Writing Exploits for MSF3

[hdm at metasploit.com (H D Moore)]

On Tuesday 01 May 2007 08:01, Patrick Webster wrote:
> I've been using msf for a few years now?and would be interested in
> contributing where possible (though I'm no shellcode hax?ninja like the
> rest of you). For example, if doing a pen-test and I discover a known
> vulnerable service where no msf?module exists... is it worth?writing a
> module? 

Yes! In my previous job, it was always worth writing an exploit if I had a 
chance of seeing the vulnerable service or software in a future 
assessment. 

> Also, I was wondering what the requirements of the modules are? E.g;

Its really up to you -- the only requirement is that the code is clean and 
the exploit works. If the exploit is really unreliable, but you need a 
PoC to demonstrate the issue, you can write an auxiliary/dos module 
instead. 

Exploits that don't use payloads (admin access, sql injection, remote file 
access, etc) are written as auxiliary modules. Other than that, there are 
few restrictions on what you can write a module for.

-HD