Contributing to the metasploit framework can take a number of forms. The easiest is simply using the framework and submitting useful bug reports via our [report:1 ticket tracker].
Documentation¶
Another way to get involved is by writing documentation, both for using the framework and developing for it. The MSF Wikibook, which can be edited by anyone, has a number of articles on both of these topics. If you find some interesting use or feature of the framework that is not represented there, consider writing an article about it. If an existing article lacks clarity or details, please help by improving it.
QA and Testing¶
We're currently in need of folks who can test the framework on various platforms and targets. If you're meticulous and and articulate, we want your help finding bugs! Please help by filing redmine issues for things that don't work as expected. Feature requests are always welcome too!
Additionally, If you know ruby and test/unit and would like to write tests for the framework, you're in the right place. The current unit tests are out of date for some of the libraries, and updating them would be a good way to start learning the internals of the framework. You can download an svn copy and run the tests for more information here, but suffice it to say that we need your help!!
Ping jcran (email/twitter/irc) for more information.
Programming¶
For those with programming skills, submitting patches is the best way to get involved. Since Metasploit is written in Ruby, you will need to know at least a little about it; if you've done any programming in perl, python, or a shell scripting language like bash, though, it should be easy to pick up.
Writing exploit modules for the framework is relatively straight forward. The easiest way to start is to copy an existing module that uses the same protocol and modify the exploit() method for your specific target. See PortingExploits for some discussion of what is important in an exploit module.
Once you've made changes to the msf trunk, subversion makes creating a patch quite simple:
$ svn up $ svn diff > mypatch.diff
After you've written an exploit module or created a patch, the best way to get it to the developers is by sending it to the metasploit framework mailing list or posting it in our [/newticket ticket tracker] with a description of what it does.