nDepth Employee Contributions to Open Source Security Software, June 2026 EditionnDepth Employee Contributions to Open Source Security Software, June 2026 Edition

nDepth Employee Contributions to Open Source Security Software, June 2026 Edition


METASPLOIT PROJECT
The Metasploit Project, owned by Rapid 7, is a computer security program which is the world’s most used penetration testing framework. This Free and Open Source Software (FOSS) is used by nearly all penetration testers, and is extremely common in training courses from SANS, EC-Council, and many others.

nDepth’s own Mike Cyr (h00die) is a frequent contributor to the project and has continued to spend their personal time conducting security research and providing enhancements to Metasploit for the benefit of the security community. This month, h00die contributed the following enhancements:

General Fixes, Updates, and Enhancements

Metasploit modules can use two different types of date formats. However, only a few modules used the old version and hadn’t been updated to the new version. An update was made to only use the newer date format to avoid confusion.

Added additional Exploit-DB references to several Metasploit Modules.

Metasploit’s Redis scanner worked great, except that the information it gathered was dumped in a raw format to the user. This made valuable information hard to read. This information has now been upgraded to print in a table for easy viewing.

Metasploit’s GitLab scanner, when used against non-GitLab web servers, was throwing JSON errors. This error has been fixed along with another bug preventing the module from successfully running.

VSCode Extension Persistence

VS Code is a Microsoft product used primarily by developers for working on text-based files. The product has gained popularity for its versatility, ease of use, speed, and being free. One of the big draws is its extensive library of extensions. However, like similar products in the past, this can be abused to allow for persistence by a penetration tester. With the new module, when a penetration tester gets access to the system, they can now easily deploy an extension to VS Code and when the program is open it will establish persistence.

Joplin Plugin Persistence

Joplin is a product used primarily by developers for working on text-based files. One of the big draws is its ability to deploy plugins. However, like similar products in the past, this can be abused to allow for persistence by a penetration tester. With the new module, when a penetration tester gets access to the system, they can now easily deploy a plugin to Joplin and when the program is open it will establish persistence.

Clickfix server

Clickfix is a pervasive social engineering technique for attackers to gain an initial foothold into a system. It involves a victim going to a website that instructs them to fix a non-existent problem such as updating their web browser by pasting text into a run dialog box. However, this capability wasn’t available to penetration testers, causing a large discrepancy between malicious attackers and defensive penetration testing. That capability is now available in Metasploit as a module. A penetration tester can use the module to start a web server and create a browser update page. When a user goes to the page, they are given instructions to open a Windows or Linux command prompt and paste the code. This will then give the penetration tester access to the system.

To view this month’s contributions, check the following links: