New content and modules on the way

The Shodan search module for Metasploit is something I created over a year ago as a fun project. Several months ago, I submitted it to the Metasploit Project for inclusion and was told to rewrite it using the native MSF libraries and not Ruby libraries (net/http). Of course, I ended up frustrated because I followed the example of 3 other MSF auxiliary modules that used net/http.

I’ve since rewritten the module with native MSF libs, removed the dependency on an external JSON rubygem, added support for the “page” Shodan variable, and more. The final thing to do before resubmitting (via the new git system) is to debug an issue where my results differ from a Shodan web search with the same parameters.

There are some additional modules I’ve been thinking of writing related to my interest in forensics and incident response that would work well in a penetration testing scenario. I also will likely be putting together a module or two related to my mobile security research with Kevin Johnson of SecureIdeas for the presentation we submitted to ShmooCon.

More to come…


~ by John Sawyer on November 15, 2011.

One Response to “New content and modules on the way”

  1. Sorry for your frustrations. I filed bug #5983 about those other modules.

    Thanks for contributing to Metasploit!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s