We are going to walk through adding new modules to the metasploit framework. Not going to lie, I stole some of the knowledge and information from other walk-throughs on the internet so I'm going cite the main ones here and then walk through it myself.
For this post I decided to add the new Apache Continuum Arbitrary Command Execution exploit to metasploit (https://www.exploit-db.com/exploits/39945/).
Step 3: Copy or move that file to subfolders of your hidden msf directory in your home directory, for example, mine was ~/.msf5/ because i just updated metasploit. The other blogs above tend to reference ~/.msf4/ but the correct answer is whichever folder you currently have with metasploit installed. Make sure to include '-a' in your ls command so you can see the hidden folders. Now you're going to need to use mkdir under the ~/.msf5/ folder. I made ~/.msf5/exploits/apache/ to store the new exploit.
Note: Right below the hidden msf folder, you need to follow metasploit's naming convention (exploits, auxiliary, payloads, etc) but, afterwards you can put whichever folders you want so you can easily find the exploit while using metasploit.
Step 4: Here I actually had issues :( When I put the ruby script into the above directory, metasploit was very unhappy due to "Missing compatible Metasploit<major_version> class constant". In order to fix this, I grabbed an exploit that I knew metasploit accepted and tried to manually diff the files to find any discrepancies. Ultimately, it came down to this...
Step 5: Confirm the addition of the new script...
Ok, we started with 1517 exploits available and after adding our new one we have...
Step 6: Confirm you can load and run the script using msfconsole (or whichever framework you prefer)
So far so good...now beyond the scope of this blog post I setup Apache Continuum and let's see if the exploit works...*DUN DUN DUNNNNN*
Step 7: Exploit for fun and profit! Good luck and add all the exploits!