Originally Posted by jcran
I've found myself repeating those words more than a few times over the last couple months. I've gotten some strange looks, but I've just really started to realize the power that the framework gives you. Because of its plaintextiness, it can be read / hacked / mangled by anybody. In essence, you have full visibility in to what's going on with an exploit and you can debug any problems at the moment you encounter them. Compare that to most tools, and i think you'll see the power. In short, if you can see it, you can hack on it.
The underlying rex library is also in ruby, so you can see what's going on behind the curtains of a library call. For instance, I was having trouble debugging an ssh login ('scanner/ssh/ssh_login'), so i looked at the module (look at lines 63-78), figured out how to turn debug mode on, and typed:
msf > set SSH_DEBUG true
All of a sudden, i'm getting insanely detailed output:
[*] 192.168.235.129:22 - SSH - Starting buteforce
establishing connection to 192.168.235.129:22
negotiating protocol version
remote is `SSH-1.99-OpenSSH_2.5.2p2'
local is `SSH-2.0-Ruby/Net::SSH_2.0.11 x86_64-linux'
You could even dig further. Notice that the module has a "require 'net/ssh'". I then went to the $frameork/lib/net directory, and found ssh.rb. by adding some debug lines in here, you could get even greater visibility.
One editor (plugin) to rule them all!
On that note, a new 'editor' plugin was recently committed to make editing modules simpler. We wanted to make it trivial to look at the code for the current module. So if i want to hack on the 'ssh_login' module, rather than navigating here: $framework/modules/auxiliary/scanner/ssh/ssh_login.rb, i can simply type:
msf > use scanner/ssh/ssh_login
msf (ssh_login) > load editor
msf (ssh_login) > edit
The module loads the editor from the $EDITOR environment variable and defaults to vi if you've not set the variable. It's also worth mentioning when you're hacking away on a module and you change something, you'll want to reload the module before running it again. You can do this with a simple 'rexploit' command (for exploits) and a 'rerun' command for auxilliary modules.
That's it! Hope it makes it easier to hack on the framework. Comments / feedback welcome!
(I'm a littttttle disappointed it's not turtles, but it turns out ruby's way more fun :) )