-
Notifications
You must be signed in to change notification settings - Fork 5
Metasploit Bug Reporting
As any open source software grows in popularity, there is a tendency to see an increase in bug report volume against that software coupled with a corresponding decrease in bug report quality. We are not against getting bug reports for Metasploit -- we need bug reports in order to know what's broken. So, rather than trying to stem the tide of bugs, this page will attempt to make sure that each bug report we get is written in a way that maximizes its chances of actually getting resolved.
That said, there are two situations where you generally oughtn't open a bug at all, and that's when you have a support contract, or when you've found a security issue with Metasploit itself.
If you have a support contract for a Metasploit product, you ought to get in touch with your Rapid7 support representative, or write to [email protected]. The people who work Metasploit support full time are really pretty with-it are likely to have a fix or a workaround for you on the spot.
If you have a security issue with Metasploit itself, then we'd really appreciate it if you let us know at [email protected]. After all, we'd like to be treated as we treat other software projects. It's not because we'd like to bury your bug -- we'd like to have a shot at fixing your bug before someone starts messing with our innocent users. We're happy to give you credit, keep you anonymous, inform you about progress, and explore related issues with you -- but if we see someone reporting security bugs out in public, then it gets a lot harder to keep all that attribution and communication straight as we try not to break our necks implementing a fix as fast as we can.
Also, if you could report your security bug in the form of a Metasploit module sent to [email protected], that would be both ideal and hilarious.
That should cover the cases where you shouldn't open a bug at all, so let's move on to our main issue tracking system, Redmine.
The final destination for bug reports in Metasploit is our Redmine issue tracker. In order to file bug reports, you must first create an account. Sadly, we can't take anonymous bug reports at this time due to spam, but we are actively exploring ways to make the registration as painless as possible.
- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
-
Metasploit Development Environment From
apt-get installtogit push - Using Git All about Git and GitHub.
- Acceptance Guidelines What should your modules look like?
- Contributing to Metasploit Be a part of our open source community.