2005-09-26 18:23:53 +00:00
|
|
|
The following things are required for the December alpha release:
|
|
|
|
|
2005-12-05 17:26:01 +00:00
|
|
|
|
2005-09-26 18:23:53 +00:00
|
|
|
- rex
|
2005-09-29 20:18:24 +00:00
|
|
|
X - post-exploitation
|
|
|
|
X - meterpreter
|
|
|
|
X - pivoting
|
|
|
|
X - portfwd command
|
2005-09-26 18:23:53 +00:00
|
|
|
- networking
|
2005-09-30 05:59:44 +00:00
|
|
|
X - switch board routing table for pivoting
|
2005-09-30 07:12:32 +00:00
|
|
|
X - meterpreter 'comm' support
|
2005-09-26 18:32:24 +00:00
|
|
|
- proxy 'comm' support
|
2005-09-26 18:23:53 +00:00
|
|
|
- asm
|
2005-09-26 18:43:40 +00:00
|
|
|
- block dependencies (req'd for shikata)
|
|
|
|
- block permutation generation (req'd for shikata)
|
2005-11-03 00:06:07 +00:00
|
|
|
X - text
|
2005-09-30 07:12:32 +00:00
|
|
|
X - create_pattern, pattern_offset
|
|
|
|
X - base64
|
|
|
|
X - consider extending String
|
2005-10-30 23:40:27 +00:00
|
|
|
X - logging
|
|
|
|
X - debug level limiter
|
2005-11-02 00:27:59 +00:00
|
|
|
X - define log levels, when they should be used, etc
|
2005-09-26 18:23:53 +00:00
|
|
|
- framework-core
|
2005-11-03 00:06:07 +00:00
|
|
|
X - modules
|
2005-10-10 00:30:14 +00:00
|
|
|
X - reloading
|
2005-10-19 01:53:39 +00:00
|
|
|
X - compatibility filtering (keys)
|
2005-10-01 06:22:25 +00:00
|
|
|
X - description sanitation (strip lines/etc)
|
2005-11-03 00:06:07 +00:00
|
|
|
X - payloads
|
2005-10-01 06:22:25 +00:00
|
|
|
X - meta information
|
|
|
|
X - stager/stage calling conventions
|
|
|
|
X - stack requirements
|
2005-09-30 07:12:32 +00:00
|
|
|
X - make payload prepend target specific
|
2005-10-02 03:21:26 +00:00
|
|
|
X - sessions
|
|
|
|
X - logging session activity
|
2005-11-01 00:30:20 +00:00
|
|
|
- module load caching
|
|
|
|
- switch to demand loaded modules rather than always loading
|
2005-11-02 23:05:52 +00:00
|
|
|
- should make things faster
|
|
|
|
X - recon
|
|
|
|
X - add a method like 'can_be_used' that checks whether or not dependencies are
|
|
|
|
X on the machine (like nmap) for a given module
|
|
|
|
- framework task queuing
|
|
|
|
- make the framework expose methods for queuing tasks (FrameworkTask)
|
|
|
|
- generic interface with an execute method
|
|
|
|
- called from within the context of a worker thread
|
2005-09-26 18:23:53 +00:00
|
|
|
- modules needing ports (above other modules)
|
|
|
|
- encoders
|
|
|
|
- shikata
|
2005-10-02 19:33:25 +00:00
|
|
|
X - nops
|
|
|
|
X - opty2
|
2005-09-26 18:23:53 +00:00
|
|
|
- payloads
|
2005-10-17 00:25:07 +00:00
|
|
|
- cmd payloads
|
2005-10-16 01:32:35 +00:00
|
|
|
X - mac os x payloads
|
|
|
|
- osx null free reverse stager
|
|
|
|
X - solaris payloads
|
|
|
|
X - bsd payloads
|
2005-09-26 18:23:53 +00:00
|
|
|
- user interfaces
|
|
|
|
- general
|
2005-10-02 07:58:26 +00:00
|
|
|
X - add concept of EVASION option (high, normal, low)
|
2005-10-02 05:48:05 +00:00
|
|
|
X - logging improvements
|
|
|
|
X - provide log file setting interface
|
2005-10-01 09:10:41 +00:00
|
|
|
X - log by default in the LogDir
|
2005-10-02 05:48:05 +00:00
|
|
|
X - msfcli
|
2005-09-26 18:23:53 +00:00
|
|
|
- msfweb
|
2005-10-01 09:10:56 +00:00
|
|
|
X - msfpayload
|
2005-10-01 21:26:17 +00:00
|
|
|
X - msfencode
|
2005-09-26 18:52:20 +00:00
|
|
|
- msfconsole
|
|
|
|
- spawn web-server from within msfconsole (msfweb instance)
|
2005-09-26 21:02:19 +00:00
|
|
|
- irb mode
|
|
|
|
- running 'msf scripts'
|
2005-09-26 21:45:45 +00:00
|
|
|
- testing framework
|
|
|
|
- framework core
|
2005-11-01 03:09:55 +00:00
|
|
|
X - handlers
|
2005-09-26 21:45:45 +00:00
|
|
|
- framework modules
|
|
|
|
- exploits
|
|
|
|
- payloads
|
2005-11-01 03:09:55 +00:00
|
|
|
X - encoders
|
|
|
|
- osx encoders
|
2005-09-26 21:45:45 +00:00
|
|
|
- nops
|
|
|
|
- recon
|
|
|
|
- framework sessions
|
|
|
|
- shell
|
|
|
|
- meterpreter
|
2005-09-26 21:49:32 +00:00
|
|
|
- documentation
|
|
|
|
- rex
|
|
|
|
- framework-core
|
|
|
|
- framework-base
|
|
|
|
- module interfaces
|
2005-09-26 18:43:40 +00:00
|
|
|
|
|
|
|
The following things should be implemented both as protocols and as exploit
|
|
|
|
mixins to encourage code re-use:
|
|
|
|
|
2005-12-03 16:57:57 +00:00
|
|
|
X - ftp
|
2005-09-26 18:43:40 +00:00
|
|
|
- backup agent protocols
|
|
|
|
- CA brightstor
|
2005-12-03 16:57:57 +00:00
|
|
|
X - Arkeia
|
|
|
|
X - mssql
|
2005-09-26 18:43:40 +00:00
|
|
|
- sunrpc
|
|
|
|
- xdr
|
|
|
|
- jbase
|
|
|
|
- oracle
|
2005-09-26 18:52:20 +00:00
|
|
|
|
|
|
|
Things that would be useful to have completed, but not a requirement:
|
|
|
|
|
|
|
|
- rex
|
|
|
|
- exploitation
|
|
|
|
- format string generator
|
2005-09-26 21:44:57 +00:00
|
|
|
- opcodedb client (return addr pooling)
|
|
|
|
- networking
|
|
|
|
- msfd 'comm' support
|
2005-09-26 18:52:20 +00:00
|
|
|
- modules
|
|
|
|
- payloads
|
|
|
|
- implement 'reliable' stagers with a higher rating so that
|
2005-09-26 19:34:47 +00:00
|
|
|
if there is enough room, reliable stagers can be used
|
|
|
|
- recon
|
2005-11-01 00:02:51 +00:00
|
|
|
X - basic range/port scanner
|
|
|
|
X - basic service identifier
|
2005-09-26 19:34:47 +00:00
|
|
|
- basic OS fingerprinting
|
2005-10-02 05:48:05 +00:00
|
|
|
- framework-core
|
|
|
|
- handler sharing
|
|
|
|
- exploits using the same payload/handler can share (ref count)
|
2005-11-01 00:02:51 +00:00
|
|
|
- plugin modules
|
|
|
|
- plugin modules can extend the framework and provide new features
|
2005-10-31 15:56:59 +00:00
|
|
|
X - framework-base
|
|
|
|
X - event correlation
|
|
|
|
X - recon events correlations
|
2005-09-26 21:37:22 +00:00
|
|
|
- user interfaces
|
|
|
|
- msfd
|
|
|
|
- daemon interface, provides command line interaction and proxying
|
|
|
|
- support authentication
|
|
|
|
- support SSL
|