Exploit-Ranking.md

As of Metasploit Framework version 3.3.2, every exploit module has been assigned a rank based on its potential impact to the target system. Support for using the new rankings to search, categorize, and prioritize exploits was added in version 3.3.3.

The ranking is implemented by adding a `Rank` constant at the top of the class declaration in the module:

```ruby
class Metasploit4 < Msf::Exploit
    Rank = LowRanking
    def initialize(info={})
        ...
    end
    ...
end
```

The ranking values are one of the following, in descending order of reliability:

* ExcellentRanking
* GreatRanking
* GoodRanking
* NormalRanking
* AverageRanking
* LowRanking
* ManualRanking

The ranking methodology:

* __ExcellentRanking__ - The exploit will never crash the service. This is the case for SQL Injection, CMD execution, RFI, LFI, etc. No typical memory corruption exploits should be given this ranking unless there are extraordinary circumstances (WMF Escape()).
* __GreatRanking__ - The exploit has a default target AND either auto-detects the appropriate target or uses an application-specific return address AFTER a version check.
* __GoodRanking__ - The exploit has a default target and it is the "common case" for this type of software (English, Windows XP for a desktop app, 2003 for server, etc).
* __NormalRanking__ - The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect.
* __AverageRanking__ - The exploit is generally unreliable or difficult to exploit.
* __LowRanking__ - The exploit is nearly impossible to exploit (or under 50%) for common platforms.
* __ManualRanking__ - The exploit is unstable or difficult to exploit and is basically a DoS. This ranking is also used when the module has no use unless specifically configured by the user (e.g.: php_eval).

The ranking value is available the module Class object as well as instances:

```ruby
modcls = framework.exploits["windows/browser/ie_createobject"]
modcls.rank      # => 600
modcls.rank_to_s # => "excellent"

mod = modcls.new
mod.rank      # => 600
mod.rank_to_s # => "excellent"
```
Updated Exploit Ranking (markdown) 2012-10-05 14:28:59 -07:00			`As of Metasploit Framework version 3.3.2, every exploit module has been assigned a rank based on its potential impact to the target system. Support for using the new rankings to search, categorize, and prioritize exploits was added in version 3.3.3.`
Created Exploit Ranking (markdown) 2012-04-13 15:05:56 -07:00
			The ranking is implemented by adding a `Rank` constant at the top of the class declaration in the module:

			```ruby
			`class Metasploit4 < Msf::Exploit`
			`Rank = LowRanking`
			`def initialize(info={})`
			`...`
			`end`
			`...`
			`end`
			```

Updated Exploit Ranking (markdown) 2012-10-05 14:21:32 -07:00			`The ranking values are one of the following, in descending order of reliability:`
Created Exploit Ranking (markdown) 2012-04-13 15:05:56 -07:00
			`* ExcellentRanking`
Updated Exploit Ranking (markdown) 2012-10-05 14:21:32 -07:00			`* GreatRanking`
			`* GoodRanking`
			`* NormalRanking`
			`* AverageRanking`
			`* LowRanking`
			`* ManualRanking`
Created Exploit Ranking (markdown) 2012-04-13 15:05:56 -07:00
			`The ranking methodology:`

Updated Exploit Ranking (markdown) 2012-10-05 14:26:46 -07:00			`* __ExcellentRanking__ - The exploit will never crash the service. This is the case for SQL Injection, CMD execution, RFI, LFI, etc. No typical memory corruption exploits should be given this ranking unless there are extraordinary circumstances (WMF Escape()).`
			`* __GreatRanking__ - The exploit has a default target AND either auto-detects the appropriate target or uses an application-specific return address AFTER a version check.`
			`* __GoodRanking__ - The exploit has a default target and it is the "common case" for this type of software (English, Windows XP for a desktop app, 2003 for server, etc).`
Updated Exploit Ranking (markdown) 2012-10-05 14:28:27 -07:00			`* __NormalRanking__ - The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect.`
Updated Exploit Ranking (markdown) 2012-10-05 14:26:46 -07:00			`* __AverageRanking__ - The exploit is generally unreliable or difficult to exploit.`
			`* __LowRanking__ - The exploit is nearly impossible to exploit (or under 50%) for common platforms.`
Updated Exploit Ranking (markdown) 2012-10-05 14:28:27 -07:00			`* __ManualRanking__ - The exploit is unstable or difficult to exploit and is basically a DoS. This ranking is also used when the module has no use unless specifically configured by the user (e.g.: php_eval).`
Created Exploit Ranking (markdown) 2012-04-13 15:05:56 -07:00
Updated Exploit Ranking (markdown) 2012-10-05 14:23:04 -07:00			`The ranking value is available the module Class object as well as instances:`
Updated Exploit Ranking (markdown) 2012-04-13 15:12:00 -07:00
Updated Exploit Ranking (markdown) 2012-04-13 15:11:40 -07:00			```ruby
Updated Exploit Ranking (markdown) 2012-04-13 15:17:26 -07:00			`modcls = framework.exploits["windows/browser/ie_createobject"]`
			`modcls.rank # => 600`
			`modcls.rank_to_s # => "excellent"`
Updated Exploit Ranking (markdown) 2012-04-13 15:11:40 -07:00
Updated Exploit Ranking (markdown) 2012-10-05 14:23:04 -07:00			`mod = modcls.new`
Updated Exploit Ranking (markdown) 2012-04-13 15:17:26 -07:00			`mod.rank # => 600`
			`mod.rank_to_s # => "excellent"`
Updated Exploit Ranking (markdown) 2012-04-13 15:11:40 -07:00			```