docs/metasploit-framework.wiki/2017-Roadmap-Review.md
# Metasploit's 2017 Roadmap Review
In 2017, we published our first open roadmap for Metasploit development. How did we do? For achievements:
* The Metasploit data model backend: we did a lot of design work on this, and got a couple of initial Proof-of-Concept project built. You can see a video of it here: <https://www.youtube.com/watch?v=hvuy6A-ie1g>. In the mean time, we started merging parts of the main development branch
* The first pass of external session handling landed with the metasploit-proxy project.
* Independent modules that run in isolation _did_ land, along with a hand full of new modules demonstrating the advantages of the design, including multi-language support.
* The ruby_smb project made a lot of progress, with support incorporated into several existing modules. Full client-side support is also available for testing now.
* Native iOS and macOS support landed, along with many new IoT and router exploits.
* Meterpreter shrank almost 4x thanks to the new cryptTLV packet obfuscation support, and the removal of OpenSSL.
Things we didn't quite finish:
* Metasploit's RESTful interface was not complete in 2017, so we will continue it into 2018.
* Session handling as a separate process was implemented with the <https://github.com/rapid7/metasploit-aggregator> project, but more work needs to be done to improve scalability and usability.
* Asynchronous session support remains on the drawing board.
* SOCKS5 support did not land, but Metasploit did gain a lot more support for running modules externally as separate processes, and gained initial support for running modules in Python.
* Modernized payload generation with new tools continues to be researched.