Google Summer of Code 2026

Kerberos & Certificate Trace Presenters for Metasploit

GSoC 2026 · mentored by @jheysel-r7 & @zeroSteiner

Welcome to my Google Summer of Code 2026 build log. This page tracks my work on two new inline tracing capabilities for the Metasploit Framework - KerberosTicketTracePresenter and CertificateTracePresenter - that bring HttpTrace-style transparency to Kerberos tickets and X.509 certificates inside msfconsole, so operators no longer need to export .ccache or .pfx artefacts to disk to inspect them.

Organization Metasploit · Rapid7
Project Size 175 hrs · Medium
Mentors @jheysel-r7 · @zeroSteiner
Timeline 12 weeks · Jun – Aug 2026
Read the Proposal Weekly Updates

About the Program

Google Summer of Code

GSoC is a global, online program focused on bringing new contributors into open-source software development. Contributors work with a mentor organisation on a 12+ week programming project, gain real-world experience, and ship production-grade code that lands in tools used by millions.

Metasploit Framework

Metasploit is the leading open-source penetration testing platform, written primarily in Ruby and maintained by Rapid7 alongside hundreds of community contributors. It powers exploit development, post-exploitation, payload generation, and red-team operations worldwide.

My Goal

To contribute meaningful, well-tested code to a framework I use daily, deepen my Ruby and offensive-security skills, and build long-term relationships with the Rapid7 maintainers and the wider open-source security community.

The Project

Two new inline tracing presenters for the Metasploit Framework that bring HttpTrace-style transparency to Kerberos and X.509 authentication artefacts. Backward-compatible by default and modelled directly on the existing krb5_ccache_presenter.rb precedent.

Proposal Abstract

This project introduces two new inline tracing capabilities to the Metasploit Framework: CertificateTracePresenter and KerberosTicketTracePresenter. These features let penetration-testing operators inspect every Kerberos ticket and X.509 certificate artefact produced during module execution - principal names, encryption types, validity windows, serial numbers, SHA-256 fingerprints, ticket flags, and session keys - all without leaving the msfconsole session.

The work is modelled directly on Metasploit's existing HttpTrace capability in Exploit::Remote::HttpClient. Just as HttpTrace brought transparent HTTP request/response debugging inline, these two presenters extend the same design philosophy to the authentication layer. The implementation follows the established presenter pattern exemplified by krb5_ccache_presenter.rb - instantiating a presenter, calling to_s_* instance methods that return formatted strings, and letting the module call print_line().

Modern red-team engagements are increasingly centred on Active Directory abuse and certificate-based authentication (ADCS ESC1–ESC16). This project eliminates the need to export artefacts to disk or switch to auxiliary modules mid-exploitation - a workflow break that degrades both operator efficiency and OPSEC. The implementation is fully backward-compatible: when options are set to off (the default), no behaviour changes occur in any existing module.

Project Title

KerberosTicketTracePresenter & CertificateTracePresenter Support for the Metasploit Framework

Mentors

@jheysel-r7 (primary) · @zeroSteiner (co-mentor)

Size & Difficulty

175 hours · Medium

Tech Stack

Ruby Metasploit Framework RSpec OpenSSL Kerberos / ASN.1 OpenStruct adapter Active Directory · ADCS Wireshark validation Impacket · Rubeus

Current Status

Both presenter classes are prototyped and validated against AS-REQ and TGS-REQ flows in a local Windows Server 2022 + ADCS lab on the TEST.LOCAL domain. RSpec suites are written - 13 examples for the Kerberos presenter and 14 for the certificate presenter (full execution requires PostgreSQL DB config). S4U2Self / S4U2Proxy ticket variants require a constrained-delegation lab config and are explicitly planned for Weeks 3–4 of GSoC. Documentation and PR polish are the Phase 4 work.

Timeline

The 12-week / 175-hour build plan, mapped onto the four project phases from the accepted proposal. GSoC milestones - Community Bonding, midterm, and final submission - are anchored inside the relevant phases.

Community Bonding · Phase 1 (Study)

Weeks 1–2 · 25 hrs

Deep-dive into HttpTrace in Exploit::Remote::HttpClient, map the Kerberos client mixin, stand up the Windows Server 2022 + ADCS lab on the TEST.LOCAL domain, and verify ticket capture in Wireshark.

Phase 2 - KerberosTicketTracePresenter

Weeks 3–6 · 50 hrs

Implement the core presenter class, wire the dispatcher into kerberos/client.rb, add AP-REQ and TGS-REQ hooks via the OpenStruct adapter, validate S4U2Self / S4U2Proxy in the lab, integrate into kerberos_enumusers, and ship the 13-example RSpec suite.

Midterm Evaluation

End of Week 6 · mid-July 2026

Mentor review of progress against proposal milestones. PR 1 (KerberosTicketTracePresenter) is expected to be open and under upstream review by this point.

Phase 3 - CertificateTracePresenter

Weeks 7–10 · 50 hrs

Implement the certificate presenter with the coerce() adapter, add to_s_csr, wire the PKINIT certificate hook in send_request_tgt_pkinit, integrate into kerberos_login, validate against ADCS ESC1 in the lab, and ship the 14-example RSpec suite.

Phase 4 - Test & Docs

Weeks 11–12 · 50 hrs

Full AD lab integration testing across both presenters, documentation and worked msfconsole usage examples, PR polish across PR 1 and PR 2, plus a feedback-driven changes buffer for mentor review cycles.

Final Submission

Late August / early September 2026

Final code submission, deliverables write-up, blog wrap-up, and final mentor evaluation.

Results Announcement

November 2026

GSoC 2026 final results made public by Google. Contribution continues outside the program (LDAP-over-Kerberos, SMB-with-Kerberos modules, and the rest of the Rex::Proto::Kerberos consumers).

Weekly Updates Live blog

Weekly notes from the coding period - what I shipped, what blocked me, and what I learned. Updates will be published here every Sunday during GSoC.

Community Bonding

Onboarding & env setup

HttpTrace deep-dive, Kerberos client mixin map, Windows Server 2022 + ADCS lab on TEST.LOCAL, Wireshark ticket capture. Full post coming soon.

Week 01

HttpTrace study + AD lab

Codebase walkthrough and lab bring-up.

Week 02

Wireshark ticket capture

Verifying AS-REQ / TGS-REQ flows on the wire.

Week 03

KerberosTicketTracePresenter

Implementing the presenter class & to_s_* methods.

Week 04

S4U2Self / S4U2Proxy

Constrained-delegation lab validation.

Week 05

Dispatcher + RSpec

Wiring into kerberos/client.rb; 13 RSpec examples.

Week 06

kerberos_enumusers · Midterm

First module integration; midterm evaluation.

Week 07

CertificateTracePresenter

Class + coerce() + to_s_csr.

Week 08

PKINIT hook + ESC1 lab

Wiring the certificate hook; ADCS ESC1 validation.

Week 09

kerberos_login integration

Second module integration.

Week 10

CertificateTracePresenter RSpec

14 examples - OpenSSL · DER · SHA-256 · CSR.

Week 11

Full lab integration tests

End-to-end runs across both presenters.

Week 12

Final wrap-up

Docs, PR polish, deliverables write-up.

Resources & Links

Google Summer of Code summerofcode.withgoogle.com
GSoC 2026 · Metasploit Org summerofcode.withgoogle.com/…/metasploit
Metasploit Framework metasploit.com
Metasploit on GitHub rapid7/metasploit-framework
Metasploit Docs docs.metasploit.com
My Metasploit Fork Pushpenderrathore/metasploit-framework
My GitHub github.com/Pushpenderrathore

Operator Console Restricted

Authenticated channel · operator-only ledger. Access key required — only legends know the key.

solitude_coder@rapid7:~/gsoc26$ auth --request stipend-ledger
awaiting access key · "only legends know the key"
access@gsoc26 $

Get In Touch

Email

bluedevil5177@gmail.com

Send Email

Phone

+91 7300301634

Call Now

Location

Bahal, Haryana for college

View on Map

WhatsApp

+91 7300301634

Send Message