adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2be37dda84d566397a3f85b0ab87a8f2b93c19e2
metasploit-gs/docs/metasploit-framework.wiki/Module-Reference-Identifiers.md
T
Valentin Lobstein a66a8788d9 Docs: Add GHSA, OSV, and ATT&CK reference examples
2026-03-07 04:27:23 +01:00

77 lines
4.7 KiB
Markdown
Raw Blame History

## On this page
- [On this page](#on-this-page)
- [List of supported reference identifiers](#list-of-supported-reference-identifiers)
- [Code example of references in a module](#code-example-of-references-in-a-module)
A reference in a Metasploit module is a source of information related to the module. This can be a link to the vulnerability advisory, a news article, a blog post about a specific technique the module uses, a specific tweet, etc. The more you have the better. However, you should not use this as a form of advertisement.
## List of supported reference identifiers
| ID | Source | Code Example |
| ------------------- | ------------------------------------------------------------------ | ---------------------------------------------------------------------------------- |
| CVE | cvedetails.com | ```['CVE', '2014-9999']``` |
| CWE | cwe.mitre.org | ```['CWE', '90']``` |
| BID | securityfocus.com | ```['BID', '1234']``` |
| MSB | technet.microsoft.com | ```['MSB', 'MS13-055']``` |
| EDB | exploit-db.com | ```['EDB', '1337']``` |
| US-CERT-VU | kb.cert.org | ```['US-CERT-VU', '800113']``` |
| ZDI | zerodayinitiative.com | ```['ZDI', '10-123']``` |
| WPVDB | wpvulndb.com | ```['WPVDB', '7615']``` |
| PACKETSTORM | packetstormsecurity.com | ```['PACKETSTORM', '132721']``` |
| GHSA | github.com/advisories or github.com/owner/repo/security/advisories | ```['GHSA', 'xxxx-xxxx-xxxx']``` or ```['GHSA', 'xxxx-xxxx-xxxx', 'owner/repo']``` |
| OSV | osv.dev | ```['OSV', 'GHSA-xxxx-xxxx-xxxx']``` |
| ATT&CK | attack.mitre.org | ```['ATT&CK', 'T1190']``` |
| URL | anything | ```['URL', 'http://example.com/blog.php?id=123']``` |
| AKA (_deprecated_*) | anything | ~~`['AKA', 'shellshock']`~~ |
> **Good to know**
> AKA names for modules are no longer stored as a reference identifier, but rather in the `Notes` metadata field as shown in the example below.
## Code example of references in a module
```ruby
class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Code Example',
'Description' => %q{
This is an example of a module using references
},
'License' => MSF_LICENSE,
'Author' => [ 'Unknown' ],
'References' => [
['CVE', '2014-9999'],
['BID', '1234'],
['GHSA', 'xxxx-xxxx-xxxx'], # global advisory
['GHSA', 'xxxx-xxxx-xxxx', 'owner/repo'], # repository-scoped advisory
['URL', 'http://example.com/blog.php?id=123']
],
'Platform' => 'win',
'Targets' => [
[ 'Example', { 'Ret' => 0x41414141 } ]
],
'Payload' => {
'BadChars' => "\x00"
},
'Privileged' => false,
'DisclosureDate' => '2014-04-01',
'DefaultTarget' => 0,
'Notes' => {
'AKA' => [ 'shellshock' ]
}
)
)
end
def exploit
print_debug('Hello, world')
end
end
```
Reference in New Issue View Git Blame Copy Permalink