YARD Compatible method documentation across lib

[h00die]

After looking at different method documentation across different files within MSF, I noticed they are rather inconsistent. This is likely due to the age of metasploit's code (and subsequently the improvements in documentation strategies), MANY different authors, and inconsistent requirements for PRs. I had Claude AI take a look at lib/msf and lib/rex to figure out what the worst offenders were to create a priority for updating them. I don't think someone should try to tackle all of these, I think a better strategy would be to do a PR per file, this will make it quick and easy to review.

Below is what Claude generated:

Documentation coverage gaps in lib/msf and lib/rex

Summary

A static analysis of all Ruby files in lib/msf and lib/rex (minimum 5 methods per file) found significant documentation gaps across both directories.

Metric	Count	% of total
Files analyzed	812	—
Total methods	10,440	—
Methods with no comment at all	4,272	40.9%
Methods with a comment but no YARD tags	3,595	34.4%
Methods with YARD documentation	2,573	24.6%

Only 1 in 4 methods across lib/msf and lib/rex has any YARD documentation. Over 40% have no comment of any kind.

---

Most undocumented files

Files ranked by absolute count of methods with no comment (plain prose or YARD). Minimum 5 methods. Top 40.

File	Undocumented	Total methods	% undocumented
msf/ui/console/command_dispatcher/db.rb	47	74	63.5%
msf/core/exploit/remote/vim_soap.rb	45	45	100%
rex/proto/ntlm/base.rb	40	40	100%
msf/core/exploit/remote/rdp.rb	39	73	53.4%
msf/core/payload/adapter/fetch.rb	38	40	95.0%
rex/post/meterpreter/ui/console/command_dispatcher/core.rb	38	64	59.4%
msf/ui/console/command_dispatcher/modules.rb	38	74	51.4%
msf/ui/console/command_dispatcher/core.rb	38	87	43.7%
rex/post/io.rb	36	38	94.7%
rex/post/file.rb	36	41	87.8%
rex/proto/ms_dtyp.rb	34	35	97.1%
rex/post/file_stat.rb	34	39	87.2%
rex/parser/acunetix_document.rb	31	36	86.1%
rex/proto/drda/packet.rb	30	31	96.8%
rex/parser/nmap_document.rb	27	31	87.1%
msf/core/auxiliary/web/http.rb	26	26	100%
rex/parser/nexpose_raw_document.rb	26	31	83.9%
msf/core/exploit/remote/smb/client/psexec_ms17_010.rb	26	31	83.9%
msf/base/sessions/command_shell.rb	26	48	54.2%
rex/ui/text/bidirectional_pipe.rb	25	26	96.2%
rex/proto/http/web_socket/amazon_ssm.rb	25	26	96.2%
msf/core/payload/windows/encrypted_reverse_tcp.rb	24	26	92.3%
rex/parser/nexpose_simple_document.rb	22	24	91.7%
msf/core/auxiliary/prometheus.rb	22	24	91.7%
rex/post/meterpreter/extensions/kiwi/kiwi.rb	22	30	73.3%
rex/post/smb/ui/console/command_dispatcher/shares.rb	22	32	68.8%
rex/parser/appscan_document.rb	21	24	87.5%
msf/core/evasion.rb	21	26	80.8%
msf/ui/console/command_dispatcher/dns.rb	21	29	72.4%
msf/core/auxiliary/auth_brute.rb	21	43	48.8%
rex/parser/outpost24_document.rb	20	20	100%
msf/core/modules/external/bridge.rb	20	21	95.2%
rex/post/hwbridge/ui/console/command_dispatcher/core.rb	20	37	54.1%
rex/post/meterpreter/extensions/android/android.rb	19	19	100%
msf/core/exception.rb	19	19	100%
msf/core/exploit/dect_coa.rb	19	19	100%
msf/ui/debug.rb	19	21	90.5%
rex/proto/ntlm/message.rb	19	23	82.6%
msf/core/payload/generic.rb	19	27	70.4%
msf/core/exploit/capture.rb	19	36	52.8%

---

Most non-YARD files

Files ranked by absolute count of methods lacking YARD tags (@param, @return, @raise, @yield, @option, etc.). This includes methods with plain-prose comments that were never migrated to YARD. Top 40.

File	Non-YARD methods	Total methods	% non-YARD
msf/core/exploit.rb	79	83	95.2%
msf/core/exploit/remote/rdp.rb	69	73	94.5%
msf/ui/console/command_dispatcher/db.rb	68	74	91.9%
msf/ui/console/command_dispatcher/core.rb	65	87	74.7%
msf/ui/console/command_dispatcher/modules.rb	64	74	86.5%
rex/post/meterpreter/ui/console/command_dispatcher/core.rb	63	64	98.4%
rex/proto/smb/client.rb	59	59	100%
rex/post/meterpreter/packet.rb	52	52	100%
msf/base/sessions/command_shell.rb	46	48	95.8%
msf/core/exploit/remote/vim_soap.rb	45	45	100%
rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb	42	44	95.5%
rex/post/file.rb	41	41	100%
rex/proto/ntlm/base.rb	40	40	100%
msf/core/payload/adapter/fetch.rb	40	40	100%
rex/post/file_stat.rb	39	39	100%
rex/ui/text/dispatcher_shell.rb	39	42	92.9%
rex/post/io.rb	38	38	100%
rex/post/hwbridge/ui/console/command_dispatcher/core.rb	37	37	100%
msf/core/post/windows/registry.rb	37	41	90.2%
rex/parser/acunetix_document.rb	36	36	100%
msf/core/encoder.rb	36	36	100%
msf/core/exploit/capture.rb	36	36	100%
msf/base/sessions/meterpreter.rb	36	37	97.3%
rex/proto/ms_dtyp.rb	34	35	97.1%
rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb	32	32	100%
rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb	32	34	94.1%
msf/core/payload.rb	32	36	88.9%
msf/core/framework.rb	32	37	86.5%
msf/core/auxiliary/auth_brute.rb	32	43	74.4%
rex/parser/nmap_document.rb	31	31	100%
rex/parser/nexpose_raw_document.rb	31	31	100%
rex/proto/drda/packet.rb	31	31	100%
msf/core/exploit/remote/smb/client/psexec_ms17_010.rb	31	31	100%
msf/core/session.rb	30	30	100%
msf/ui/console/command_dispatcher/developer.rb	29	30	96.7%
rex/post/meterpreter/client_core.rb	29	32	90.6%
rex/post/smb/ui/console/command_dispatcher/shares.rb	29	32	90.6%
rex/ui/text/shell.rb	28	28	100%
msf/core/payload_set.rb	28	29	96.6%
msf/ui/console/command_dispatcher/dns.rb	28	29	96.6%

---

Notes

• Analysis was run against lib/msf and lib/rex only. Vendored libraries (lib/net, lib/snmp, lib/rbmysql, etc.) were excluded.
• A method counts as "commented" if there is at least one non-empty # comment line in the block immediately preceding the def.
• A method counts as "YARD documented" if that comment block contains at least one recognized YARD tag.
• Files with fewer than 5 methods were excluded.
• Several core files stand out as notable gaps: msf/core/exploit.rb (the base class for all exploits) has 79/83 non-YARD methods; msf/core/framework.rb, msf/core/payload.rb, msf/core/encoder.rb, and msf/core/session.rb are all 85–100% non-YARD.

[h00die]

The following code should (untested, claude generated) help re-generate this:

#!/usr/bin/env python3
"""
msf_doc_coverage.py

Analyzes YARD and comment coverage across lib/msf and lib/rex in a local
clone of metasploit-framework, then writes a markdown report.

Usage:
    python3 msf_doc_coverage.py [--repo /path/to/metasploit-framework] [--out report.md] [--top N]

Defaults:
    --repo  ./metasploit-framework
    --out   msf_doc_coverage_issue.md
    --top   40
"""

import argparse
import re
from pathlib import Path


YARD_TAGS = re.compile(
    r"@(?:param|return|raise|yield|yieldparam|yieldreturn|option|note|"
    r"see|example|overload|abstract|deprecated|api|attr_reader|attr_writer|attr)\b"
)
METHOD_DEF = re.compile(r"^\s*def\s+\w")
MIN_METHODS = 5
SCAN_DIRS = ("msf", "rex")


# ---------------------------------------------------------------------------
# Analysis
# ---------------------------------------------------------------------------

def analyze_file(path: Path) -> dict | None:
    try:
        lines = path.read_text(encoding="utf-8", errors="replace").splitlines()
    except OSError:
        return None

    method_indices = [i for i, l in enumerate(lines) if METHOD_DEF.match(l)]
    if len(method_indices) < MIN_METHODS:
        return None

    total = len(method_indices)
    yard_doc = 0
    any_comment = 0

    for midx in method_indices:
        block = []
        found_comment = False
        i = midx - 1
        blanks = 0
        while i >= 0 and (midx - i) <= 20:
            stripped = lines[i].strip()
            if stripped.startswith("#"):
                block.append(lines[i])
                found_comment = True
                blanks = 0
            elif stripped == "":
                if not found_comment:
                    blanks += 1
                    if blanks > 1:
                        break
                else:
                    break
            else:
                break
            i -= 1

        block_text = "\n".join(reversed(block))
        has_any = bool(block) and any(
            b.strip().startswith("#") and b.strip() != "#" for b in block
        )
        has_yard = bool(YARD_TAGS.search(block_text))

        if has_any:
            any_comment += 1
        if has_yard:
            yard_doc += 1

    return {
        "total": total,
        "any_comment": any_comment,
        "yard_doc": yard_doc,
        "undoc": total - any_comment,
        "non_yard": total - yard_doc,
        "pct_undoc": round((total - any_comment) / total * 100, 1),
        "pct_non_yard": round((total - yard_doc) / total * 100, 1),
    }


def analyze_repo(lib_root: Path) -> list[dict]:
    results = []
    for rb_file in sorted(lib_root.rglob("*.rb")):
        parts = rb_file.relative_to(lib_root).parts
        if parts[0] not in SCAN_DIRS:
            continue
        stats = analyze_file(rb_file)
        if stats is None:
            continue
        stats["file"] = str(rb_file.relative_to(lib_root))
        results.append(stats)
    return results


# ---------------------------------------------------------------------------
# Markdown generation
# ---------------------------------------------------------------------------

def pct_cell(pct: float) -> str:
    return f"**100%**" if pct == 100.0 else f"{pct}%"


def build_markdown(results: list[dict], top: int) -> str:
    total_files = len(results)
    total_m = sum(r["total"] for r in results)
    total_y = sum(r["yard_doc"] for r in results)
    total_a = sum(r["any_comment"] for r in results)
    total_undoc = total_m - total_a
    total_nyard = total_m - total_y

    undoc_sorted = sorted(results, key=lambda r: (-r["undoc"], -r["pct_undoc"]))[:top]
    nyard_sorted = sorted(results, key=lambda r: (-r["non_yard"], -r["pct_non_yard"]))[:top]

    lines = []

    # Header
    lines += [
        "# Documentation coverage gaps in `lib/msf` and `lib/rex`",
        "",
        "## Summary",
        "",
        "A static analysis of all Ruby files in `lib/msf` and `lib/rex` "
        f"(minimum {MIN_METHODS} methods per file) found significant documentation gaps "
        "across both directories.",
        "",
        "| Metric | Count | % of total |",
        "|---|---|---|",
        f"| Files analyzed | {total_files:,} | — |",
        f"| Total methods | {total_m:,} | — |",
        f"| Methods with no comment at all | {total_undoc:,} | {round(total_undoc / total_m * 100, 1)}% |",
        f"| Methods with a comment but no YARD tags | {total_a - total_y:,} | {round((total_a - total_y) / total_m * 100, 1)}% |",
        f"| Methods with YARD documentation | {total_y:,} | {round(total_y / total_m * 100, 1)}% |",
        "",
        f"Only **1 in {round(total_m / total_y):.0f} methods** across `lib/msf` and `lib/rex` has any YARD "
        f"documentation. Over **{round(total_undoc / total_m * 100):.0f}%** have no comment of any kind.",
        "",
        "---",
        "",
    ]

    # Most undocumented
    lines += [
        "## Most undocumented files",
        "",
        "Files ranked by absolute count of methods with no comment (plain prose or YARD). "
        f"Minimum {MIN_METHODS} methods. Top {top}.",
        "",
        "| File | Undocumented | Total methods | % undocumented |",
        "|---|---|---|---|",
    ]
    for r in undoc_sorted:
        lines.append(
            f"| `{r['file']}` | {r['undoc']} | {r['total']} | {pct_cell(r['pct_undoc'])} |"
        )

    lines += ["", "---", ""]

    # Most non-YARD
    lines += [
        "## Most non-YARD files",
        "",
        "Files ranked by absolute count of methods lacking YARD tags "
        "(`@param`, `@return`, `@raise`, `@yield`, `@option`, etc.). "
        "Includes methods with plain-prose comments never migrated to YARD. "
        f"Top {top}.",
        "",
        "| File | Non-YARD methods | Total methods | % non-YARD |",
        "|---|---|---|---|",
    ]
    for r in nyard_sorted:
        lines.append(
            f"| `{r['file']}` | {r['non_yard']} | {r['total']} | {pct_cell(r['pct_non_yard'])} |"
        )

    lines += ["", "---", ""]

    # Notable gaps
    notable = [
        r for r in results
        if r["file"] in {
            "msf/core/exploit.rb",
            "msf/core/framework.rb",
            "msf/core/payload.rb",
            "msf/core/encoder.rb",
            "msf/core/session.rb",
        }
    ]
    if notable:
        lines += [
            "## Notable core file gaps",
            "",
            "High-impact files that are central to the framework and have poor YARD coverage:",
            "",
            "| File | YARD methods | Total methods | YARD% |",
            "|---|---|---|---|",
        ]
        for r in sorted(notable, key=lambda r: r["pct_non_yard"], reverse=True):
            yard_pct = round(100 - r["pct_non_yard"], 1)
            lines.append(
                f"| `{r['file']}` | {r['yard_doc']} | {r['total']} | {yard_pct}% |"
            )
        lines += ["", "---", ""]

    # Methodology
    lines += [
        "## Methodology",
        "",
        f"- Analysis scoped to `lib/msf` and `lib/rex` only. "
        "Vendored libraries (`lib/net`, `lib/snmp`, `lib/rbmysql`, etc.) were excluded.",
        f"- Files with fewer than {MIN_METHODS} methods were excluded.",
        "- A method counts as **commented** if there is at least one non-empty `#` comment "
        "line in the block immediately preceding the `def`.",
        "- A method counts as **YARD documented** if that comment block contains at least "
        "one recognized YARD tag.",
        "- Recognized tags: `@param`, `@return`, `@raise`, `@yield`, `@yieldparam`, "
        "`@yieldreturn`, `@option`, `@note`, `@see`, `@example`, `@overload`, `@abstract`, "
        "`@deprecated`, `@api`, `@attr_reader`, `@attr_writer`, `@attr`.",
        "",
    ]

    return "\n".join(lines)


# ---------------------------------------------------------------------------
# CLI
# ---------------------------------------------------------------------------

def main():
    parser = argparse.ArgumentParser(description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter)
    parser.add_argument("--repo", default="./metasploit-framework",
                        help="Path to local metasploit-framework clone (default: ./metasploit-framework)")
    parser.add_argument("--out", default="msf_doc_coverage_issue.md",
                        help="Output markdown file (default: msf_doc_coverage_issue.md)")
    parser.add_argument("--top", type=int, default=40,
                        help="Number of files to include in each table (default: 40)")
    args = parser.parse_args()

    lib_root = Path(args.repo) / "lib"
    if not lib_root.is_dir():
        raise SystemExit(f"Error: lib directory not found at {lib_root}")

    print(f"Scanning {lib_root} ...")
    results = analyze_repo(lib_root)
    print(f"Found {len(results)} files with >= {MIN_METHODS} methods in lib/msf and lib/rex")

    markdown = build_markdown(results, args.top)

    out_path = Path(args.out)
    out_path.write_text(markdown, encoding="utf-8")
    print(f"Report written to {out_path}")


if __name__ == "__main__":
    main()

[Ganesh-abc]

"I would like to work on msf/ui/console/command_dispatcher/core.rb for the YARD documentation update. I am also a GSoC 2026 applicant for the build_vuln project, and working on this file will help me better understand the core dispatcher logic I plan to build upon this summer. Thanks!"

[Nayeraneru]

I'd like to work on msf/core/auxiliary/web/http.rb & msf/core/auxiliary/auth_brute.rb & msf/core/payload/adapter/fetch.rb.

[Ganesh-abc]

"I noticed Nayeraneru has already opened a PR for http.rb. To avoid overlapping work, I will leave that to them and start on msf/ui/console/command_dispatcher/modules.rb instead. Thanks!"

[Sanyam-Asthana]

I would like to work on msf/base/sessions/command_shell.rb for updating the documentation to YARD format.

[aryan9190]

I'll take rex/post/io.rb, rex/post/file.rb, rex/proto/ntlm/base.rb, msf/core/exploit/remote/vim_soap.rb, and rex/post/file_stat.rb. Will submit separate PRs for each.