Developing for the Metasploit Framework

Document created by jcran on Oct 16, 2011Last modified by jcran on Oct 16, 2011
Version 3Show Document
  • View in full screen mode

The development contribution process generally starts with sending us patches and bug reports. Existing modules can be searched in the module browser, and porting these to additional targets and platforms is a highly useful contribution. If you're looking for an exploit to write, take a look at our TODO list. The unstable tree is a useful place to look for modules which need addtional work as well.


One of the most helpful things you can do is read through our bug tracker, pick something you'd like to work on, and send us a patch (generated with "svn diff > something_descriptive.diff" in the base installation directory).  Be sure to check out the HACKING file for tips on coding style.  Simply using the framework and submitting bug reports for things that don't work as you expect is also useful.


The development tree (subversion repository) can be downloaded from


$mkdir msf3 
$svn co


Subversion will prompt you to accept the ssl certificate, please ensure it matches the following fingerprint:


Fingerprint: da:16:ad:cb:4c:6f:7d:cf:b7:7e:5e:e5:f9:a7:a1:8b:3a:a2:6a:92


Other contributors can genearally be reached immediately in the #metasploit channel on or at msfdev AT metasploit DOT com.