Install Metasploit from git on Arch Linux

The Metasploit Framework is a tool for pentesters. This article explains how to install the framework from git on Arch Linux.

First of all make sure you have installed the required packages.

$ sudo pacman -S git ruby gcc patch curl zlib readline autoconf automake diffutils make libtool bison

Then install the Ruby Version Manager (RVM) by downloading a shell script to bootstrap the environment.

$ wget -O rvm.sh https://get.rvm.io

Feel free to have a look at the script before executing it.

$ bash rvm.sh stable --autolibs=enabled --ruby=1.9.3
Downloading https://github.com/wayneeseguin/rvm/archive/stable.tar.gz

[...]

Please consider upgrading to ruby-2.1.1 which will have all of the latest security patches.
Ruby was built without documentation, to build it run: rvm docs generate-ri
Creating alias default for ruby-1.9.3-p545...

  * To start using RVM you need to run `source /home/user/.rvm/scripts/rvm`
    in all your open shell windows, in rare cases you need to reopen all shell windows.

Comment out the line starting with "gem:" in the /etc/gemrc file.

#gem: --user-install

Install PostgreSQL to let the Metasploit Framework use it as cache and speed it up.

$ sudo pacman -S postgresql

If this is the first time you setup PostgreSQL you have to initialize a new database.

$ sudo -u postgres initdb --locale en_US.UTF-8 -E UTF8 -D '/var/lib/postgres/data'
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

[...]

Success. You can now start the database server using:

    postgres -D /var/lib/postgres/data
or
    pg_ctl -D /var/lib/postgres/data -l logfile start

Start the PostgreSQL server.

$ sudo systemctl start postgresql

Enable the service if you want to start the PostgreSQL server during bootup.

$ sudo systemctl enable postgresql

Create a database user 'msfgit' and set the password to 'msf'.

$ sudo -u postgres createuser msfgit -P -S -R -D
Enter password for new role:
Enter it again:

Create a database named 'msf' for the 'msfgit' user.

$ sudo -u postgres createdb -O msfgit msf

Setup the database connection by creating a 'database.yml' in your '~/.msf4/' direcoty.

$ cd ~
$ mkdir .msf4
$ cd .msf4
$ cat > database.yml
production:
   adapter: postgresql
   database: msf
   username: msfgit
   password: msf
   host: 127.0.0.1
   port: 5432
   pool: 75
   timeout: 5

Get the source from github.

$ cd ~
$ mkdir git
$ cd git
$ git clone https://github.com/rapid7/metasploit-framework.git

Enter the RVM environment ...

$ source ~/.rvm/scripts/rvm
ruby-1.9.3-p484 is not installed.
To install do: 'rvm install ruby-1.9.3-p484'

... and try to start the Metasploit console.

$ ./msfconsole -L
Could not find rake-10.1.0 in any of the sources
Run `bundle install` to install missing gems.

The start fails because some Ruby libraries are missing. So we install them by using bundler.

$ bundle install
Fetching gem metadata from https://rubygems.org/.........
Fetching additional metadata from https://rubygems.org/..
Installing rake 10.1.0
Installing i18n 0.6.5
[...]
Installing yard 0.8.7
Using bundler 1.6.0
Your bundle is complete!
Use `bundle show [gemname]` to see where a bundled gem is installed.

After the installation process has finished. It's time to start the Metasploit console again.

$ ./msfconsole -L
[*] The initial module cache will be built in the background, this can take 2-5 minutes...

# cowsay++
 ____________
< metasploit >
 ------------
       \   ,__,
        \  (oo)____
           (__)    )\
              ||--|| *


       =[ metasploit v4.9.0-dev [core:4.9 api:1.0] ]
+ -- --=[ 1285 exploits - 700 auxiliary - 203 post ]
+ -- --=[ 334 payloads - 33 encoders - 8 nops      ]

This time the startup should be successful. On the Metasploit console we can check the database connection.

msf > db_status
[*] postgresql connected to msf

Try to search an exploit. If the caching process hasn't been finished it will take some time to list the available modules.

msf > search windows
[!] Database not connected or cache not built, using slow search

After the cache has been initialized successfully the search should be much faster.

msf > search windows
[...]

On the first startup Metasploit Framework automatically creates additional files and folders in the ~/.msf4 directory.

$ ls -l ~/.msf4
total 28
-rw-r--r-- 1 user user  150 31. Mar 09:13 database.yml
-rw-r--r-- 1 user user  267 31. Mar 09:45 history
drwxr-xr-x 2 user user 4096 31. Mar 09:32 local
drwxr-xr-x 3 user user 4096 31. Mar 09:32 logs
drwxr-xr-x 2 user user 4096 31. Mar 09:32 loot
drwxr-xr-x 2 user user 4096 31. Mar 09:32 modules
drwxr-xr-x 2 user user 4096 31. Mar 09:32 plugins

After a reboot make sure the database is running, enter the RVM environment and start the Metasploit console.

$ sudo systemctl status postgresql
● postgresql.service - PostgreSQL database server
   Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled)
   Active: inactive (dead)
$ sudo systemctl start postgresql
$ cd ~/git/metasploit-framework/
$ source ~/.rvm/scripts/rvm
$ ./msfconsole -L

Verwandte Artikel