How to Add New Exploit to Metasploit / Kali Linux / BackTrack [Screenshots included]

Sooner or later, penetration testers might feel the modules that are auto included in the Metasploit framework to be lacking. In such a case, they will want to add a new exploit to Metasploit.

Lets say you dig up a new vulnerability from cvedetails.com and notice that there is a public exploit available for this vulnerability on exploit-db or 1337day.

Go to exploit-db or 1337day and download the public exploit. It will be a .rb (ruby) script (or may be a python script).

Once you have the .rb exploit code, you need to add this to a hidden folder .msf4 in your home folder: /root

Note that the period, ., before a file or folder name in Linux indicates that it is hidden.

Metasploit provides you a way to add new exploits. All you need to do is to add the .rb or .py file to this hidden .msf4 folder in your home folder and reload msfconsole.

Here’s a screenshot of msfconsole before adding a new exploit:

Notice that total exploits equal 1090.
Here’s a screenshot of the commands to copy the new exploit to .msf4 folder:

Now reload msfconsole.

And here’s a screenshot after the new exploit has been added:

Notice that the total number of exploit now equal 1091. We have successfully added a new exploit to Metasploit.

Pranshu Bajpai
Pranshu Bajpai
Principal Security Architect

Pranshu Bajpai, PhD, is a principle security architect..