In this chapter, we are are going to explore exploit development. We are going to understand how we can use Python to develop custom exploits. Although our main focus will be on developing exploits in Python, we will also see how we can develop exploits in Ruby to extend the capabilities of the Metasploit framework.

An exploit is nothing but a piece of code, written to exploit a vulnerability so that the same piece of code can be reused in different environments. The objective of writing an exploit is to ensure that the code is stable and that it will give the attacker the control they desire. It should be noted that an exploit is developed for a specific kind of vulnerability. It's very important to first understand the vulnerability and the manual steps required to exploit it. Once we have a clear understanding of this, we can proceed to automate the whole process and develop an exploit.

The following topics will be covered in this chapter:

• Scripting exploits over web-based vulnerabilities.
• Developing a Metasploit module to exploit a network service.
• Encoding shell codes to avoid detection.