🛠️ Installing & Importing Custom Metasploit Modules

🔄 Keeping Metasploit Updated

To ensure access to the latest exploits, auxiliary modules, and features:

$ msfupdate

✅ This updates msfconsole to the latest version, pulling in modules from the Metasploit Framework GitHub repo.

🎯 Installing a Specific Module Without Full Upgrade

If a specific module is needed (like one from ExploitDB):

Manually download the .rb script
Place it into the correct Metasploit modules directory
Load the module in msfconsole

🔎 Finding Metasploit Modules on ExploitDB

ExploitDB is ideal for searching custom Metasploit-ready modules:

Use filters like:
- Type
- Platform
- Author
- Port
- Tag: Metasploit Framework (MSF)

🔗 ExploitDB Search Filters

📌 Example: Searching for a Nagios3 Exploit

Trying to find this exploit:

Nagios3 - 'statuswml.cgi' Command Injection (Metasploit)

Inside `msfconsole`:

msf6 > search nagios

Example Output:

Name

Rank

Description

exploit/linux/http/nagios_xi_authenticated_rce

Excellent

Authenticated RCE

exploit/unix/webapp/nagios3_history_cgi

Great

Host Command Execution

❌ If the desired module doesn’t show up, it's not part of the main branch or your framework is outdated.

💻 Using CLI to Search ExploitDB: `searchsploit`

$ searchsploit nagios3

Example output:

Nagios3 - 'statuswml.cgi' Command Injection (Metasploit)  |  unix/webapps/9861.rb

Filter Only Metasploit-Compatible `.rb` Files:

$ searchsploit -t Nagios3 --exclude=".py"

📁 Installing Custom Modules

🗂️ Metasploit’s default directory:

/usr/share/metasploit-framework/modules/

🗂️ User’s local modules path:

~/.msf4/modules/

Ensure folder structure is recreated if missing (mkdir as needed)

✅ Naming Convention

Use snake_case with alphanumeric characters and underscores:

nagios3_command_injection.rb
custom_module_example.rb

🚀 Copy & Load Custom Module

$ cp ~/Downloads/9861.rb /usr/share/metasploit-framework/modules/exploits/unix/webapp/nagios3_command_injection.rb

$ msfconsole -m /usr/share/metasploit-framework/modules/

Or, inside msfconsole:

msf6 > loadpath /usr/share/metasploit-framework/modules/
msf6 > reload_all
msf6 > use exploit/unix/webapp/nagios3_command_injection

⚙️ Module Options Example

msf6 exploit(unix/webapp/nagios3_command_injection) > show options

🎯 Final Step: Exploiting the Target

With everything loaded and configured:

msf6 > run

PreviousAdditional Features Next🧠 Porting Scripts into Metasploit Modules

Last updated 9 months ago

hashtag🔄 Keeping Metasploit Updated

hashtag🎯 Installing a Specific Module Without Full Upgrade

hashtag🔎 Finding Metasploit Modules on ExploitDB

hashtag📌 Example: Searching for a Nagios3 Exploit

hashtagInside msfconsole:

hashtagExample Output:

hashtag💻 Using CLI to Search ExploitDB: searchsploit

hashtagFilter Only Metasploit-Compatible .rb Files:

hashtag📁 Installing Custom Modules

hashtag✅ Naming Convention

hashtag🚀 Copy & Load Custom Module

hashtag⚙️ Module Options Example

hashtag🎯 Final Step: Exploiting the Target