-
Notifications
You must be signed in to change notification settings - Fork 1.1k
how MSF repo works
after many discussions on which is the best approach to reduce cSploit devs efforts, we choose the forked repo solution. Having a forked repo will allow us to build a package containing all the required gems, without downloading them from a custom server.
After cloning the cSploit MSF repo add the official one as follow:
git remote add upstream "https://github.com/rapid7/metasploit-framework.git"
From now on every time you'll git fetch from the upstream remote you'll get the official MSF commits.
TODO: describe merge [merge or rebase? -ft]
put native gems into /vendor folder and zip the whole repo.
TODO: explain how to cross-compile gems.
just create a new release and add the freshly built package as an attachment.
a release will be used by cSploit only if it has the csploit inside the pre-release part ( see semantic versioning ), like v1.0.0-csploit.
the attached package will be downloaded and installed on the device after the user agreement.
the installation process is manly composed by 3 parts:
- extraction
- patch
- bundle
just a simple extraction of your package into the target MSF directory.
since every device can have the env program installed somewhere around we must change the shebang of every script.
a little example:
-#!/usr/bin/env ruby
+#!/system/xbin/env ruby
puts "hello world"bundler will be installed to get gems required by the MSF.
native gems should be placed into the /vendor folder, thus to skip compiling phase.
ensure to match native gems version in bundle specs, thus to use gems from /vendor, and not an updated one from rubygems.org .
- Disclaimer
Use cSploit on:
- your phone knowing that we take no responsibility - networks if you have sysadmin agreement - radios ( GSM/WiFi/Bluetooth ) if you own those radio devices - people if they agreeuse this tool only to penetrate systems that you are authorized to test.
https://github.com/cSploit/android.wiki.git