-
Notifications
You must be signed in to change notification settings - Fork 14.1k
Msftidy
This check ensures that modules are not marked executable. A module is only called by the framework and not directly. The correct file mode is ??
A module should not have a Shebang line.
Modules should not rely on the Nokogiri GEM. Please use REXML instead.
CVE references should be in the format YYYY-NNNN
OSVDB references should only contain numbers
BID references should only contain numbers
OSVDB references should be in the format MSddd-ddd (d = digit)
Milw0rm references are no longer supported (site suspended)
EDB references should only contain numbers
BID references should be in the format dd-dd (d = digit)
US-CERT references should only contain numbers
ZDI references should be in the format dd-ddd (d = digit)
If you supply an URL where a short identifiert is available, please use the identifier.
Before Metasploit moved to Github the sources were stored in a SVN repository. SVN has support to replace custom variables with current values like the last revision. Since GIT does not support them, the references should be removed from code.
You should not define a VERBOSE option in your module. A VERBOSE option is already provided by the framework. To make use of the VERBOSE setting, you can use methods like vprint_status and vprint_error
This checks looks for bad characters in the module title. If you encounter this error, please replace the characters.
All modules should have a .rb file extenstion to be loaded by the framework.
This check checks the file for syntax errors with old Ruby versions. By default this check will not run. To execute this check you need to set the environment variable MSF_CHECK_OLD_RUBIES.
This check ensures you added the correct ranking to your module. Click here to read more about Exploit Ranking.
Date format needs to be Month Day, YYYY. Example: Jan 01, 2014
This check ensures you used the correct case in your title.
This checks for the correct use of the terms Stack Buffer overflow and Stack Exhaustion. See "Stack overflow" vs "Stack buffer overflow" for more information.
If you define a function which defines a lot of input arguments, the check ensures you use a hash instead.
When using send_request_cgi or send_request_raw the URL supplied should not contain GET Paramters. Please provide the Parameter via the vars_get hash.
Example:
bad:
res = send_request_raw({ 'uri' => uri_base + '/upload.php?type=file&folder=' + folder })
good:
res = send_request_raw({ 'uri' => uri_base + '/upload.php', 'vars_get' => { 'type' => 'file', 'folder' => folder } })
- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
-
Setting Up a Metasploit Development Environment From
apt-get installtogit push. - CONTRIBUTING.md What should your contributions look like?
- Landing Pull Requests Working with other people's contributions.
- Using Git All about Git and GitHub.
- Contributing to Metasploit Be a part of our open source community.
- Meterpreter All about the Meterpreter payload.