ExploitDB is a great choice when searching for a custom exploit. We can use tags to search through the different exploitation scenarios for each available script.
searchsploit -t Nagios3 --exclude=".py"
The default directory where all the modules, scripts, plugins, and msfconsole proprietary files are stored is /usr/share/metasploit-framework. The critical folders are also symlinked in our home and root folders in the hidden ~/.msf4/ location.
Please note that there are certain naming conventions that, if not adequately respected, will generate errors when trying to get msfconsole to recognize the new module we installed. Always use snake-case, alphanumeric characters, and underscores instead of dashes.
For example:
nagios3_command_injection.rbour_module_here.rbcp ~/Downloads/9861.rb /usr/share/metasploit-framework/modules/exploits/unix/webapp/nagios3_command_injection.rb
msfconsole -m /usr/share/metasploit-framework/modules/
msf6> loadpath /usr/share/metasploit-framework/modules/
#Also do this instead
msf6> reload_all
use exploit/unix/webapp/nagios3_command_injection
To adapt a custom Python, PHP, or any type of exploit script to a Ruby module for Metasploit, we will need to learn the Ruby programming language. Note that Ruby modules for Metasploit are always written using hard tabs.
When starting with a port-over project, we do not need to start coding from scratch. Instead, we can take one of the existing exploit modules from the category our project fits in and repurpose it for our current port-over script. Keep in mind to always keep our custom modules organized so that we and other penetration testers can benefit from a clean, organized environment when searching for custom modules.
ls /usr/share/metasploit-framework/modules/exploits/linux/http/ | grep bludit
cp ~/Downloads/48746.rb /usr/modules/exploits/linux/http/bludit_auth_bruteforce_mitigation_bypass.rb
If we want to find the appropriate mixins, classes, and methods required for our module to work, we will need to look up the different entries on the rubydoc rapid7 documentation.
All necessary information about Metasploit Ruby coding can be found on the Rubydoc.info Metasploit Framework related page. From scanners to other auxiliary tools, from custom-made exploits to ported ones, coding in Ruby for the Framework is an amazingly applicable skill.