Hi There! I am Nishant Desai, a 2nd-year student from The National Institute of Engineering, Mysuru and I have received the opportunity under Google Summer of Code 2023 to work with the world's leading penetration testing framework The Metasploit Project. I write this blog to express my experience with The Metasploit Project and Google Summer of Code 2023 so far.
What is Google Summer of Code?
Google Summer of Code (GSoC) is an annual program organized by Google that aims to encourage students and open-source newcomers in open-source software development. The program provides a platform to work on projects mentored by various open-source organizations and receive a stipend for the contributions.
During GSoC, participating open-source organizations propose project ideas that they would like the students and newcomers to work on throughout the summer. Students and newcomers then propose their thoughts on the projects and, if accepted, work on the project under mentorship from the organization.
The accepted participants then spend their summer collaborating with their mentors and contributing to the open-source project. They work remotely and are expected to meet project milestones and deliverables. The mentors provide guidance, support and feedback to you throughout the program, helping you, the participant develop technical skills and an understanding of open source. Though it is to be noted that the mentors are not present to cater to your needs but to only guide you. In the end, you have to work on the project.
At the end of the program, the participants' work is evaluated based on their accomplishments, code quality, and engagement with the community. Successful participants receive a stipend provided by Google as a monetary reward, aside from the wonderful experience and connections built over the program, for their efforts and contributions.
Google Summer of Code not only benefits the participants but also helps open-source organizations by attracting new contributors, advancing their projects, and fostering collaboration within the community. It has become a significant program in the open-source ecosystem, promoting knowledge sharing and nurturing the next generation of developers. You can read more about it on the official website of Google Summer of Code.
What is The Metasploit Project?
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.
The Metasploit Project includes anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Metasploit is pre-installed in the Kali Linux operating system. Like comparable commercial products such as Immunity's Canvas or Core Security Technologies' Core Impact, Metasploit can be used to test the vulnerability of computer systems or to break into remote systems.
Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Metasploit runs on Unix (including Linux and macOS) and on Windows. The Metasploit Framework is currently written in Ruby. The modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploits writers and payload writers.
Metasploit currently has over 2074 exploits, over 592 payloads and hundreds of auxiliary modules that can perform scanning, fuzzing, sniffing, and much more. The Metasploit Framework can be extended to use add-ons in multiple languages. Metasploit Framework operates as an open-source project and accepts contributions from the community through GitHub.
My Journey with Metasploit
I was introduced to the Metasploit Project by my cousin and immediately found it interesting. I read about it and wanted to contribute to the project but was afraid of not having the skills required. However, steeling myself I started contributing to the Metasploit Project around November 2022. Starting as a complete newbie was challenging for me as I came across a lot of stuff completely new to me. Initially, I just read the documentation and observed the pull request submitted by others to try to understand the project. At this point, I was just trying to get myself to browse and read the source code. I also learned Ruby to be able to under the code.
After doing so for about a month I managed to land my first PR which was to fix a typo. This PR increased my confidence so that I can increase my contribution to the project. Then I started to look into a bit bigger issues which challenged me to learn and improve my knowledge. This also led me to connect to an awesome community where its maintainers and members helped me a lot.
Subsequently, the Metasploit Project announced its project ideas for GSoC'23, amidst which one of the ideas interested me. Then I browsed through the source code for existing features related to the idea. I then engaged in a discussion with my potential mentor, Jeffrey Martin, regarding my thoughts on the project from which I received valuable feedback, corrections and suggestion. Considering all the now available information, I proposed my proposal on the project idea. Me being an active contributor helped me a lot in the process.
Google Summer of Code was an expectation until I received a mail from Google saying "Congratulations, your proposal with Metasploit has been accepted!".
Conclusion
In concluding this blog, I have to say that it has been a transformative journey, from a complete newbie to an active contributor to the Metasploit Project and it is just the beginning with lots to learn and build in the future. I would like to express my heartfelt gratitude to The Metasploit Project for granting me this opportunity. I look forward to the commencement of GSoC'23 and will do my best out of it.
Github: JustAnda7
LinkedIn: Nishant Desai