2014-04-18 15:01:54 +00:00
# Hello, World!
2012-11-07 02:18:58 +00:00
2015-03-30 17:04:15 +00:00
Thanks for your interest in making Metasploit -- and therefore, the
2018-12-12 21:01:21 +00:00
world -- a better place! Before you get started, review our
2018-12-13 15:35:37 +00:00
[Code of Conduct]. There are mutliple ways to help beyond just writing code:
2018-12-12 21:01:21 +00:00
- [Submit bugs and feature requests] with detailed information about your issue or idea.
- [Help fellow users with open issues] or [help fellow committers test recent pull requests].
- [Report a security vulnerability in Metasploit itself] to Rapid7.
- Submit an updated or brand new module! We are always eager for exploits, scanners, and new
2018-12-13 15:35:37 +00:00
integrations or features. Don't know where to start? Set up a [development environment], then head over to ExploitDB to look for [proof-of-concept exploits] that might make a good module.
2014-04-18 15:01:54 +00:00
# Contributing to Metasploit
2018-12-12 21:01:21 +00:00
Here's a short list of do's and don'ts to make sure *your* valuable contributions actually make
2018-12-13 15:35:37 +00:00
it into Metasploit's master branch. If you do not care to follow these rules, your contribution
**will** be closed. Sorry!
2014-02-24 17:57:38 +00:00
## Code Contributions
2018-12-12 21:01:21 +00:00
* **Do** stick to the [Ruby style guide] and use [Rubocop] to find common style issues.
2015-01-30 20:28:39 +00:00
* **Do** follow the [50/72 rule] for Git commit messages.
2016-02-22 22:29:13 +00:00
* **Do** license your code as BSD 3-clause, BSD 2-clause, or MIT.
2019-04-12 17:32:41 +00:00
* **Do** create a [topic branch] to work on instead of working directly on `master` .
This helps protect the process, ensures users are aware of commits on the branch being considered for merge,
allows for a location for more commits to be offered without mingling with other contributor changes,
and allows contributors to make progress while a PR is still being reviewed.
2014-02-24 17:57:38 +00:00
### Pull Requests
2018-12-12 21:01:21 +00:00
* **Do** target your pull request to the **master branch** .
2014-03-04 18:44:12 +00:00
* **Do** specify a descriptive title to make searching for your pull request easier.
2015-01-30 20:28:39 +00:00
* **Do** include [console output], especially for witnessable effects in `msfconsole` .
* **Do** list [verification steps] so your code is testable.
2018-01-16 03:32:44 +00:00
* **Do** [reference associated issues] in your pull request description.
2014-03-03 20:39:40 +00:00
* **Don't** leave your pull request description blank.
* **Don't** abandon your pull request. Being responsive helps us land your code faster.
2014-02-24 17:57:38 +00:00
2018-12-13 15:35:37 +00:00
Pull request [PR#9966] is a good example to follow.
2014-03-04 08:38:47 +00:00
2014-02-24 17:57:38 +00:00
#### New Modules
2018-12-12 21:01:21 +00:00
* **Do** set up `msftidy` to fix any errors or warnings that come up as a [pre-commit hook].
* **Do** use the many module mixin [API]s.
2014-03-03 20:39:40 +00:00
* **Don't** include more than one module per pull request.
2018-01-16 03:32:44 +00:00
* **Do** include instructions on how to setup the vulnerable environment or software.
2018-12-12 21:01:21 +00:00
* **Do** include [Module Documentation] showing sample run-throughs.
* **Don't** submit new [scripts]. Scripts are shipped as examples for automating local tasks, and
anything "serious" can be done with post modules and local exploits.
2015-01-30 20:28:39 +00:00
2014-02-24 17:57:38 +00:00
#### Library Code
2018-12-12 21:01:21 +00:00
* **Do** write [RSpec] tests - even the smallest change in a library can break existing code.
2015-01-30 20:28:39 +00:00
* **Do** follow [Better Specs] - it's like the style guide for specs.
* **Do** write [YARD] documentation - this makes it easier for people to use your code.
2014-04-06 03:21:44 +00:00
* **Don't** fix a lot of things in one pull request. Small fixes are easier to validate.
2014-02-24 17:57:38 +00:00
#### Bug Fixes
2014-03-03 20:39:40 +00:00
* **Do** include reproduction steps in the form of verification steps.
2018-12-12 21:01:21 +00:00
* **Do** link to any corresponding [Issues] in the format of `See #1234` in your commit description.
2014-02-24 17:57:38 +00:00
## Bug Reports
2018-12-13 15:35:37 +00:00
Please report vulnerabilities in Rapid7 software directly to security@rapid7.com. For more on our disclosure policy and Rapid7's approach to coordinated disclosure, [head over here ](https://www.rapid7.com/security ).
When reporting Metasploit issues:
2014-03-04 19:16:55 +00:00
* **Do** write a detailed description of your bug and use a descriptive title.
2018-12-12 21:01:21 +00:00
* **Do** include reproduction steps, stack traces, and anything that might help us fix your bug.
2015-03-29 01:11:05 +00:00
* **Don't** file duplicate reports; search for your bug before filing a new report.
2014-03-04 18:19:34 +00:00
2018-12-12 21:01:21 +00:00
If you need some more guidance, talk to the main body of open source contributors over on our
[Metasploit Slack] or [#metasploit on Freenode IRC].
2014-02-24 17:57:38 +00:00
2018-12-12 21:01:21 +00:00
Finally, **thank you** for taking the few moments to read this far! You're already way ahead of the
curve, so keep it up!
2015-01-30 20:28:39 +00:00
2018-12-12 21:01:21 +00:00
[Code of Conduct]:https://github.com/rapid7/metasploit-framework/wiki/CODE_OF_CONDUCT.md
[Submit bugs and feature requests]:http://r-7.co/MSF-BUGv1
[Help fellow users with open issues]:https://github.com/rapid7/metasploit-framework/issues
[help fellow committers test recently submitted pull requests]:https://github.com/rapid7/metasploit-framework/pulls
[Report a security vulnerability in Metasploit itself]:https://www.rapid7.com/disclosure.jsp
[development environment]:http://r-7.co/MSF-DEV
[proof-of-concept exploits]:https://www.exploit-db.com/search?verified=true& hasapp=true& nomsf=true
2015-01-30 20:28:39 +00:00
[Ruby style guide]:https://github.com/bbatsov/ruby-style-guide
[Rubocop]:https://rubygems.org/search?query=rubocop
2015-11-09 19:13:45 +00:00
[50/72 rule]:http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
2015-01-30 20:28:39 +00:00
[topic branch]:http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches
2018-12-12 21:01:21 +00:00
[PR#8000]:https://github.com/rapid7/metasploit-framework/pull/8000
2015-01-30 20:28:39 +00:00
[console output]:https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks
[verification steps]:https://help.github.com/articles/writing-on-github#task-lists
2016-06-30 20:14:59 +00:00
[reference associated issues]:https://github.com/blog/1506-closing-issues-via-pull-requests
2018-12-12 21:01:21 +00:00
[PR#9966]:https://github.com/rapid7/metasploit-framework/pull/9966
2015-01-30 20:28:39 +00:00
[pre-commit hook]:https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
2015-03-29 01:11:05 +00:00
[API]:https://rapid7.github.io/metasploit-framework/api
2018-12-12 21:01:21 +00:00
[Module Documentation]:https://github.com/rapid7/metasploit-framework/wiki/Generating-Module-Documentation
[scripts]:https://github.com/rapid7/metasploit-framework/tree/master/scripts
2015-03-29 01:11:05 +00:00
[RSpec]:http://rspec.info
[Better Specs]:http://betterspecs.org
[YARD]:http://yardoc.org
2015-01-30 20:28:39 +00:00
[Issues]:https://github.com/rapid7/metasploit-framework/issues
2018-12-12 21:01:21 +00:00
[Metasploit Slack]:https://www.metasploit.com/slack
[#metasploit on Freenode IRC]:http://webchat.freenode.net/?channels=%23metasploit& uio=d4