-
Notifications
You must be signed in to change notification settings - Fork 14.1k
GSoC 2022 Project Ideas
GSoC Project Ideas in no particular order. When you've picked one, take a look at How-to-Apply-to-GSoC for how to make a proposal.
Mentors: @zerosteiner, @jmartin-r7, @gwillcox-r7
Slack Contacts: @zeroSteiner, @Op3n4M3, @gwillcox-r7 on Metasploit Slack
For any questions about these projects reach out on the Metasploit Slack in the #gsoc
channel or DM one of the mentors using the Slack contacts listed above. Note that mentors may be busy so please don't expect an immediate response, however we will endeavor to respond as soon as possible. If you'd prefer not to join Slack, you can also email msfdev [@] metasploit [dot] com
and we will respond to your questions there if email is preferable.
Current login scanners are not enabled to support the HTTP-Trace options, this options is current exposed in the Exploit::Remote::HttpClient
mixin and not available in login scanners. This functionality would aid module writers in debugging and testing initial module implementations as well as enable end users to provide more verbose details for error reports. Changes to enable this support will need careful validation and testing as a large number of modules would be potentially impacted by the revision.
Size: Medium
Difficulty: 3/5
Metasploit provides two API interaction services, a Rest API service and an RPC service. Previous efforts have wrapped and exposed the RPC service as JSON responses available from the Rest API endpoint. This wrapping did not account for possible large responses that may benefit from pagination. A previous contributor attempted to add this functionality for a limited set of RCP commands however review identified that the changes would introduce changes to the documented public API and also introduce inconsistency within the API responses resulting in a fluctuating public API. Modern pagination would be beneficial to increasing user adoption of Rest API services provided it can be implemented consistently and either maintain compatibility of the existing public RPC service or generate a one time migration across all exposed public APIs.
Size: Large
Difficulty: 4/5
Metasploit's LDAP service mixin provides a service to enable interaction over the LDAP protocol. The current implementation is the bare minimum to enable support for attacking the 2021 Log4Shell vulnerability. Enhancement/Extension of the mixin to enable various additional LDAP features would enable extended usage of this service for additional tasks. Support for various protocol level authentication methods would allow Metasploit to intercept and log authentication information. Specific items of interest are SPNEGO and StartTLS support to enable compatibility with the widest variety of clients and a new capture module that log authentication information from clients.
Size: Medium
Difficulty: 3/5
When preforming security assessment on a network with centralized login such as LDAP or Active Directory these services are sometimes exposed directly on the network. While Metasploit has capabilities to collect various pieces of information from these services when a user has been able to gain code execution inside a target system by utilizing tooling such as Sharphound
or by leveraging SMB services via the secrets_dump
module, these methods are somewhat indirect. A network base capability to query exposed services may have value. An interactive terminal plugin allowing users to connect directly to LDAP or Active Directory providing capabilities similar to the existing requests
plugin could enable users search for valuable information in these services without the need to compromise a target or interact with a secondary service.
Size: Medium/Large (Depends on proposal)
Difficulty: 3/5
The Metasploit post-exploitation API is intended to provide a unified interface between different Meterpreter, shell, PowerShell, mainframe, and other session types. However, there are areas where the implementation is not consistent, and could use improvements:
- Shell sessions do not implement the filesystem API that Meterpreter sessions have
- When a shell session is in a different language, e.g. Windows in French, the post API does not find the expected output. Add localization support for these.
- Simple commands like 'cmd_exec' are fast in Shell sessions but are relatively slow in Meterpreter sessions. Add an API to make Meterpreter run simple commands more easily.
Size: Medium/Large (Depends on proposal)
Difficulty: Varies
This would follow up on the Arachni plugin PR https://github.com/rapid7/metasploit-framework/pull/8618 and improve the Metasploit data model to better represent modern web vulnerabilities. This project would require knowledge of data models, types of modern web vulnerabilities, and experience with web app security scanners.
Size: Large
Difficulty: 4/5
Enhance existing Metasploit Goliath dashboard that allows observation of an active engagement. Data visualization would include, but not be limited to: host node graph with activity indicators and heat maps.
See Metasploit 'Goliath' Demo (msf-red) for a demo video of Goliath in action. You can also read more on Metasploit Goliath at Metasploit-Data-Service-Enhancements-(Goliath)
Size: Medium/Large (Depends on proposal)
Difficulty 3/5
If you want to suggest your own idea, please discuss it with us first on Slack in the #gsoc
channel to make sure it is a reasonable amount of work for a summer and that it fits the goals of the project.
- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
-
Setting Up a Metasploit Development Environment From
apt-get install
togit push
. - CONTRIBUTING.md What should your contributions look like?
- Landing Pull Requests Working with other people's contributions.
- Using Git All about Git and GitHub.
- Contributing to Metasploit Be a part of our open source community.
- Meterpreter All about the Meterpreter payload.