Using the Metasploit Framework - Writing and Importing Modules

#readwise # Using the Metasploit Framework - Writing and Importing Modules ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article2.74d541386bbf.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Using the Metasploit Framework - Writing and Importing Modules - URL: https://academy.hackthebox.com/module/39/section/417 ## Summary To install new Metasploit modules, you can update your msfconsole from the terminal or manually download specific modules. ExploitDB is a helpful resource for finding Metasploit modules, allowing you to search for custom exploits. If you find a specific exploit, like one for Nagios3, but it's not in your version, you may need to update your Metasploit framework. You can also adapt existing scripts into Metasploit modules by learning Ruby and following proper naming conventions and directory structures. ## Highlights To install any new Metasploit modules which have already been ported over by other users, one can choose to update their `msfconsole` from the terminal, which will ensure that all newest exploits, auxiliaries, and features will be installed in the latest version of `msfconsole`. As long as the ported modules have been pushed into the main Metasploit-framework branch on GitHub, we should be updated with the latest modules. ([View Highlight](https://read.readwise.io/read/01js90xxy2c8h30360xmnm8fq4)) --- [ExploitDB](https://www.exploit-db.com) is a great choice when searching for a custom exploit. We can use tags to search through the different exploitation scenarios for each available script. One of these tags is [Metasploit Framework (MSF)](https://www.exploit-db.com/?tag=3), which, if selected, will display only scripts that are also available in Metasploit module format. These can be directly downloaded from ExploitDB and installed in our local Metasploit Framework directory. ([View Highlight](https://read.readwise.io/read/01js90yxhqzqgj395dwv061pqr)) ^aryf65 --- The default directory where all the modules, scripts, plugins, and `msfconsole` proprietary files are stored is `/usr/share/metasploit-framework`. The critical folders are also symlinked in our home and root folders in the hidden `~/.msf4/` location. ([View Highlight](https://read.readwise.io/read/01js912vkvthpgxbej6g5wtpv5)) ^8rmma5 --- Note that our home folder `.msf4` location might not have all the folder structure that the `/usr/share/metasploit-framework/` one might have. So, we will just need to `mkdir` the appropriate folders so that the structure is the same as the original folder so that `msfconsole` can find the new modules. After that, we will be proceeding with copying the `.rb` script directly into the primary location. ([View Highlight](https://read.readwise.io/read/01js914dpzavd0ab4mh9ngkx6b)) ^78tz7i --- Please note that there are certain naming conventions that, if not adequately respected, will generate errors when trying to get `msfconsole` to recognize the new module we installed. Always use snake-case, alphanumeric characters, and underscores instead of dashes. ([View Highlight](https://read.readwise.io/read/01js914t47610hb5sg2xyznsqn)) --- MSF - Loading Additional Modules ``` loadpath /usr/share/metasploit-framework/modules/ ``` Alternatively, we can also launch `msfconsole` and run the `reload_all` command for the newly installed module to appear in the list. ([View Highlight](https://read.readwise.io/read/01js915qd9kb6tsfhpt1cj3twj)) ---