion into the main
tree, it will be merged over and available via the normal update
mechanism. This provides a faster path for community developers to
receive feedback and can serve as a reference for anyone interested in
the exploit details of a flaw when no stable module is available.

To kick things off, we seeded this tree with fifteen modules from the
Rapid7 module archive. Some of these exploits are nearly done, but
suffer from minor issues related to automatic exploitation, or have
compatibility problems with certain payloads. We hope the community
finds these modules useful and submits their own "backlog" for the
public to review and improve.

To use these modules, check out the new tree from Subversion and load
them into the Metasploit Framework console. The simple way to do this is
outlined below:

$ svn co https://metasploit.com/svn/framework3/unstable/modules/
~/.msf3/unstable/
$ msfconsole -m ~/.msf3/unstable/


To load the unstable tree automatically on startup, enter the following
commands into the msfconsole prompt.

msf> setg MsfModulePaths /home/USERNAME/.msf3/unstable/
msf> save


For developers who would like to submit modules, please create a Redmine
ticket or send them via email at msfdev[at]metasploit.com. Note that the
Name field of the module should start with [INCOMPLETE] or [UNRELIABLE]
depending on the status. This will indicate where it should live in the
unstable tree and make it easy for folks to identify unstable modules
via the standard console commands. The unstable tree is currently for
modules only, but this does include Meterpreter scripts that have been
ported to the new Post module format.

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework