2010-06-16 17:03:30 +00:00
|
|
|
# $Id$
|
2010-05-09 20:16:48 +00:00
|
|
|
|
|
|
|
This file contains some brief instructions on contributing to the Metasploit
|
|
|
|
Framework.
|
|
|
|
|
|
|
|
|
|
|
|
General Guidelines
|
|
|
|
========================
|
|
|
|
Don't print to standard output. Doing so means that users of interfaces other
|
|
|
|
than msfconsole, such as msfrpc and msfweb, won't see your output. You can use
|
|
|
|
print_line to accomplish the same thing as puts.
|
|
|
|
|
|
|
|
Code Style
|
|
|
|
- Hard tabs, not spaces
|
|
|
|
- Try to keep your lines under 100 columns (assuming four-space tabs)
|
|
|
|
- do; end instead of {} for a block
|
|
|
|
|
|
|
|
|
|
|
|
Modules
|
|
|
|
=======
|
|
|
|
Always use Rex sockets, not ruby sockets. This includes third-party libraries
|
|
|
|
such as Net::Http. There are several very good reasons for this rule. First,
|
|
|
|
the framework doesn't get notified on the creation of ruby sockets and won't
|
|
|
|
know how to clean them up in case your module raises an exception without
|
|
|
|
cleaning up after itself. Secondly, non-Rex sockets do not know about routes
|
|
|
|
and therefore can't be used through a meterpreter tunnel. Lastly, regular
|
|
|
|
sockets miss out on msf's proxy and ssl features. Msf includes many protocols
|
|
|
|
already implemented with Rex and if the protocol you need is missing, porting
|
|
|
|
another library to use them is straight-forward. See our Net::SSH
|
|
|
|
modifications in lib/net/ssh/ for an example.
|
|
|
|
|
|
|
|
When creating a new module, the simplest way to start is to copy another module
|
|
|
|
that uses the same protocol and modify it to your needs. If you're creating an
|
|
|
|
exploit module, generally you'll want to edit the exploit() method. Auxiliary
|
2010-05-14 16:51:16 +00:00
|
|
|
Scanner modules use one of run_host(), run_range(), or run_batch() instead of
|
|
|
|
exploit(). Non-scanner aux modules use run().
|
2010-05-09 20:16:48 +00:00
|
|
|
|
|
|
|
|
|
|
|
Licensing
|
|
|
|
=========
|
|
|
|
By submitting code contributions to the Metasploit Project it is assumed that
|
|
|
|
you are offering your code under a BSD or similar license. MIT and Ruby
|
|
|
|
Licenses are also fine. We specifically cannot include GPL code.
|
|
|
|
|
|
|
|
|
|
|
|
|