-
Notifications
You must be signed in to change notification settings - Fork 14k
GSoC 2017 Project Ideas
GSoC Project Ideas in no particular order.
If you want to suggest your own idea, please discuss it with us first on our mailing list to make sure it is a reasonable amount of work for a summer and that it fits the goals of the project.
Perl, Python, and Ruby scripts can all be run via a short command line invocation. It would be nice to be able to use these payloads in ARCH_CMD contexts as well as their own separate architectures (ARCH_PYTHON, ARCH_RUBY). This would allow modules that exploit command injection vulnerabilities to use python meterpreter in particular.
Requirements: Ruby, Python, bash/sh
Automatically run a module over and over, determine success rates.
Mentor: @busterb
Set up automated testing using something like Vagrant to spin up and configure vulnerable machines, run exploits against them.
Something like "make all X exploits badass", or add a full suite of modules around particular gear or vendor stack.
Mentor: @hdm
And then move the exploit/*/local modules that aren't actually exploits back to post/
(see also ruby_smb project)
Mentor: @egypt
--
Currently, the attributes that one can set for how a Meterpreter payload appears at the HTTP level are limited. We would like the ability to set and add arbitrary HTTP headers to requests and responses, so that the traffic appears more realistic.
Requirements: C, Ruby. Bonus: Python, PHP
Mentor: @busterb
Allow meterpreter to act as a mesh network inside a corporate environment.
Requirements: C, network protocol design. Bonus: Python, PHP
Using either Python or Powershell (or maybe both if it can be abstract enough). This could allow things like running Responder.py or Empire on a compromised host.
Requirements: C, Python/Powershell
Mentor: @OJ
SChannel is Windows' built-in TLS library.
Requirements: C
Mentor: @OJ
All of the following folks have expressed willingness to be mentors.
- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
-
Setting Up a Metasploit Development Environment From
apt-get installtogit push. - CONTRIBUTING.md What should your contributions look like?
- Landing Pull Requests Working with other people's contributions.
- Using Git All about Git and GitHub.
- Contributing to Metasploit Be a part of our open source community.
- Meterpreter All about the Meterpreter payload.