forked from rapid7/metasploit-framework
-
Notifications
You must be signed in to change notification settings - Fork 26
Exploit Ranking
jlee-r7 edited this page Oct 1, 2012
·
12 revisions
As of version 3.3.2, every exploit module has been assigned a rank based on its potential impact to the target system. Support for using the new rankings to search, categorize, and prioritize exploits was added in version 3.3.3.
The ranking is implemented by adding a Rank constant at the top of the class declaration in the module:
class Metasploit4 < Msf::Exploit
Rank = LowRanking
def initialize(info={})
...
end
...
endThe ranking values are one of the following, in ascending order of reliability:
- ManualRanking
- LowRanking
- AverageRanking
- NormalRanking
- GoodRanking
- GreatRanking
- ExcellentRanking
The ranking methodology:
- If the exploit will never crash the service, then
ExcellentRankingshould be used. This is the case for SQL Injection, CMD execution, RFI, LFI, etc. No typical memory corruption exploits should be given this ranking unless there are extraordinary circumstances (WMF Escape()). - If the exploit has a default target AND either auto-detects the appropriate target or uses an application-specific return address AFTER a version check, then
GreatRankingshould be used. - If the exploit has a default target and it is the "common case" for this type of software (English, Windows XP for a desktop app, 2003 for server, etc) then
GoodRankingshould be used. - If the exploit is otherwise reliable, but depends on a specific version and can't reliably auto-detect (or doesn't autodetect) then
NormalRankingshould be used. - If the exploit is generally unreliable or difficult to exploit, then
AverageRankingshould be used. - If the exploit is nearly impossible to exploit (or under 50%) for common platforms, then
LowRankingshould be used. - If the exploit is so unstable or difficult to exploit and is basically a DoS, then
ManualRankingshould be used. This ranking is also used when the module has no use unless specifically configured by the user (e.g.: php_eval).
The ranking value can be pulled from the module class object with the following calls:
modcls = framework.exploits["windows/browser/ie_createobject"]
modcls.rank # => 600
modcls.rank_to_s # => "excellent"The ranking value can also be pulled from the module instance:
mod = framework.exploits["windows/browser/ie_createobject"].new
mod.rank # => 600
mod.rank_to_s # => "excellent"- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
-
Setting Up a Metasploit Development Environment From
apt-get installtogit push. - Landing Pull Requests Working with other people's contributions.
- Using Git All about Git and GitHub.
- Acceptance Guidelines What should your modules look like?
- Contributing to Metasploit Be a part of our open source community.