Home

Are you anxious to get your Metasploit Development Environment set up and start Landing Pull Requests and contribute excellent exploit code? If so, you're in the right place.

Are you a Metasploit user, and want to hack stuff (that you have permission to hack) just like in the movies? The quickest way to get started is to download the Metasploit binary installer. This will give you access to all Metasploit editions: the free, open source Metasploit Framework, the free Metasploit Community edition, and a free trial of Metasploit Pro.

If you’re using Kali Linux, Metasploit is already pre-installed. See the documentation for how to get started using Metasploit in Kali Linux.

If you're an exploit developer, you will want to review our Guidelines for Accepting Modules and Enhancements to find out what all we expect when we see pull requests for new Metasploit modules. No idea what you should start working on? Check out the guidelines for contributing to Metasploit, and dive in to Setting Up a Metasploit Development Environment.

Getting Started

• Setting Up a Metasploit Development Environment
• Using Metasploit
• Using Git
• Reporting a Bug

Contributing

• Creating Metasploit Framework LoginScanners - new in 4.10!
• Guidelines for Accepting Modules and Enhancements
• Contributing to Metasploit
• Common Metasploit Module Coding Mistakes
• Style Tips
• Committer Rights
• Landing Pull Requests
• Landing Meterpreter Pull Requests

Metasploit Development

• Why Ruby?
• How to get started with writing an exploit
• How to get started with writing an auxiliary module
• How to get started with writing a post module
• How to get started with writing a Meterpreter script
• Loading External Modules
• Exploit Ranking
• Metasploit module reference identifiers
• How to use Railgun for Windows post exploitation
• How to write a browser exploit using BrowserExploitServer
• How to write a browser exploit using HttpServer
• How to write a module using HttpServer and HttpClient
• How to Send an HTTP Request Using HTTPClient
• How to send an HTTP request using Rex::Proto::Http::Client
• How to parse an HTTP response
• How to write a check() method
• How to use WbemExec for a write privilege attack on Windows
• How to use the Seh mixin to exploit an exception handler
• How to Use the FILEFORMAT mixin to create a file format exploit
• How to use Powershell in an exploit
• How to use PhpEXE to exploit an arbitrary file upload bug
• How to use Msf::Auxiliary::AuthBrute to write a bruteforcer
• How to do reporting or store data in module development
• How to clean up files using FileDropper
• How to use datastore options
• How to obfuscate JavaScript in Metasploit
• How to log in Metasploit
• How to deprecate a Metasploit module
• How to use the Msf::Exploit::Remote::Tcp mixin
• How to check Microsoft patch levels for your exploit
• How to zip files with Rex::Zip::Archive
• How to write a HTTP LoginScanner Module
• Oracle Usage
• Rex Layout
• Style Tips
• How to use command stagers

Metasploit Payloads

• How Payloads Work
• State of Meterpreter
• Meterpreter Configuration
• Meterpreter HTTP Communication
• Meterpreter Paranoid Mode
• Meterpreter Reliable Network Communication
• Meterpreter Sleep Control
• Meterpreter Stageless Mode
• Meterpreter Timeout Control
• Meterpreter Transport Control
• Meterpreter Unicode Support
• Payload UUID
• Python Extension
• The ins and outs of HTTP and HTTPS communications in Meterpreter and Metasploit Stagers

Other Metasploit Resources

• Downloads by Version
• How to use a Metasploit module appropriately
• How to use a reverse shell in Metasploit
• Evading Anti Virus
• Information About Unmet Browser Exploit Requirements
• What does my Rex::Proto::SMB Error mean?
• How to use msfvenom
• How to use exim_gethostbyname_bof.rb (Exim GHOST Buffer Overflow)

GitHub Resources

• Remote Branch Pruning
• Git Cheatsheet
• Git Gotchas
• Git Reference Sites