Metasploit mailing list archives
Re: learning Ruby
From: Bob Bruen <bruen () coldrain net>
Date: Sat, 30 Jun 2012 18:16:18 -0400 (EDT)
Hi HD,I have been following this work since its earliest days. There is nothing quite like it anywhere - it is awesome.
If dave can't deal with it, it is his problem.
Nice of you to be so polite to him, though.
--bob
On Sat, 30 Jun 2012, HD Moore wrote:
Thanks for the feedback - I'll try to address this point by point:Msf is a pita.Msf is the largest Ruby project in existence and has nine years of development history. It can be quirky to work with compared to smaller projects.You can get buy just stealing code from modules that do similar jobsCopying existing module is smart because the framework requires a certain level of standardization to keep badly written modules from causing performance or resource issues. There is surprising amount of documentation if you know where to look, but the code base also changes fast enough that reading through the mixin code and other modules is still a good approach for new developers.Documentation is poorDocumentation can be hard to find, but is quite extensive. Looking at just the stuff written by the development team, you have: An older (but mostly accurate) developer's guide: https://community.rapid7.com/docs/DOC-1263 A recently updated user guide: https://community.rapid7.com/docs/DOC-1751 Remote API documentation: https://community.rapid7.com/docs/DOC-1516 You can generate API docs for the entire framework by running ./documentation/gendocs.sh This doesn't take into account the dozens of online guides for module development, the various books that cover this topic, or detailed write-ups about specific modules on the various blogs. This guide from CORELAN is great for porting standalone exploits to Metasploit: https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4 -from-exploit-to-metasploit-the-basics/feedback on submissions even worseWe recognized that timely feedback was an issue and since moved all submissions to GitHub, where Pull requests and code comments are used to provide feedback on new modules. This has drastically cut down how long it takes to get new modules into the framework. https://github.com/rapid7/metasploit-framework/issuesIf it works, it fucking works.And this is where I strongly disagree. We only accept modules for the framework trunk when they meet our standards for code quality and reliability. Once a module is part of the open source tree, we maintain it indefinitely. Crappy code affects all of our users and causes support headaches for the development team. Most of the time the core development team can help with the cleanup process, but some code is too time intensive and simply not useful enough to justify a herculean rewrite. We would rather focus on getting high-quality remote exploits into the open source repository rather than rewriting yet another bad web application exploit. You can see our current requirements for module submissions at the following URLs: https://github.com/rapid7/metasploit-framework/wiki/Acceptance-Guidelines https://github.com/rapid7/metasploit-framework/blob/master/HACKING -HD -----Original Message----- From: framework-bounces () spool metasploit com [mailto:framework-bounces () spool metasploit com] On Behalf Of northern monkee Sent: Saturday, June 30, 2012 3:38 PM To: northern monkee Cc: Tod Beardsley; framework List Subject: Re: [framework] learning Ruby Reply all fail. On 30 Jun 2012, at 20:46, northern monkee <dave () northern-monkee co uk> wrote:Msf is a pita. You can get buy just stealing code from modules that dosimilar jobs. Documentation is poor, feedback on submissions even worse. If it works, it fucking works.On 29 Jun 2012, at 22:50, "Alex-P. Natsios" <apnatsios () gmail com> wrote:On Fri, Jun 29, 2012 at 5:02 PM, Tod Beardsley <todb () packetfu com> wrote:Jim -- _Why's Poignant Guide. It's free and has cartoons. http://mislav.uniqpath.com/poignant-guide/and kittens.. everybody loves kittens! -- Regards, Alex-P. Natsios (a.k.a Drakevr) _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- Dr. Robert Bruen Cold Rain Labs http://coldrain.net/bruen +1.802.579.6288 _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- learning Ruby macubergeek (Jun 29)
- Re: learning Ruby AK (Jun 29)
- Re: learning Ruby Christian Heinrich (Jun 29)
- Re: learning Ruby Tasos Laskos (Jun 29)
- Re: learning Ruby Tod Beardsley (Jun 29)
- Re: learning Ruby Alex-P. Natsios (Jun 29)
- Re: learning Ruby northern monkee (Jun 30)
- Re: learning Ruby northern monkee (Jun 30)
- Re: learning Ruby HD Moore (Jun 30)
- Re: learning Ruby Bob Bruen (Jun 30)
- Re: learning Ruby HD Moore (Jun 30)
- Re: learning Ruby Tasos Laskos (Jun 29)