How to Add New Exploit to Metasploit / Kali Linux / BackTrack [Screenshots included]
Sooner or later, penetration testers might feel the modules that are auto included in the Metasploit framework to be lacking. In such a case, they will want to add a new exploit to Metasploit.
Lets say you dig up a new vulnerability from cvedetails.com and notice that there is a public exploit available for this vulnerability on exploit-db
or 1337day
.
Go to exploit-db or 1337day and download the public exploit. It will be a .rb
(ruby) script (or may be a python script).
Once you have the .rb
exploit code, you need to add this to a hidden folder .msf4
in your home folder: /root
Note that the period, .
, before a file or folder name in Linux indicates that it is hidden.
Metasploit provides you a way to add new exploits. All you need to do is to add the .rb or .py file to this hidden .msf4
folder in your home folder and reload msfconsole
.
Here’s a screenshot of msfconsole
before adding a new exploit:
Notice that total exploits equal 1090
.
Here’s a screenshot of the commands to copy the new exploit to .msf4
folder:
Now reload msfconsole
.
And here’s a screenshot after the new exploit has been added:
Notice that the total number of exploit now equal 1091
. We have successfully added a new exploit to Metasploit.