2014-09-05 11:24:47 -07:00
A reference in a Metasploit module is a source of information related to the module. This can be a link to the vulnerability advisory, a news article, a blog post about a specific technique the module uses, a specific tweet, etc. The more you have the better. However, you should not use this as a form of advertisement.
## List of supported reference identifiers ##
ID | Source | Code Example
------------- | ------------- | -------------
2015-10-21 20:01:32 -05:00
CVE | cvedetails.com | ```['CVE', '2014-9999']` ``
CWE | cwe.mitre.org | ` ``['CWE', '90']` ``
BID | securityfocus.com | ` ``['BID', '1234']` ``
MSB | technet.microsoft.com | ` ``['MSB', 'MS13-055']` ``
EDB | exploit-db.com | ` ``['EDB', '1337']` ``
US-CERT-VU | kb.cert.org | ` ``['US-CERT-VU', '800113']` ``
ZDI | zerodayinitiative.com | ` ``['ZDI', '10-123']` ``
WPVDB | wpvulndb.com | ` ``['WPVDB', '7615']` ``
PACKETSTORM | packetstormsecurity.com | ` ``['PACKETSTORM', '132721']` ``
URL | anything | ` ``['URL', 'http://example.com/blog.php?id=123']` ``
2017-06-28 18:24:13 -04:00
AKA | anything | ` ``['AKA', 'shellshock']` ``
2014-09-05 11:24:47 -07:00
2014-09-05 11:25:02 -07:00
## Code Example of having references in a module ##
2014-09-05 11:24:47 -07:00
` ``ruby
require 'msf/core'
2016-06-11 01:42:46 -05:00
class MetasploitModule < Msf::Exploit::Remote
2014-09-05 11:24:47 -07:00
Rank = NormalRanking
def initialize(info={})
super(update_info(info,
'Name' => "Code Example",
'Description' => %q{
This is an example of a module using references
},
'License' => MSF_LICENSE,
'Author' => [ 'Unknown' ],
'References' =>
[
[ 'CVE', '2014-9999' ],
['BID', '1234'],
['URL', 'http://example.com/blog.php?id=123']
],
'Platform' => 'win',
'Targets' =>
[
[ 'Example', { 'Ret' => 0x41414141 } ]
],
'Payload' =>
{
'BadChars' => "\x00"
},
'Privileged' => false,
'DisclosureDate' => "Apr 1 2014",
'DefaultTarget' => 0))
end
def exploit
print_debug('Hello, world')
end
end
` ``
