What makes Metasploit tick?

Features As a bonus to this week’s review of “Ruby By Example,” I'd like to give an applied security related example of Ruby by walking you through a chunk of code in the Metasploit Open Source Exploit Framework (www.metasploit.com). Metasploit is written entirely in Ruby and has gained critical acclaim as the standard for open source exploit frameworks and should be a vital tool in any security guru's box.

The following it NOT an exploit walkthrough. This is simply a code analysis to point out parts of the framework which exude a certain amount of "Rubyness" and is a great research area to see why the developers of Metasploit chose Ruby as its language. I have taken code from both the actual framework as well as examples provided by the developer's documentation included in the source tarball of the download.

This is meant to spark interest and curiosity - poke around the code to see if you find anything you could reuse or reimplement later on, whether it's security related or not. All examples assume you will be following on with Baird's 'Ruby by Example'. The Metasploit framework is a prime example of modularization in Ruby - there is a great hierarchial setup for the framework where much of the work has been done for you.