Metasploit comes with thousands of modules preinstalled but there is nothing stopping you from adding some brand new ones from the internet or altering existing ones.
Here is the method for taking an existing exploit and adding your own custom version of it to Metasploit, the same instructions can be adapted for adding a brand new exploit from the internet.
- By default in Kali the modules are all stored in /usr/share/metasploit-framework/modules it’s worth checking yours are here before we continue.
- Open up msfconsole and navigate to your modules folder
- In this example we will be making a custom version of the ms02_056_hello.rb mssql exploit. Use the mkdir command to create a custom folder in a sensible location and copy the exploit into it using cp.
- navigate to your custom folder and confirm the exploit copy is there:
- Open up the exploit using any editor (Ignore this if you don’t intend on making any changes and have found a module from the internet:
- Make the changes you want. In the screenshot below we have just changed the description to as a demonstration. Save your new exploit.
- Use the mv command to give your exploit a custom name, this stops you accidentally confusing it with the original code in the future.
- Metasploit won’t be able to find your exploit until it after you exit and reopen msfconsole. You’ll see a search error if you try:
- After closing and reopening msfconsole your code should be visible within Metasploit to use just like the preinstalled ones.