Thursday, November 10, 2011

Metasploit Changes to Git

Metasploit is changing from using their own SVN server to host their repository to GitHub and by this move to Git as their tool for managing the main repository available to the public for getting access to the Framework source code. This also changes the way commits are done, if any none Rapid7 employee or contractor member of the development team wants to contribute code it will have to be thru GitHub pull request feature. This will allow Rapid7 better control over who commits and the quality of the commits making sure that their commercial products Metasploit Community, Pro and Express do not get affected by a contribution that did not go thru a proper test procedure and quality assurance. In addition the shift from SVN to Git will allow greater flexibility to the Rapid7 team to make modification to the the framework on forks and branches on their own systems allowing them to keep the main repository as stable as possible and changes to be pushed in a less risky manner. This is great business move since it will reduce risk and accelerate development of the base foundation of their products, allowing the team to focus more on the technical an engineering aspects of the projects and less on the over heads of managing code on their machines. In terms of management of community commits the pull requests will centralize the process from Redmine and the emails to msfdev mailing list making it easier for them to get contributions for the Framework. I do have to say I will miss the ability to be able to push my own changes and fixes and will have to rely like everybody else to the fork process and GitHub pull request method like everybody else but in the long run this a better solution for the stability of the code, faster innovation and risk reduction allowing Rapid7 to further advanced the Framework that is base of some of their commercial products.

Now this does changes my workflow for the code I write for use in Metasploit. I do have a GitHub account that I used as my temporary account for plugins and modules, I will be consolidating this one in to one single project in GitHub and making sure it follows the folder structure as in the framework so I can just have it in my machine under ~/.msf4 that way I can test modify and test modules and plugins without the need of putting them in the framework folder it self and move them in to the forked version if I wish to contribute them to Rapid7 if not they will still be accessible for sharing under my GitHub page. So there are now 2 new ways to use the framework repository depending on your need, If you are only to consume the code in it and do not wish to contribute your code to Rapid7 you just need to have Git on your system and clone the repository. You first start by installing Git

Installing Git

On OS X you only need to install the latest Xcode Tools from the AppStore On CentOS 6 and latest Fedora Systems you would run as root


yum update

yum install git


On Ubuntu and Debian systems you would run as root


apt-get update

apt-get install git-core


Cloning the Repository


I’m a person who likes having several copies of the Framework to work in, I tend to keep in my home folder on my boxes a folder call dev where I keep all the project repositories I use. So I recommend you start by creating the folder to host the project and its copies if you later decide to fork and work on coding inside the Framework.


mkdir -p ~/dev

cd ~/dev


Once the folder is create you only need to clone the Git repository that is on GitHub


git clone git://github.com/rapid7/metasploit-framework.git


Now you should be able to use and work from inside the metasploit-framework folder created there. To keep you copy updated you only need to run from the folder


git pull


This will fetch the latest changes and merge them together.