Metasploit mailing list archives
Feature requests? Bugs? Annoyances?
From: elite_netbios at yahoo.com (Hamid . K)
Date: Sun, 23 Sep 2007 14:49:24 -0700 (PDT)
Hi MSF Team,
Here are some of my notes on MSF ,or the way I expect MSF to be:
*Missing in current version :
- A stand alone console, not require user to load MSFWeb , to be able to use console in win32 version
of MSF. web-console is really slow and annoying in some cases . AFAIK many users prefer to keep
updating last beta release (which still include the console ) rather than latest release .
-Search/auto-complete in msfconsole . The idea is an extra option to directly use a module without
moving around exploits/modules directories . something right like what is already available in msfweb as the
search box .
It can be implemented like an auto-complete Off/On option , so that use type some part of module name
and MSF lists/complete the names matching the entered string .
-Caching modules names . Currently if user do not know the exact module name&path , he should
relay on tab auto-complete ,which will read & list items in current module directory . this process is still
a bit slow , even on recent systems with acceptable performance ! I guess cashing all module names while
MSF startup would be a better option . it`s really not common to copy new module in related directory after
MSF is loaded .
-(Meterpreter) process injection/migration seems broken in most of cases . I think this part of code has
not been tuned much . process injection/migration works on legacy systems , but I`ve never seen it working
on a new OS version , like 2003 SP1/2 , and even stable enough on 2003 SP0 . I`m aware of the changes in
background since these new releases, but I think many users will love a new revision of code, supporting new
systems :)
-(Meterpreter) lack of modules/scripts auto-complete . Many people use their custom Met. scripts , so
an auto-complete/listing right like what we see in msfconsole would be handy . for Met. 'run' command.
-(MSF Win32) . This is old-known since 2.x but I wonder this is never mentioned . Default file permissions
in win32 installation do not inherit from root directories , so if user lose the installer or prefer not to use
uninstaller
for any reason , he should modify directory permissions manually ( take ownership dir ) to be able to dele MSF
installation directory . a really minor thing ,but still kind of problem .
-Auto-update : MSF list is full of reports on failing to load/use a module due to missing latest version of module.
an option in MSF to check for latest updates automatically before lunching would be useful IMO.
******
-MSF-light , or MSF-live version . Don`t consider this one serious for now . it`s just an idea I had in my mind since
long ago ,but I though it`s good situation to reveal it . here`s a short description of what it should look like:
msf-live , will have only very core components of framework included in local package (if ever required!), and have
to load any other required module dynamically from web (metasploit.com), on demand. This would be something like
current MSF-Web , but lunching everything from client-side, so MSF would be a pure live framework .
One sample of using msf-light/live would be in cases you penetrate into internal networks ,and want to use MSF
modules against internal targets . Yes, 'route' is always there to be used for this case , but this can be an
extra/better option.
The final destination of this idea can be using MSF through XSS ? too much evil !!!
-Nmap-parser . this is yet another junk idea I had in my mind . it would work like this :
user feed the module with an nmap scan log , and later while using modules in MSF , framework
will auto-complete target IP/PORT based on parsed data from nmap log file . For example, while
targeting a Veritas bug , MSF will offer list of IPs that have related port open, and auto-complete
the option ...
I think it`s better to stop here :p
Long live MSF :)
Hamid.K
____________________________________________________________________________________
Luggage? GPS? Comic books?
Check out fitting gifts for grads at Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
Current thread:
- Feature requests? Bugs? Annoyances? H D Moore (Sep 22)
- Feature requests? Bugs? Annoyances? scotty to hotty (Sep 22)
- Feature requests? Bugs? Annoyances? Patrick Webster (Sep 23)
- Feature requests? Bugs? Annoyances? Mr Gabriel (Sep 22)
- Feature requests? Bugs? Annoyances? H D Moore (Sep 22)
- Feature requests? Bugs? Annoyances? Mr Gabriel (Sep 23)
- Feature requests? Bugs? Annoyances? Patrick Webster (Sep 23)
- Feature requests? Bugs? Annoyances? H D Moore (Sep 22)
- Feature requests? Bugs? Annoyances? scotty to hotty (Sep 22)
- Feature requests? Bugs? Annoyances? Jonatan B (Sep 24)
- Feature requests? Bugs? Annoyances? Garrett Gee (Sep 24)
- Feature requests? Bugs? Annoyances? H D Moore (Sep 30)
- <Possible follow-ups>
- Feature requests? Bugs? Annoyances? Hamid . K (Sep 23)
- Feature requests? Bugs? Annoyances? H D Moore (Sep 23)
- Feature requests? Bugs? Annoyances? sai 438 (Sep 23)
- Feature requests? Bugs? Annoyances? Rhys Kidd (Sep 23)
- Feature requests? Bugs? Annoyances? H D Moore (Sep 30)
- Feature requests? Bugs? Annoyances? H D Moore (Sep 23)
- Feature requests? Bugs? Annoyances? H D Moore (Sep 30)