130 lines
3.3 KiB
Plaintext
130 lines
3.3 KiB
Plaintext
The following things are required for the December alpha release:
|
|
|
|
- rex
|
|
X - post-exploitation
|
|
X - meterpreter
|
|
X - pivoting
|
|
X - portfwd command
|
|
- networking
|
|
X - switch board routing table for pivoting
|
|
X - meterpreter 'comm' support
|
|
- proxy 'comm' support
|
|
- asm
|
|
- block dependencies (req'd for shikata)
|
|
- block permutation generation (req'd for shikata)
|
|
X - text
|
|
X - create_pattern, pattern_offset
|
|
X - base64
|
|
X - consider extending String
|
|
X - logging
|
|
X - debug level limiter
|
|
X - define log levels, when they should be used, etc
|
|
- framework-core
|
|
X - modules
|
|
X - reloading
|
|
X - compatibility filtering (keys)
|
|
X - description sanitation (strip lines/etc)
|
|
X - payloads
|
|
X - meta information
|
|
X - stager/stage calling conventions
|
|
X - stack requirements
|
|
X - make payload prepend target specific
|
|
X - sessions
|
|
X - logging session activity
|
|
- module load caching
|
|
- switch to demand loaded modules rather than always loading
|
|
- should make things faster
|
|
X - recon
|
|
X - add a method like 'can_be_used' that checks whether or not dependencies are
|
|
X on the machine (like nmap) for a given module
|
|
- framework task queuing
|
|
- make the framework expose methods for queuing tasks (FrameworkTask)
|
|
- generic interface with an execute method
|
|
- called from within the context of a worker thread
|
|
- modules needing ports (above other modules)
|
|
- encoders
|
|
- shikata
|
|
X - nops
|
|
X - opty2
|
|
- payloads
|
|
- cmd payloads
|
|
X - mac os x payloads
|
|
- osx null free reverse stager
|
|
X - solaris payloads
|
|
X - bsd payloads
|
|
- user interfaces
|
|
- general
|
|
X - add concept of EVASION option (high, normal, low)
|
|
X - logging improvements
|
|
X - provide log file setting interface
|
|
X - log by default in the LogDir
|
|
X - msfcli
|
|
- msfweb
|
|
X - msfpayload
|
|
X - msfencode
|
|
- msfconsole
|
|
- spawn web-server from within msfconsole (msfweb instance)
|
|
- irb mode
|
|
- running 'msf scripts'
|
|
- testing framework
|
|
- framework core
|
|
X - handlers
|
|
- framework modules
|
|
- exploits
|
|
- payloads
|
|
X - encoders
|
|
- osx encoders
|
|
- nops
|
|
- recon
|
|
- framework sessions
|
|
- shell
|
|
- meterpreter
|
|
- documentation
|
|
- rex
|
|
- framework-core
|
|
- framework-base
|
|
- module interfaces
|
|
|
|
The following things should be implemented both as protocols and as exploit
|
|
mixins to encourage code re-use:
|
|
|
|
- ftp
|
|
- backup agent protocols
|
|
- CA brightstor
|
|
- Arkeia
|
|
- mssql
|
|
- sunrpc
|
|
- xdr
|
|
- jbase
|
|
- oracle
|
|
|
|
Things that would be useful to have completed, but not a requirement:
|
|
|
|
- rex
|
|
- exploitation
|
|
- format string generator
|
|
- opcodedb client (return addr pooling)
|
|
- networking
|
|
- msfd 'comm' support
|
|
- modules
|
|
- payloads
|
|
- implement 'reliable' stagers with a higher rating so that
|
|
if there is enough room, reliable stagers can be used
|
|
- recon
|
|
X - basic range/port scanner
|
|
X - basic service identifier
|
|
- basic OS fingerprinting
|
|
- framework-core
|
|
- handler sharing
|
|
- exploits using the same payload/handler can share (ref count)
|
|
- plugin modules
|
|
- plugin modules can extend the framework and provide new features
|
|
X - framework-base
|
|
X - event correlation
|
|
X - recon events correlations
|
|
- user interfaces
|
|
- msfd
|
|
- daemon interface, provides command line interaction and proxying
|
|
- support authentication
|
|
- support SSL
|