This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

metasploit-framework/ at master · rapid7/metasploit-framework · GitHub

Skip to content

Sign in or Sign up



Join GitHub today

GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.

Sign up Switch branches/tags 4.x GSoC/Meterpreter_Web_Console MS-2855/keylogger-mettle-extension bug/bundler_fix d215aeb5 gh-pages master unstable Nothing to show v4.11.7 blog-20150827 blog-20150813 blog-20150730 blog-20150723 blog-20150702 2015071402 2015070901 2015063001 20150827 4.17.17 4.17.16 4.17.15 4.17.14 4.17.13 4.17.12 4.17.11 4.17.10 4.17.9 4.17.8 4.17.7 4.17.6 4.17.5 4.17.4 4.17.3 4.17.2 4.17.1 4.17.0 4.16.65 4.16.64 4.16.63 4.16.62 4.16.61 4.16.60 4.16.59 4.16.58 4.16.57 4.16.56 4.16.55 4.16.54 4.16.53 4.16.52 4.16.51 4.16.50 4.16.49 4.16.48 4.16.47 4.16.46 4.16.45 4.16.44 4.16.43 4.16.42 4.16.41 4.16.40 4.16.39 4.16.38 4.16.37 4.16.36 4.16.35 4.16.34 4.16.33 4.16.32 4.16.31 4.16.30 4.16.29 4.16.28 4.16.27 4.16.26 4.16.25 4.16.24 4.16.23 4.16.22 4.16.21 4.16.20 4.16.19 4.16.18 4.16.17 4.16.16 4.16.15 4.16.14 4.16.13 4.16.12 4.16.11 4.16.10 4.16.9 4.16.8 4.16.7 4.16.6 4.16.5 4.16.4 4.16.3 4.16.2 4.16.1 4.16.0 4.15.8 4.15.7 4.15.6 4.15.5 4.15.4 4.15.3 Nothing to show Find file Copy path metasploit-framework/ be8b826 May 9, 2018 busterb include example of why PRs from master are bad 2 contributors

Users who have contributed to this file

Raw Blame History 128 lines (98 sloc) 6.22 KB

Hello, World!

Thanks for your interest in making Metasploit -- and therefore, the world -- a better place!

Are you about to report a bug? Sorry to hear it. Here's our Issue tracker. Please try to be as specific as you can about your problem; include steps to reproduce (cut and paste from your console output if it's helpful) and what you were expecting to happen.

Are you about to report a security vulnerability in Metasploit itself? How ironic! Please take a look at Rapid7's Vulnerability Disclosure Policy, and send your report to [email protected] using our PGP key.

Are you about to contribute some new functionality, a bug fix, or a new Metasploit module? If so, read on...

Contributing to Metasploit

What you see here in is a bullet point list of the do's and don'ts of how to make sure your valuable contributions actually make it into Metasploit's master branch.

If you care not to follow these rules, your contribution will be closed. Sorry!

This is intended to be a short list. The wiki is much more exhaustive and reveals many mysteries. If you read nothing else, take a look at the standard development environment setup guide and Metasploit's Common Coding Mistakes.

Code Contributions

  • Do stick to the Ruby style guide.
  • Do get Rubocop relatively quiet against the code you are adding or modifying.
  • Do follow the 50/72 rule for Git commit messages.
  • Don't use the default merge messages when merging from other branches.
  • Do license your code as BSD 3-clause, BSD 2-clause, or MIT.
  • Do create a topic branch to work on instead of working directly on master. If you do not send a PR from a topic branch, the history of your PR will be lost as soon as you update your own master branch. See [] for an example of this in action.

Pull Requests

  • Do target your pull request to the master branch. Not staging, not develop, not release.
  • Do specify a descriptive title to make searching for your pull request easier.
  • Do include console output, especially for witnessable effects in msfconsole.
  • Do list verification steps so your code is testable.
  • Do reference associated issues in your pull request description.
  • Do write release notes once a pull request is landed.
  • Don't leave your pull request description blank.
  • Don't abandon your pull request. Being responsive helps us land your code faster.

Pull requests PR#2940 and PR#3043 are a couple good examples to follow.

New Modules

  • Do run tools/dev/msftidy.rb against your module and fix any errors or warnings that come up.
  • Do use the many module mixin APIs. Wheel improvements are welcome; wheel reinventions, not so much.
  • Don't include more than one module per pull request.
  • Do include instructions on how to setup the vulnerable environment or software.
  • Do include Module Documentation showing sample run-throughs.


  • Don't submit new scripts. Scripts are shipped as examples for automating local tasks, and anything "serious" can be done with post modules and local exploits.

Library Code

  • Do write RSpec tests - even the smallest change in library land can thoroughly screw things up.
  • Do follow Better Specs - it's like the style guide for specs.
  • Do write YARD documentation - this makes it easier for people to use your code.
  • Don't fix a lot of things in one pull request. Small fixes are easier to validate.

Bug Fixes

  • Do include reproduction steps in the form of verification steps.
  • Do include a link to any corresponding Issues in the format of See #1234 in your commit description.

Bug Reports

  • Do report vulnerabilities in Rapid7 software directly to [email protected].
  • Do write a detailed description of your bug and use a descriptive title.
  • Do include reproduction steps, stack traces, and anything else that might help us verify and fix your bug.
  • Don't file duplicate reports; search for your bug before filing a new report.

If you need some more guidance, talk to the main body of open source contributors over on the Freenode IRC channel, or e-mail us at the metasploit-hackers mailing list.

Also, thank you for taking the few moments to read this far! You're already way ahead of the curve, so keep it up!

You can’t perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. Press h to open a hovercard with more details.