metasploit-framework/dev/msf3/plan.txt

130 lines
3.3 KiB
Plaintext

The following things are required for the December alpha release:
- rex
X - post-exploitation
X - meterpreter
X - pivoting
X - portfwd command
- networking
X - switch board routing table for pivoting
X - meterpreter 'comm' support
- proxy 'comm' support
- asm
- block dependencies (req'd for shikata)
- block permutation generation (req'd for shikata)
X - text
X - create_pattern, pattern_offset
X - base64
X - consider extending String
X - logging
X - debug level limiter
X - define log levels, when they should be used, etc
- framework-core
X - modules
X - reloading
X - compatibility filtering (keys)
X - description sanitation (strip lines/etc)
X - payloads
X - meta information
X - stager/stage calling conventions
X - stack requirements
X - make payload prepend target specific
X - sessions
X - logging session activity
- module load caching
- switch to demand loaded modules rather than always loading
- should make things faster
X - recon
X - add a method like 'can_be_used' that checks whether or not dependencies are
X on the machine (like nmap) for a given module
- framework task queuing
- make the framework expose methods for queuing tasks (FrameworkTask)
- generic interface with an execute method
- called from within the context of a worker thread
- modules needing ports (above other modules)
- encoders
- shikata
X - nops
X - opty2
- payloads
- cmd payloads
X - mac os x payloads
- osx null free reverse stager
X - solaris payloads
X - bsd payloads
- user interfaces
- general
X - add concept of EVASION option (high, normal, low)
X - logging improvements
X - provide log file setting interface
X - log by default in the LogDir
X - msfcli
- msfweb
X - msfpayload
X - msfencode
- msfconsole
- spawn web-server from within msfconsole (msfweb instance)
- irb mode
- running 'msf scripts'
- testing framework
- framework core
X - handlers
- framework modules
- exploits
- payloads
X - encoders
- osx encoders
- nops
- recon
- framework sessions
- shell
- meterpreter
- documentation
- rex
- framework-core
- framework-base
- module interfaces
The following things should be implemented both as protocols and as exploit
mixins to encourage code re-use:
- ftp
- backup agent protocols
- CA brightstor
- Arkeia
- mssql
- sunrpc
- xdr
- jbase
- oracle
Things that would be useful to have completed, but not a requirement:
- rex
- exploitation
- format string generator
- opcodedb client (return addr pooling)
- networking
- msfd 'comm' support
- modules
- payloads
- implement 'reliable' stagers with a higher rating so that
if there is enough room, reliable stagers can be used
- recon
X - basic range/port scanner
X - basic service identifier
- basic OS fingerprinting
- framework-core
- handler sharing
- exploits using the same payload/handler can share (ref count)
- plugin modules
- plugin modules can extend the framework and provide new features
X - framework-base
X - event correlation
X - recon events correlations
- user interfaces
- msfd
- daemon interface, provides command line interaction and proxying
- support authentication
- support SSL