The Metasploit Framework is a tool for pentesters. This article explains how to install the framework from git on Arch Linux.
First of all make sure you have installed the required packages.
$ sudo pacman -S git ruby gcc patch curl zlib readline autoconf automake diffutils make libtool bison
Then install the Ruby Version Manager (RVM) by downloading a shell script to bootstrap the environment.
$ wget -O rvm.sh https://get.rvm.io
Feel free to have a look at the script before executing it.
$ bash rvm.sh stable --autolibs=enabled --ruby=1.9.3
Downloading https://github.com/wayneeseguin/rvm/archive/stable.tar.gz
[...]
Please consider upgrading to ruby-2.1.1 which will have all of the latest security patches.
Ruby was built without documentation, to build it run: rvm docs generate-ri
Creating alias default for ruby-1.9.3-p545...
* To start using RVM you need to run `source /home/user/.rvm/scripts/rvm`
in all your open shell windows, in rare cases you need to reopen all shell windows.
Comment out the line starting with "gem:" in the /etc/gemrc file.
#gem: --user-install
Install PostgreSQL to let the Metasploit Framework use it as cache and speed it up.
$ sudo pacman -S postgresql
If this is the first time you setup PostgreSQL you have to initialize a new database.
$ sudo -u postgres initdb --locale en_US.UTF-8 -E UTF8 -D '/var/lib/postgres/data'
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
[...]
Success. You can now start the database server using:
postgres -D /var/lib/postgres/data
or
pg_ctl -D /var/lib/postgres/data -l logfile start
Start the PostgreSQL server.
$ sudo systemctl start postgresql
Enable the service if you want to start the PostgreSQL server during bootup.
$ sudo systemctl enable postgresql
Create a database user 'msfgit' and set the password to 'msf'.
$ sudo -u postgres createuser msfgit -P -S -R -D
Enter password for new role:
Enter it again:
Create a database named 'msf' for the 'msfgit' user.
$ sudo -u postgres createdb -O msfgit msf
Setup the database connection by creating a 'database.yml' in your '~/.msf4/' direcoty.
$ cd ~
$ mkdir .msf4
$ cd .msf4
$ cat > database.yml
production:
adapter: postgresql
database: msf
username: msfgit
password: msf
host: 127.0.0.1
port: 5432
pool: 75
timeout: 5
Get the source from github.
$ cd ~
$ mkdir git
$ cd git
$ git clone https://github.com/rapid7/metasploit-framework.git
Enter the RVM environment ...
$ source ~/.rvm/scripts/rvm
ruby-1.9.3-p484 is not installed.
To install do: 'rvm install ruby-1.9.3-p484'
... and try to start the Metasploit console.
$ ./msfconsole -L
Could not find rake-10.1.0 in any of the sources
Run `bundle install` to install missing gems.
The start fails because some Ruby libraries are missing. So we install them by using bundler.
$ bundle install
Fetching gem metadata from https://rubygems.org/.........
Fetching additional metadata from https://rubygems.org/..
Installing rake 10.1.0
Installing i18n 0.6.5
[...]
Installing yard 0.8.7
Using bundler 1.6.0
Your bundle is complete!
Use `bundle show [gemname]` to see where a bundled gem is installed.
After the installation process has finished. It's time to start the Metasploit console again.
$ ./msfconsole -L
[*] The initial module cache will be built in the background, this can take 2-5 minutes...
# cowsay++
____________
< metasploit >
------------
\ ,__,
\ (oo)____
(__) )\
||--|| *
=[ metasploit v4.9.0-dev [core:4.9 api:1.0] ]
+ -- --=[ 1285 exploits - 700 auxiliary - 203 post ]
+ -- --=[ 334 payloads - 33 encoders - 8 nops ]
This time the startup should be successful. On the Metasploit console we can check the database connection.
msf > db_status
[*] postgresql connected to msf
Try to search an exploit. If the caching process hasn't been finished it will take some time to list the available modules.
msf > search windows
[!] Database not connected or cache not built, using slow search
After the cache has been initialized successfully the search should be much faster.
msf > search windows
[...]
On the first startup Metasploit Framework automatically creates additional files and folders in the ~/.msf4 directory.
$ ls -l ~/.msf4
total 28
-rw-r--r-- 1 user user 150 31. Mar 09:13 database.yml
-rw-r--r-- 1 user user 267 31. Mar 09:45 history
drwxr-xr-x 2 user user 4096 31. Mar 09:32 local
drwxr-xr-x 3 user user 4096 31. Mar 09:32 logs
drwxr-xr-x 2 user user 4096 31. Mar 09:32 loot
drwxr-xr-x 2 user user 4096 31. Mar 09:32 modules
drwxr-xr-x 2 user user 4096 31. Mar 09:32 plugins
After a reboot make sure the database is running, enter the RVM environment and start the Metasploit console.
$ sudo systemctl status postgresql
● postgresql.service - PostgreSQL database server
Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled)
Active: inactive (dead)
$ sudo systemctl start postgresql
$ cd ~/git/metasploit-framework/
$ source ~/.rvm/scripts/rvm
$ ./msfconsole -L
Links
- Website: Metasploit at rapid7.com (English)
- Website: Arch Linux (English)