Metasploit mailing list archives
Re: learning Ruby
From: "HD Moore" <hdm () metasploit com>
Date: Sat, 30 Jun 2012 19:01:04 -0500
It is nice to get blunt feedback too -- we definitely have room to improve on process and documentation. -----Original Message----- From: Bob Bruen [mailto:bruen () coldrain net] Sent: Saturday, June 30, 2012 5:16 PM To: HD Moore Cc: 'northern monkee'; 'Tod Beardsley'; 'framework List' Subject: Re: [framework] learning Ruby Hi HD, I have been following this work since its earliest days. There is nothing quite like it anywhere - it is awesome. If dave can't deal with it, it is his problem. Nice of you to be so polite to him, though. --bob On Sat, 30 Jun 2012, HD Moore wrote:
Thanks for the feedback - I'll try to address this point by point:Msf is a pita.Msf is the largest Ruby project in existence and has nine years of development history. It can be quirky to work with compared to smaller projects.You can get buy just stealing code from modules that do similar jobsCopying existing module is smart because the framework requires a certain level of standardization to keep badly written modules from causing performance or resource issues. There is surprising amount of
documentation
if you know where to look, but the code base also changes fast enough that reading through the mixin code and other modules is still a good approach for new developers.Documentation is poorDocumentation can be hard to find, but is quite extensive. Looking at just the stuff written by the development team, you have: An older (but mostly accurate) developer's guide: https://community.rapid7.com/docs/DOC-1263 A recently updated user guide: https://community.rapid7.com/docs/DOC-1751 Remote API documentation: https://community.rapid7.com/docs/DOC-1516 You can generate API docs for the entire framework by running ./documentation/gendocs.sh This doesn't take into account the dozens of online guides for module development, the various books that cover this topic, or detailed
write-ups
about specific modules on the various blogs. This guide from CORELAN is great for porting standalone exploits to Metasploit:
https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4
-from-exploit-to-metasploit-the-basics/feedback on submissions even worseWe recognized that timely feedback was an issue and since moved all submissions to GitHub, where Pull requests and code comments are used to provide feedback on new modules. This has drastically cut down how long it takes to get new modules into the framework. https://github.com/rapid7/metasploit-framework/issuesIf it works, it fucking works.And this is where I strongly disagree. We only accept modules for the framework trunk when they meet our standards for code quality and reliability. Once a module is part of the open source tree, we maintain it indefinitely. Crappy code affects all of our users and causes support headaches for the development team. Most of the time the core development team can help with the cleanup process, but some code is too time
intensive
and simply not useful enough to justify a herculean rewrite. We would
rather
focus on getting high-quality remote exploits into the open source repository rather than rewriting yet another bad web application exploit. You can see our current requirements for module submissions at the
following
URLs: https://github.com/rapid7/metasploit-framework/wiki/Acceptance-Guidelines https://github.com/rapid7/metasploit-framework/blob/master/HACKING -HD -----Original Message----- From: framework-bounces () spool metasploit com [mailto:framework-bounces () spool metasploit com] On Behalf Of northern
monkee
Sent: Saturday, June 30, 2012 3:38 PM To: northern monkee Cc: Tod Beardsley; framework List Subject: Re: [framework] learning Ruby Reply all fail. On 30 Jun 2012, at 20:46, northern monkee <dave () northern-monkee co uk> wrote:Msf is a pita. You can get buy just stealing code from modules that dosimilar jobs. Documentation is poor, feedback on submissions even worse.
If
it works, it fucking works.On 29 Jun 2012, at 22:50, "Alex-P. Natsios" <apnatsios () gmail com> wrote:On Fri, Jun 29, 2012 at 5:02 PM, Tod Beardsley <todb () packetfu com>
wrote:
Jim -- _Why's Poignant Guide. It's free and has cartoons. http://mislav.uniqpath.com/poignant-guide/and kittens.. everybody loves kittens! -- Regards, Alex-P. Natsios (a.k.a Drakevr) _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- Dr. Robert Bruen Cold Rain Labs http://coldrain.net/bruen +1.802.579.6288 _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- learning Ruby macubergeek (Jun 29)
- Re: learning Ruby AK (Jun 29)
- Re: learning Ruby Christian Heinrich (Jun 29)
- Re: learning Ruby Tasos Laskos (Jun 29)
- Re: learning Ruby Tod Beardsley (Jun 29)
- Re: learning Ruby Alex-P. Natsios (Jun 29)
- Re: learning Ruby northern monkee (Jun 30)
- Re: learning Ruby northern monkee (Jun 30)
- Re: learning Ruby HD Moore (Jun 30)
- Re: learning Ruby Bob Bruen (Jun 30)
- Re: learning Ruby HD Moore (Jun 30)
- Re: learning Ruby Tasos Laskos (Jun 29)