rapid7 / metasploit-omnibus Goto Github PK

Packaging metasploit-framework with omnibus

Ruby 68.20% C++ 0.75% Shell 10.50% HTML 7.60% C 0.49% Dockerfile 12.10% Makefile 0.37%

metasploit-omnibus's Introduction

metasploit-framework Omnibus project

This project creates full-stack platform-specific packages for metasploit-framework. This is not the same as the Metasploit Community edition. It only contains the framework command-line interface and the associated tools and modules.

Installing the package

If you just want to install this package, we provide a number of pre-built binaries for Metasploit that are rebuilt every night. See https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers for installation information.

Building the package

Prerequisites

This project has a package cache that should be pulled in before building. Run 'git submodule update -i' to download the git submodule that contains these packages. We cache these both for performance, and because occasionally upstream locations go away, and this allows the build to continue without broken dependencies.

Building on Docker

The Dockerfiles for metasploit-omnibus are located within the docker directory of this repository.

You can build images yourself:

git clone https://github.com/rapid7/metasploit-omnibus.git
cd metasploit-omnibus
docker build --tag metasploit-omnibus-builder - < ./docker/ubuntu1204-x86/Dockerfile

Or on OSX you can use the following script to build all images following the latest Docker image naming convention:

export BUILD_DATE=$(date "+%Y_%m"); ls ./docker | xargs -I IMAGE_NAME /bin/bash -x -c "docker build --tag rapid7/msf-IMAGE_NAME-omnibus:$BUILD_DATE -f ./docker/IMAGE_NAME/Dockerfile ./docker/IMAGE_NAME"

Pushing

export BUILD_DATE=$(date "+%Y_%m"); ls ./docker | xargs -I IMAGE_NAME /bin/bash -x -c "docker push rapid7/msf-IMAGE_NAME-omnibus:$BUILD_DATE"

You can then run a new container using the above tagged image, whilst mounting the current directory as a volume:

docker run -it --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins metasploit-omnibus-builder /bin/bash --login

Or you can run a new container using pre-built images from Rapid7's Docker Hub account:

docker run -it --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins rapid7/msf-ubuntu1204-x86-omnibus:2021_11 /bin/bash --login

By default, metasploit-omnibus will download the latest version of Metasploit framework from Github, but also supports building with local copies from /metasploit-framework - full details.

To build omnibus with a local version of Metasploit framework, you can mount your framework repository as a volume to /metasploit-framework within the container. The following command assumes that the repository exists within the parent directory:

docker run -it --rm --volume $(pwd):$(pwd) --volume=$(pwd)/../metasploit-framework:/metasploit-framework --workdir $(pwd) --user jenkins rapid7/msf-ubuntu1204-x86-omnibus:2021_11 /bin/bash --login

When running inside the container, you can perform a normal ommibus build:

# Download the git submodule that contains cached packages
git submodule update -i

# install omnibus' dependencies
bundle install
bundle binstubs --all

# build the metasploit-framework package
bin/omnibus build metasploit-framework

When complete, there will be a new installable .deb file under the 'pkg' directory. Note that the use of Docker volumes may cause builds to run slower.

To test the .deb file, install it - and then open msfconsole:

# install
sudo dpkg -i pkg/metasploit-framework_6.3.39~20231017232715.git.3.47e0cd3~1rapid7-1_amd64.deb

# Run to verify
msfconsole

Building on Ubuntu / Debian systems

In general, a build environment needs a working C/C++ compiler, Ruby 1.9 or higher and the ruby development headers, bundler, git, bison and flex. A quad-core CPU and 4GB of ram are recommended.

The following steps should produce a successful build with Ubuntu and other Debian derivatives, starting from a fresh installation:

# install required packages to build on Ubuntu / Debian systems
sudo apt-get -y install build-essential git ruby bundler ruby-dev bison flex autoconf automake

Configure the omnibus cache and target directories if you want to build as non-root user (recommended).

# setup build directories you can write to
sudo mkdir -p /var/cache/omnibus
sudo mkdir -p /opt/metasploit-framework
sudo chown `whoami` /var/cache/omnibus
sudo chown `whoami` /opt/metasploit-framework

Next setup git if you need to.

# setup git (ignore if you already have it configured)
git config --global user.name "Nobody"
git config --global user.email "[email protected]"

Checkout the metasploit-framework installer builder and install omnibus' dependencies.

# checkout the builder repository
git clone https://github.com/rapid7/metasploit-omnibus.git
cd metasploit-omnibus
# install omnibus' dependencies
bundle install && bundle binstubs --all

Finally, build the installer itself:

# build the metasploit-framework package
bin/omnibus build metasploit-framework

when complete, there will be a new installable .deb file under the 'pkg' directory.

Building on Windows

From Windows 10, install ruby, msys2, ruby-devkit, wixtoolset, git. Add the following command to the the preparation steps before executing the build command.

xz -d local/cache/*.xz

Building on OS X

From OS X, first install XCode and the command line development tools. I use ruby, bundler, git, bison and flex from the Mac Homebrew project. The rest of the steps are identical to building on Ubuntu. A .pkg file will be under the pkg directory instead.

Clean

You can clean up all temporary files generated during the build process with the clean command:

$ bin/omnibus clean metasploit-framework

Adding the --purge purge option removes ALL files generated during the build including the project install directory (/opt/metasploit-framework) and the package cache directory (/var/cache/omnibus/pkg) as well as ALL files in the local package cache directory (./local/cache):

$ bin/omnibus clean metasploit-framework --purge

Restore the git submodule that contains the local package cache:

$ git submodule update -i

Publish

Omnibus has a built-in mechanism for releasing to a variety of "backends", such as Amazon S3. You must set the proper credentials in your omnibus.rb config file or specify them via the command line.

$ bin/omnibus publish path/to/*.deb --backend s3

Help

Full help for the Omnibus command line interface can be accessed with the help command:

$ bin/omnibus help

metasploit-omnibus's People

Contributors

Stargazers

Watchers

Forkers

todb-r7 busterb wchen-r7 proxymoron lslx metamphibian71 notyours180 pbarry-r7 poeblu mubix olivierh59500 buzzkillhardball kaicastledine jmartin-tech ngankilo barkinet joenammoth data0nf acidburn0zzz jhart-r7 tesonya sporiyano denniscaudell xambroz larrycameron80 lucifer040276 caponethekid w7374520 mattlorimor dizaguirre68 gitlabsyncint ip-2014 chaser1093 wfvwhwwh manchkhv ribet888 mkienow-r7 stofstar skmc nelyj gusvah patriotns mihaelveber muhammad-irfanraza canmstafa sandipan878 wgwjifeng ahudsonelectric asoto-r7 uryalexander oneplus-x billma10670370 hassan200078 ajay999003 wangyizhou968 jakeswisher66 swisher8908 kenthuk adam8989 boobear4114 reneaicisneros nextrazi alienscavenger kageroki patsmith68 kishupatil rojhoeck binkie3272286456799352 hackalicious gonmahjop james3443 fullautoman alieskills king0195 arifin666 olbinn wxh0000mm sophianagusas jack-cyber xero-lib waynus thyhago nkkhan n0madins0mniac marciopocebon xiaobing88 jbaehne goran713 rickybobby2nd bonomali g-ping philipdongfei azarelfekadu xboys1 shiva182419 fast3rr panupong9844 arukaminado okello541 estreee7

metasploit-omnibus's Issues

build tags/6.1.5 failed with ubuntu18.04

Hello, I'm trying build tags/6.1.5 on aarch64 platform. Unfortunately, it failed. Can anyone help?

build env:

OS: Ubuntu 18.04.6 LTS
Paltform: aarch64
ruby: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [aarch64-linux]

Here is my build step.

apt-get install -y build-essential git ruby bundler ruby-dev bison flex autoconf automake zlib1g-dev libpq-dev libpcap0.8-dev libsqlite3-dev

mkdir -p /var/cache/omnibus
mkdir -p /opt/metasploit-framework

git config --global user.name "nobody"
git config --global user.email "[email protected]"

git clone https://github.com/rapid7/metasploit-omnibus.git
cd metasploit-omnibus
git checkout tags/6.1.5 -b 6.1.5
rm -R local/cache/
git submodule update -i

bundle install --binstubs
bin/omnibus build metasploit-framework

build output:

root@6d633d3a8bde:~/metasploit-omnibus# bin/omnibus build metasploit-framework
                    [CLI] I | 2022-01-19T17:54:38+08:00 | Using config from 'omnibus.rb'
 [Software: config_guess] W | 2022-01-19T17:54:52+08:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
Building metasploit-framework 6.1.10+20220119095438-1rapid7...
      [Software: bundler] I | 2022-01-19T17:54:52+08:00 | Resolving manifest entry for bundler
   [NullFetcher: bundler] I | 2022-01-19T17:54:52+08:00 | Fetching `bundler' (nothing to fetch)
[Software: metasploit-framework] I | 2022-01-19T17:54:52+08:00 | Resolving manifest entry for metasploit-framework
 [Software: config_guess] I | 2022-01-19T17:54:52+08:00 | Resolving manifest entry for config_guess
 [Software: config_guess] W | 2022-01-19T17:54:52+08:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
 [Software: config_guess] W | 2022-01-19T17:54:52+08:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
[Software: metasploit-framework] W | 2022-01-19T17:54:52+08:00 | Version master for software metasploit-framework was not parseable. Comparison methods such as #satisfies? will not be available for this version.
[Software: metasploit-framework] W | 2022-01-19T17:54:52+08:00 | Version master for software metasploit-framework was not parseable. Comparison methods such as #satisfies? will not be available for this version.
      [Software: pcaprub] I | 2022-01-19T17:54:52+08:00 | Resolving manifest entry for pcaprub
   [NullFetcher: pcaprub] I | 2022-01-19T17:54:52+08:00 | Fetching `pcaprub' (nothing to fetch)
[Software: metasploit-framework-wrappers] I | 2022-01-19T17:54:52+08:00 | Resolving manifest entry for metasploit-framework-wrappers
[NullFetcher: metasploit-framework-wrappers] I | 2022-01-19T17:54:52+08:00 | Fetching `metasploit-framework-wrappers' (nothing to fetch)
         [Software: zlib] I | 2022-01-19T17:54:52+08:00 | Resolving manifest entry for zlib
      [Software: cacerts] I | 2022-01-19T17:54:52+08:00 | Resolving manifest entry for cacerts
      [Software: openssl] I | 2022-01-19T17:54:52+08:00 | Resolving manifest entry for openssl
      [Software: libtool] I | 2022-01-19T17:54:52+08:00 | Resolving manifest entry for libtool
       [Software: libffi] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for libffi
      [Software: libyaml] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for libyaml
     [Software: jemalloc] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for jemalloc
         [Software: ruby] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for ruby
     [Software: rubygems] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for rubygems
      [Software: libpcap] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for libpcap
      [Software: liblzma] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for liblzma
      [Software: libxml2] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for libxml2
      [Software: libxslt] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for libxslt
      [Software: ncurses] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for ncurses
      [Software: libedit] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for libedit
      [Software: libuuid] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for libuuid
   [Software: postgresql] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for postgresql
       [Software: sqlite] I | 2022-01-19T17:54:53+08:00 | Resolving manifest entry for sqlite
              [Licensing] W | 2022-01-19T17:55:20+08:00 | Project 'metasploit-framework' does not contain licensing information.
 [Software: config_guess] W | 2022-01-19T17:55:20+08:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
[Software: metasploit-framework] W | 2022-01-19T17:55:20+08:00 | Version master for software metasploit-framework was not parseable. Comparison methods such as #satisfies? will not be available for this version.
              [Licensing] I | 2022-01-19T17:55:20+08:00 | Software 'config_guess' uses license 'GPL-3.0 (with exception)' which is not one of the standard licenses identified in https://opensource.org/licenses/alphabetical. Consider using one of the standard licenses.
              [Licensing] W | 2022-01-19T17:55:20+08:00 | Software 'jemalloc' does not contain licensing information.
              [Licensing] W | 2022-01-19T17:55:20+08:00 | Software 'libpcap' does not contain licensing information.
              [Licensing] W | 2022-01-19T17:55:20+08:00 | Software 'pcaprub' does not contain licensing information.
              [Licensing] W | 2022-01-19T17:55:20+08:00 | Software 'sqlite' does not contain licensing information.
              [Licensing] W | 2022-01-19T17:55:20+08:00 | Software 'metasploit-framework' does not contain licensing information.
              [Licensing] W | 2022-01-19T17:55:20+08:00 | Software 'metasploit-framework-wrappers' does not contain licensing information.
         [Software: zlib] I | 2022-01-19T17:55:20+08:00 | Restored from cache
      [Software: cacerts] I | 2022-01-19T17:55:20+08:00 | Restored from cache
      [Software: openssl] I | 2022-01-19T17:55:20+08:00 | Restored from cache
 [Software: config_guess] W | 2022-01-19T17:55:20+08:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
 [Software: config_guess] W | 2022-01-19T17:55:20+08:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
 [Software: config_guess] I | 2022-01-19T17:55:20+08:00 | Restored from cache
      [Software: libtool] I | 2022-01-19T17:55:20+08:00 | Restored from cache
       [Software: libffi] I | 2022-01-19T17:55:20+08:00 | Restored from cache
      [Software: libyaml] I | 2022-01-19T17:55:20+08:00 | Restored from cache
     [Software: jemalloc] I | 2022-01-19T17:55:20+08:00 | Restored from cache
         [Software: ruby] I | 2022-01-19T17:55:20+08:00 | Restored from cache
     [Software: rubygems] I | 2022-01-19T17:55:20+08:00 | Restored from cache
      [Software: bundler] I | 2022-01-19T17:55:20+08:00 | Forcing a build because resolved version is nil
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 | Starting build
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 | Environment:
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 |   CFLAGS="-I/opt/metasploit-framework/embedded/include -O2 -D_FORTIFY_SOURCE=2 -fstack-protector"
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 |   CPPFLAGS="-I/opt/metasploit-framework/embedded/include -O2 -D_FORTIFY_SOURCE=2 -fstack-protector"
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 |   CXXFLAGS="-I/opt/metasploit-framework/embedded/include -O2 -D_FORTIFY_SOURCE=2 -fstack-protector"
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 |   LDFLAGS="-Wl,-rpath,/opt/metasploit-framework/embedded/lib -L/opt/metasploit-framework/embedded/lib"
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 |   LD_RUN_PATH="/opt/metasploit-framework/embedded/lib"
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 |   OMNIBUS_INSTALL_DIR="/opt/metasploit-framework"
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 |   PATH="/opt/metasploit-framework/bin:/opt/metasploit-framework/embedded/bin:/usr/local/lib/ruby/gems/2.7.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 |   PKG_CONFIG_PATH="/opt/metasploit-framework/embedded/lib/pkgconfig"
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 | $ /opt/metasploit-framework/embedded/bin/gem install bundler --force --no-document
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 | gem `install bundler --force --no-document': 0.0107s
       [Builder: bundler] I | 2022-01-19T17:55:20+08:00 | Build bundler: 0.0116s
Traceback (most recent call last):
	42: from bin/omnibus:29:in `<main>'
	41: from bin/omnibus:29:in `load'
	40: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/bin/omnibus:16:in `<top (required)>'
	39: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/cli.rb:42:in `execute!'
	38: from /usr/local/lib/ruby/gems/2.7.0/gems/thor-1.0.1/lib/thor/base.rb:485:in `start'
	37: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/cli/base.rb:33:in `dispatch'
	36: from /usr/local/lib/ruby/gems/2.7.0/gems/thor-1.0.1/lib/thor.rb:392:in `dispatch'
	35: from /usr/local/lib/ruby/gems/2.7.0/gems/thor-1.0.1/lib/thor/invocation.rb:127:in `invoke_command'
	34: from /usr/local/lib/ruby/gems/2.7.0/gems/thor-1.0.1/lib/thor/command.rb:27:in `run'
	33: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/cli.rb:89:in `build'
	32: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/project.rb:1095:in `build'
	31: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/licensing.rb:57:in `create_incrementally'
	30: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/licensing.rb:57:in `tap'
	29: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/licensing.rb:62:in `block in create_incrementally'
	28: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/project.rb:1096:in `block in build'
	27: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/project.rb:1096:in `each'
	26: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/project.rb:1097:in `block (2 levels) in build'
	25: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/software.rb:1107:in `build_me'
	24: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/software.rb:1235:in `execute_build'
	23: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:776:in `build'
	22: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/instrumentation.rb:23:in `measure'
	21: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:777:in `block in build'
	20: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:777:in `each'
	19: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:778:in `block (2 levels) in build'
	18: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:886:in `execute'
	17: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:962:in `with_clean_env'
	16: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:887:in `block in execute'
	15: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/instrumentation.rb:23:in `measure'
	14: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:888:in `block (2 levels) in execute'
	13: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:911:in `with_retries'
	12: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:889:in `block (3 levels) in execute'
	11: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:1061:in `run'
	10: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:1061:in `instance_eval'
	 9: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:335:in `block in gem'
	 8: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/builder.rb:871:in `shellout!'
	 7: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/util.rb:135:in `shellout!'
	 6: from /usr/local/lib/ruby/gems/2.7.0/bundler/gems/omnibus-5996840b384c/lib/omnibus/util.rb:119:in `shellout'
	 5: from /usr/local/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.0.9/lib/mixlib/shellout.rb:270:in `run_command'
	 4: from /usr/local/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.0.9/lib/mixlib/shellout/unix.rb:97:in `run_command'
	 3: from /usr/local/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.0.9/lib/mixlib/shellout/unix.rb:321:in `fork_subprocess'
	 2: from /usr/local/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.0.9/lib/mixlib/shellout/unix.rb:321:in `fork'
	 1: from /usr/local/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.0.9/lib/mixlib/shellout/unix.rb:343:in `block in fork_subprocess'
/usr/local/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.0.9/lib/mixlib/shellout/unix.rb:343:in `exec': No such file or directory - /opt/metasploit-framework/embedded/bin/gem (Errno::ENOENT)

other info:

root@6d633d3a8bde:~/metasploit-omnibus# ll /opt/metasploit-framework/
total 0
drwxr-xr-x 4 root root 43 Jan 19 17:55 ./
drwxr-xr-x 1 root root 34 Jan 19 17:55 ../
drwxr-xr-x 2 root root 22 Jan 19 17:55 LICENSES/
drwxr-xr-x 2 root root 22 Jan 19 17:55 license-cache/
root@6d633d3a8bde:~/metasploit-omnibus# ll /var/cache/omnibus/
total 0
drwxrwxrwx 2 root root   6 Jan 19 17:14 ./
drwxr-xr-x 1 root root 110 Jan 19 17:14 ../
root@6d633d3a8bde:~/metasploit-omnibus#

Failed to connect to the database: FATAL: role "msf" does not exist mac

after running msfcosole i get:

Failed to connect to the database: FATAL: role "msf" does not exist

I have tried uninstalling and reinstalling metasploit and the database but nothing is working

Using mac so editing cmd_run wont work

msys64 appears to be bundled with the Windows installer, but is not needed

Just tested the latest installer on Windows 10, msfconsole/msfvenom/msfdb worked fine even after deleting c:\metasploit-framework\embedded\msys64. This might be something that is included inside of the latest rubyinstaller zip file, but is really only needed to bundle new native gems, which the .msi installer probably should assume is actually handled by the user upgrading the whole package.

This seems to add a lot more files, and around doubles the final installation size.

898 MB (942,452,736 bytes)
31,274 Files, 1,609 Folders

No new packages for quite some time

(this is a direct copy of this issue, but I figured this would be a better place to post it.)

Summary

Relevant information

I have observed that I have not received a Metasploit update for quite some time now. This seems odd, since I usually received nightly builds. Therefore, I have looked up the repository for my OS (rpm.metasploit.com), and indeed, the latest version is still 6.0.13.

Is this intended? Has there been a policy switch, or is this a result of a technical error? (that f.i. an automation script gets not executed anymore)

The Debian repository seems affected as well.

Metasploit has been installed via omnibus on a Fedora 32 box.

Add a warning during install that it will fail if Antivirus is running

Since the installers are linked everywhere, it might be a good idea to add a warning during the install process to create exceptions for the antivirus or to turn it off completely. We list it on most of our sites, but those externally can link without us knowing, so a warning in the installation process would be a great catch-all.

msfupdate does not function when run as a regular user

We get a silent failure during the MSI install because the user is not elevated.

metasploit-framework-4.17.25+20181115103957~1rapid7-1.el6.x86_64.rpm not signed error on install

Steps to reproduce

How'd you do it?

Tried to upgrade with DNF. Failed with not signed
Then tried removing the package and installing. Same error.
Tried removing the cached package with dnf clean packages. Didn't help

dnf install metasploit-framework
<SNIP>
Installing:
 metasploit-framework                                x86_64                                4.17.25+20181115103957~1rapid7-1.el6                                  metasploit                                158 M
<SNIP>
Install  1 Package

Total size: 158 M
Installed size: 368 M
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] metasploit-framework-4.17.25+20181115103957~1rapid7-1.el6.x86_64.rpm: Already downloaded
Package metasploit-framework-4.17.25+20181115103957~1rapid7-1.el6.x86_64.rpm is not signed
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

Expected behavior

Should install

Current behavior

Fails to install due to not signed error

System stuff

cat /etc/redhat-release
Fedora release 29 (Twenty Nine)

uname -an
Linux vps2.example.com 4.18.18-300.fc29.x86_64 #1 SMP Mon Nov 12 03:12:14 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Metasploit version

metasploit-framework-4.17.25+20181115103957~1rapid7-1.el6.x86_64.rpm

I installed Metasploit with:

Omnibus installer (nightly)

OS

Fedora 29

DRPM for RPM repo

Every day, Metasploit gets a new update, every update is 200-300MB. Across many users that totals to significant bandwidth. This could probably be avoided with DRPM.

What OS are you running Metasploit on?

Fedora 31

add msfremove support for Linux distros

See rapid7/metasploit-framework#6335 for original request

when db is not started, msfconsole launches 'msfdb init' instead of 'msfdb start'

On a system where the db has already been created, but is not started (ie after first initialisation and a restart of the system), launching msfconsole restarts the initialisation process, asking if we want to create a new db.

in start_db() function, $SCRIPTDIR/msfdb init should be replaced by $SCRIPTDIR/msfdb start.

On macOS Add initial PATH to .zshrc rather than .bashrc

Apologies for not adding this feature myself, I had issues navigating where this feature is originally within the source code.

macOS Catalina (and future) have moved to zshrc has the default shell - so it would be nice to have as a feature during first run of msfconsole when prompted with:

Would you like to add msfconsole and other programs to your default PATH?

It will install to the appropriate location (bashrc for bash, zshrc for Zshell)

Starting msfconsole in a directory that contain spaces gives an error

if you run 'msfconsole' and the current directory contains spaces in its name, an error is reported:

lv426:~ % cd dir\ with\ space 
lv426:~/dir with space % /usr/bin/msfconsole 
/usr/bin/msfconsole: 14: cd: can't cd to /home/didier/dir

line 14 of /usr/bin/msfconsole contains cd $CWD, it should be cd "$CWD"

How to fully remove metasploit?

I installed metasploit on a Debian WSL2 environment a while back, but have since removed it. However, when running sudo apt update, it still downloads from a metasploit url: Hit:5 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid InRelease. This url does not appear in /etc/apt/sources.list, and although it does show up under sudo apt-cache policy, I cannot figure out how to remove it.

Para confirmar:

To confirm:

% apt info metasploit-framework
Package: metasploit-framework
Version: 6.0.7+20200913102427~1rapid7-1
Priority: extra
Section: misc
Maintainer: Rapid7 Release Engineering <[email protected]>
Installed-Size: 572 MB
Homepage: https://rapid7.com
License: Unspecified
Vendor: Omnibus <[email protected]>
Download-Size: 240 MB
APT-Manual-Installed: yes
APT-Sources: http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 Packages
Description: The full stack of metasploit-framework

Originally posted by @DidierA in #134 (comment)

Windows installer installs to different path than specified even starting from escalated cmd prompt.

On windows 10 v10.0.18362.657 I am running the installer and at first I thought it was just not working. I did have antivirus off and I found #96, #102 and the workaround that says to use an escalated cmd prompt to execute the installation. The issue is it still won't install to C: even if I manually specify C: or a folder on C: and start the MSI from an escalated cmd prompt it is placing the zip on F: then creating the metasploit-framework folder there. Ejected my F: drive now it does it on B: can recreate this issue consistently over and over.

https://github.com/rapid7/metasploit-framework.wiki.git

rake db:migrate does not run when running 'msfdb reinit'

It should always migrate the database when it is created.

if you run 'msfdb init' without an ~/.msf4 directory, it fails out of the box

Installer dialog doesn't render HTML

<a> and <b> tags abound, and of course nothing is clickable.

Running framework tools directly does not work

It's currently not possible to run framework tools directly:

/opt/metasploit-framework/embedded/framework/tools/exploit/pattern_create.rb

On Kali this gives the following error:

Traceback (most recent call last):                                                                                   
        3: from /opt/metasploit-framework/embedded/framework/tools/exploit/pattern_create.rb:16:in `<main>'          
        2: from /usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_gem.rb:62:in `gem'                                      
        1: from /usr/lib/ruby/2.7.0/rubygems/dependency.rb:323:in `to_spec'                                          
/usr/lib/ruby/2.7.0/rubygems/dependency.rb:311:in `to_specs': Could not find 'rex-text' (>= 0) among 90 total gem(s) 
(Gem::MissingSpecError)                                                                                              
Checked in 'GEM_PATH=/root/.gem/ruby/2.7.0:/var/lib/gems/2.7.0:/usr/lib/ruby/gems/2.7.0:/usr/share/rubygems-integrati│
on/2.7.0:/usr/share/rubygems-integration/all:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.7.0', execute `gem env`│
for more information

A fix is most likely required in Metasploit ommnibus to add wrappers to the tools, or something similar.

Full context:
rapid7/metasploit-framework#13411

Identical issue: rapid7/metasploit-framework#18011

installer shell script should always install the latest nightly build, even if the installed version is newer

The installer shell script does not have option:

--allow-downgrades

From man pages

Both of the version selection mechanisms can downgrade packages and must be used with care.

sudo apt install metasploit-framework

sudo apt-get install -y metasploit-framework

uname -a
Linux lada 3.16.0-6-amd64 #1 SMP Debian 3.16.57-2 (2018-07-14) x86_64 GNU/Linux
cat /etc/debian_version 
8.11

Metasploit Not installed but showing it at its newest version.

I had installed metasploit previously and it was working fine. Then due to some reason I uninstalled it using
sudo rm -rf /opt/metasploit-framework but now I want to reinstall it.
I am following the steps given on the webpage: https://docs.rapid7.com/metasploit/installing-the-metasploit-framework/ . I am on ubuntu 20.04 LTS.
I am using the command

url https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall

It gives the following output:
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 6034 100 6034 0 0 41328 0 --:--:-- --:--:-- --:--:-- 41328 Switching to root user to update the package Adding metasploit-framework to your repository list..OK Updating package cache..OK Checking for and installing update.. Reading package lists... Done Building dependency tree Reading state information... Done metasploit-framework is already the newest version (6.1.29+20220206112545~1rapid7-1). 0 upgraded, 0 newly installed, 0 to remove and 113 not upgraded.
I am unable to figure out why is this happening. I tried to run msfconsole but it says command not found.

Notice the line "metasploit-framework is already the newest version (6.1.29+20220206112545~1rapid7-1)." in the output.

What should I do now? Please help!

metasploit-framework cannot be install in windows10x64

https://wx4.sinaimg.cn/mw690/00707GTely1g2cg81r2ucj30dr0ar3yz.jpg

Windows installer appears to write a temp file to c:\metasploit-framework.zip without admin escalation

See rapid7/metasploit-framework#11560 (comment) , since the installer was changed to use the fastzip method, it fails when executed as a regular user, even if UAC asks for escalation ahead of time. This appears to be because the temp file that gets extracted is placed in c:\ which the installer does not have privileges for unless you run the MSI from an administrator prompt in the first place.

I wonder if the .zip file could be placed in a standard %TEMP location instead.

windows-latest.msi is not reliably publishing

As of this writing, we see the following files being published at windows.metasploit.com

.
├── index.html
├── LATEST
├── metasploit-framework-5.0.11+20190312193250-1rapid7-1-x64.msi
├── metasploit-framework-5.0.11+20190312193250-1rapid7-1-x64.msi.asc
├── metasploit-framework-5.0.11+20190313193429-1rapid7-1-x64.msi
├── metasploit-framework-5.0.11+20190313193429-1rapid7-1-x64.msi.asc
├── metasploit-framework-5.0.11+20190314193219-1rapid7-1-x64.msi
├── metasploit-framework-5.0.11+20190314193219-1rapid7-1-x64.msi.asc
├── metasploit-framework-5.0.12+20190315193240-1rapid7-1-x64.msi
├── metasploit-framework-5.0.12+20190315193240-1rapid7-1-x64.msi.asc
├── metasploit-framework-5.0.12+20190316193233-1rapid7-1-x64.msi
├── metasploit-framework-5.0.12+20190316193233-1rapid7-1-x64.msi.asc
├── metasploit-framework-5.0.12+20190317193324-1rapid7-1-x64.msi
├── metasploit-framework-5.0.12+20190317193324-1rapid7-1-x64.msi.asc
├── metasploit-framework-5.0.12+20190318193336-1rapid7-1-x64.msi
├── metasploit-framework-5.0.12+20190318193336-1rapid7-1-x64.msi.asc
├── metasploit-framework-5.0.12+20190319193251-1rapid7-1-x64.msi
├── metasploit-framework-5.0.12+20190319193251-1rapid7-1-x64.msi.asc
├── metasploit-framework-5.0.13+20190320193306-1rapid7-1-x64.msi.asc
└── metasploitframework-latest.msi.asc

the 2 latest files are actually just signatures, which seems to indicate the pruning script is using the wrong method of deleting older files from the repository. This currently breaks the ability for msfupdate to do the right thing, since the file it downloads is missing.

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

Originally posted by @github-actions[bot] in #136 (comment)

Warning regarding multiple Postgresql versions

Issue: Multiple concurrent versions of Postgresql DB causes metasploit to not install/initialize it's database properly

Root cause

Postgres v10 and v12 were simultaneously installed and running on my system

OS Version

Ubuntu 20.04

Solution

Delete oldest version of postgres via apt remove postgresql-##

Full issue description/troubleshooting steps:

I encountered a bizarre and unique case where installing metasploit would always fail for me when trying to initialize the database.

For no apparent reason, msfdb init would fail during the msfdb initialization procedure, citing that "port 5432/5433" was in use and could not be bound according to the logs.

➜  ~ msfdb init
[?] Would you like to delete your existing data and configurations?: yes
====================================================================
Running the 'init' command for the database:
Found a database at /home/truedemon/.msf4/db, checking to see if it is started
Starting database at /home/truedemon/.msf4/db...failed
LOG:  database system is shut down
[!] Your database may be corrupt. Try reinitializing.
====================================================================

====================================================================
Running the 'init' command for the webservice:
[?] Initial MSF web service account username? [truedemon]: ^CTraceback (most recent call last):
        6: from msfdb:1094:in `<main>'
        5: from msfdb:1094:in `each'
        4: from msfdb:1097:in `block in <main>'
        3: from msfdb:994:in `invoke_command'
        2: from msfdb:473:in `init_web_service'
        1: from msfdb:385:in `ask_value'
msfdb:385:in `gets': Interrupt

After deferring to the ~/.msf4/db/log, I understood that msfdb was trying to set up a socket on port 5433 to the local postgres database.

(Sorry I don't have the log output, as it got overwritten, but the principle log item that tipped me off was the "Cannot BIND IPv4 Port 5433")

After seeing that my /etc/postgresql/12/postgresql.conf was set up on port 5433 and that the process was running, I decided to just bump the database.yml port to 5433. This would result in the msfdb init command succeeding, but afterwards, msfconsole would complain that it could not connect to the database because the 'msf' user did not exist. This made no sense to me.

Upon investigation, I discovered the cause was due to having multiple versions of postgres installed (version 10 and 12 in my case).

Proposed solutions

Perhaps this is too edge-case for the omnibus installer/msfdb command, but it may be worth noting if multiple postgres databases are detected while running. There are multiple ways to do this, such as checking for multiple config folders under /etc/postgresql/ which appear as /etc/postgresql/## such as /etc/postgresql/10 and etc/postgresql/12

Another is to check netstat/ss output for multiple processes named postgresql and determining which binary is in use.

At the very least, I want to document this for future metasploit users in case this is encountered by someone else, because it was very frustrating to troubleshoot, and had prevented me from using Metasploit on my Ubuntu system for the better part of a month. It may be worth documenting in the msfdb init procedure that if it fails, users should verify that postgres is running on port 5432 and that there are not multiple databases running. Otherwise, you get some confusing problems connecting to a database that doesn't exist. :(

I configured the installation path to be "C:\", why is it actually installed to "D:\metasploits-framework"

Such as the title。

Nightly Installer Script not working with Default Ubuntu 19.10 settings

Steps to reproduce

How'd you do it?

Set up a fresh Ubuntu 19.10 VM
run curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ chmod 755 msfinstall && \ ./msfinstall
Script will return

Switching to root user to update the package
Adding metasploit-framework to your repository list..OK
Updating package cache..E: The repository 'https://apt.metasploit.com eoan Release' does not have a Release file.
OK
Checking for and installing update..
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package metasploit-framework

Were you following a specific guide/tutorial or reading documentation?

https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers

Expected behavior

The metasploit apt repo should be added successfully by the msfupdate.erb script.

Current behavior

The default settings for Ubuntu 19.10 (and I presume all later versions and possibly some earlier versions) prohibit updating from a repository that doesn't have a Release file.

E: The repository 'https://apt.metasploit.com eoan Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

Metasploit version

N/A

Additional Information

Not sure how long this has been an issue, as I can't say if the update to the default behaviour regarding adding apt repos was updated recently or was a standard with 19.10 going forward.

Theres also a workaround. By running the script, running sudo apt update, then running the script again, the script will work as expected.

Problem during the installation - bin/omnibus

Hi everybody,

I encountered a problem during the installation of metasploit with omnibus on Ubuntu 16.04.

Each steps have been successfully completed:

install required packages
install omnibus' dependencies

But the build of metasploit-framework package failed.

Below the error:

[2017-06-28T11:50:18+02:00] INFO: The plugin path /etc/chef/ohai/plugins does not exist. Skipping...
 [Software: config_guess] W | 2017-06-28T11:50:19+02:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
Building metasploit-framework 4.15.0+20170628095018-1rapid7...
         [Software: zlib] I | 2017-06-28T11:50:19+02:00 | Resolving manifest entry for zlib
      [Software: cacerts] I | 2017-06-28T11:50:19+02:00 | Resolving manifest entry for cacerts
       [Software: xproto] I | 2017-06-28T11:50:19+02:00 | Resolving manifest entry for xproto
  [Software: util-macros] I | 2017-06-28T11:50:19+02:00 | Resolving manifest entry for util-macros
 [Software: config_guess] I | 2017-06-28T11:50:19+02:00 | Resolving manifest entry for config_guess
 [Software: config_guess] W | 2017-06-28T11:50:19+02:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
 [Software: config_guess] W | 2017-06-28T11:50:19+02:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
[Software: pkg-config-lite] I | 2017-06-28T11:50:19+02:00 | Resolving manifest entry for pkg-config-lite
   [Software: makedepend] I | 2017-06-28T11:50:19+02:00 | Resolving manifest entry for makedepend
      [Software: openssl] I | 2017-06-28T11:50:19+02:00 | Resolving manifest entry for openssl
      [Software: ncurses] I | 2017-06-28T11:50:19+02:00 | Resolving manifest entry for ncurses
    [NetFetcher: ncurses] I | 2017-06-28T11:50:19+02:00 | Downloading from `ftp://invisible-island.net/ncurses/current/ncurses-6.0-20150810.tgz'
      [Software: libedit] I | 2017-06-28T11:50:20+02:00 | Resolving manifest entry for libedit
    [NetFetcher: libedit] I | 2017-06-28T11:50:20+02:00 | Downloading from `http://www.thrysoee.dk/editline/libedit-20160903-3.1.tar.gz'
/usr/lib/ruby/2.3.0/net/ftp.rb:342:in `getresp': 550 ncurses-6.0-20150810.tgz: No such file or directory (Net::FTPPermError)
	from /usr/lib/ruby/2.3.0/net/ftp.rb:367:in `block in sendcmd'
	from /usr/lib/ruby/2.3.0/monitor.rb:214:in `mon_synchronize'
	from /usr/lib/ruby/2.3.0/net/ftp.rb:365:in `sendcmd'
	from /usr/lib/ruby/2.3.0/net/ftp.rb:1040:in `block in size'
	from /usr/lib/ruby/2.3.0/net/ftp.rb:214:in `with_binary'
	from /usr/lib/ruby/2.3.0/net/ftp.rb:1039:in `size'
	from /usr/lib/ruby/2.3.0/open-uri.rb:790:in `buffer_open'
	from /usr/lib/ruby/2.3.0/open-uri.rb:212:in `block in open_loop'
	from /usr/lib/ruby/2.3.0/open-uri.rb:210:in `catch'
	from /usr/lib/ruby/2.3.0/open-uri.rb:210:in `open_loop'
	from /usr/lib/ruby/2.3.0/open-uri.rb:151:in `open_uri'
	from /home/lucas/.bundler/ruby/2.3.0/omnibus-2d264d9e853e/lib/omnibus/core_extensions/open_uri.rb:51:in `open_uri'
	from /usr/lib/ruby/2.3.0/open-uri.rb:717:in `open'
	from /usr/lib/ruby/2.3.0/open-uri.rb:35:in `open'
	from /home/lucas/.bundler/ruby/2.3.0/omnibus-2d264d9e853e/lib/omnibus/download_helpers.rb:80:in `download_file!'
	from /home/lucas/.bundler/ruby/2.3.0/omnibus-2d264d9e853e/lib/omnibus/fetchers/net_fetcher.rb:173:in `download'
	from /home/lucas/.bundler/ruby/2.3.0/omnibus-2d264d9e853e/lib/omnibus/fetchers/net_fetcher.rb:86:in `fetch'
	from /home/lucas/.bundler/ruby/2.3.0/omnibus-2d264d9e853e/lib/omnibus/software.rb:902:in `fetch'
	from /home/lucas/.bundler/ruby/2.3.0/omnibus-2d264d9e853e/lib/omnibus/project.rb:1066:in `block (3 levels) in download'
	from /home/lucas/.bundler/ruby/2.3.0/omnibus-2d264d9e853e/lib/omnibus/thread_pool.rb:64:in `block (4 levels) in initialize'
	from /home/lucas/.bundler/ruby/2.3.0/omnibus-2d264d9e853e/lib/omnibus/thread_pool.rb:62:in `loop'
	from /home/lucas/.bundler/ruby/2.3.0/omnibus-2d264d9e853e/lib/omnibus/thread_pool.rb:62:in `block (3 levels) in initialize'
	from /home/lucas/.bundler/ruby/2.3.0/omnibus-2d264d9e853e/lib/omnibus/thread_pool.rb:61:in `catch'
	from /home/lucas/.bundler/ruby/2.3.0/omnibus-2d264d9e853e/lib/omnibus/thread_pool.rb:61:in `block (2 levels) in initialize'

I'm not a Ruby expert, and by far, so I've no idea about resolving this problem..

Thanks for your help.

OpenSUSE Tumbleweed - directory /etc/pki/rpm-gpg/ does not exist - Installer fails

Using the nightly installer on OpenSUSE Tumbleweed seems to fail right now.

Symptoms

The gpg-key file /etc/pki/rpm-gpg/RPM-GPG-KEY-Metasploit was not written and will result in the following output:

./msfinstall: line 105: /etc/pki/rpm-gpg/RPM-GPG-KEY-Metasploit: No such file or directory
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-Metasploit: import read failed(2).
Retrieving repository 'metasploit' metadata ---------------------------------------------------------------------------------------------------------------------------------------[\]
Looking for gpg key ID 2007B954 in cache /var/cache/zypp/pubkeys.
Repository metasploit does not define additional 'gpgkey=' URLs.
Warning: File 'repomd.xml' from repository 'metasploit' is signed with an unknown key 'CDFB5FA52007B954'.

    Note: Signing data enables the recipient to verify that no modifications occurred after the data
    were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
    and in extreme cases even to a system compromise.

    Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the
    whole repo.

    Warning: We can't verify that no one meddled with this file, so it might not be trustworthy
    anymore! You should not continue unless you know it's safe.

File 'repomd.xml' from repository 'metasploit' is signed with an unknown key 'CDFB5FA52007B954'. Continue? [yes/no] (no): no
Retrieving repository 'metasploit' metadata ...................................................................................................................................[error]
Repository 'metasploit' is invalid.
[metasploit|http://downloads.metasploit.com/data/releases/metasploit-framework/rpm] Valid metadata not found at specified URL
History:
 - Signature verification failed for repomd.xml
 - Can't provide /repodata/repomd.xml

Please check if the URIs defined for this repository are pointing to a valid repository.
Warning: Skipping repository 'metasploit' because of the above error.
Some of the repositories have not been refreshed because of an error.
Loading repository data...
Reading installed packages...
'metasploit-framework' not found in package names. Trying capabilities.
No provider of 'metasploit-framework' found.

Cause

While /etc/pki/ does exist, the directory /etc/pki/rpm-gpg seem to not exist by default (on my machine).
That's why the command print_pgp_key > ${GPG_KEY_FILE}in line 105 of the install_suse function will not write a file.

Workaround

However when I created the rpm-gpg directory manually, the installer (or to be precise: zypper) proceeded without any further complains, since ${GPG_KEY_FILE} was now successfully written.

Possible Fix

I don't know whether the missing rpm-gpg directory is specific to my machine or if it is specific to my distro.
As of now, i do not know the indented location for external GPG key files on OpenSUSE Tumbleweed.

Assuming that directory is uncritical, i would change the install_suse function to include a check whether the directory exists. And if it does not exist yet: just create it.

This would change respective function in the config/templates/metasploit-framework-wrappers/msfupdate.erb file from this:

install_suse() {
  echo "Checking for and installing update.."
  GPG_KEY_FILE=/etc/pki/rpm-gpg/RPM-GPG-KEY-Metasploit
  echo -n "Adding metasploit-framework to your repository list.."

  zypper ar  -f $DOWNLOAD_URI/rpm metasploit
  print_pgp_key > ${GPG_KEY_FILE}
  rpmkeys --import ${GPG_KEY_FILE}
  zypper install -y metasploit-framework
}

to this:

install_suse() {
  echo "Checking for and installing update.."
  GPG_KEY_FILE_DIR=/etc/pki/rpm-gpg
  if [ ! -d $GPG_KEY_FILE_DIR ]; then
    mkdir -p $GPG_KEY_FILE_DIR
  fi

  GPG_KEY_FILE=$GPG_KEY_FILE_DIR/RPM-GPG-KEY-Metasploit
  echo -n "Adding metasploit-framework to your repository list.."

  zypper ar  -f $DOWNLOAD_URI/rpm metasploit
  print_pgp_key > ${GPG_KEY_FILE}
  rpmkeys --import ${GPG_KEY_FILE}
  zypper install -y metasploit-framework
}

Do you consider this a reasonable change? If so, i would go ahead and create a PR with this change, unless it is simpler for one of the maintainers to do it yourself.

msfdb init failing to start the database

I'm having trouble getting the latest build of metasploit to run properly. After installation, I ran msfdb init and I got the following output:

PS C:\Users> msfdb init
Found a database at C:\Users\Maktm/.msf4/db, checking to see if it is started
Starting database at C:\Users\Maktm/.msf4/db...

and it hangs on this screen indefinitely. During this time, a process 'postgres.exe' is spawned but the command remains hanging. If I run msfconsole, I get the following output:

The PGconn, PGresult, and PGError constants are deprecated, and will be
removed as of version 1.0.

You should use PG::Connection, PG::Result, and PG::Error instead, respectively.

Called from C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activesupport-
4.2.8/lib/active_support/dependencies.rb:274:in `block in require'
[-] Failed to connect to the database: FATAL:  role "msf" does not exist

Also, running db_status inside of msfconsole prints this stack trace:

msf > db_status
[-] Error while running command db_status: FATAL:  role "msf" does not exist


Call stack:
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/postgresql_adapter.rb:661:in `rescue in connect'
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/postgresql_adapter.rb:651:in `connect'
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/postgresql_adapter.rb:242:in `initialize'
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/postgresql_adapter.rb:44:in `new'
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/postgresql_adapter.rb:44:in `postgresql_connection'
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/abstract/connection_pool.rb:438:in `new_connection'
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/abstract/connection_pool.rb:448:in `checkout_new_connection'
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/abstract/connection_pool.rb:422:in `acquire_connection'
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/abstract/connection_pool.rb:349:in `block in checkout'
C:/metasploit-framework/embedded/lib/ruby/2.3.0/monitor.rb:214:in `mon_synchronize'
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/abstract/connection_pool.rb:348:in `checkout'
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/abstract/connection_pool.rb:263:in `block in connection'
C:/metasploit-framework/embedded/lib/ruby/2.3.0/monitor.rb:214:in `mon_synchronize'
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/abstract/connection_pool.rb:262:in `connection'
C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/abstract/connection_pool.rb:292:in `with_connection'
C:/metasploit-framework/embedded/framework/lib/msf/core/db_manager/connection.rb:123:in `connection_established?'
C:/metasploit-framework/embedded/framework/lib/msf/ui/console/command_dispatcher/db.rb:1613:in `cmd_db_status'
C:/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:430:in `run_command'
C:/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:392:in `block in run_single'
C:/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:386:in `each'
C:/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:386:in `run_single'
C:/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:205:in `run'
C:/metasploit-framework/embedded/framework/lib/metasploit/framework/command/console.rb:48:in `start'
C:/metasploit-framework/embedded/framework/lib/metasploit/framework/command/base.rb:82:in `start'
C:/metasploit-framework/bin/../embedded/framework/msfconsole:48:in `<main>'

bundle install --binstubs blows up in Ubuntu 14

Ubuntu version: 14.04.2 LTS (x86_64, ubuntu-14.02.2-desktop-amd64.iso). Newly installed.

Just trying to follow exactly the installation instructions here.

Commands used prior to bundle install:

sudo apt-get update
sudo apt-get install build-essential
sudo apt-get install ruby-1.9.1-full
sudo gem install bundler
sudo apt-get install git

Error:

make[1]: Leaving directory `/tmp/bundler20150515-5897-qgzcqedep-selector-libgecode-1.0.2/gems/dep-selector-libgecode-1.0.2/ext/libgecode3/vendor/gecode-3.7.3'
make: *** [compilelib] Error 2
extconf.rb:98:in `block in run': Failed to build gecode library. (GecodeBuild::BuildError)
    from extconf.rb:97:in `chdir'
    from extconf.rb:97:in `run'
    from extconf.rb:104:in `<main>'


Gem files will remain installed in /tmp/bundler20150515-5897-qgzcqedep-selector-libgecode-1.0.2/gems/dep-selector-libgecode-1.0.2 for inspection.
Results logged to /tmp/bundler20150515-5897-qgzcqedep-selector-libgecode-1.0.2/gems/dep-selector-libgecode-1.0.2/ext/libgecode3/gem_make.out
An error occurred while installing dep-selector-libgecode (1.0.2), and Bundler
cannot continue.
Make sure that `gem install dep-selector-libgecode -v '1.0.2'` succeeds before
bundling.

Installed gems are not found

`
msf6 > sudo gem install lab
[*] exec: sudo gem install lab

Building native extensions. This could take a while...
Successfully installed aliyun-sdk-0.8.0
Successfully installed fog-aliyun-0.3.19
Successfully installed fog-1.36.0
Successfully installed lab-0.2.7
Parsing documentation for aliyun-sdk-0.8.0
Installing ri documentation for aliyun-sdk-0.8.0
Parsing documentation for fog-aliyun-0.3.19
Installing ri documentation for fog-aliyun-0.3.19
Parsing documentation for fog-1.36.0
Installing ri documentation for fog-1.36.0
Parsing documentation for lab-0.2.7
Installing ri documentation for lab-0.2.7
Done installing documentation for aliyun-sdk, fog-aliyun, fog, lab after 26 seconds
4 gems installed
msf6 > load lab
[-] Failed to load plugin from /opt/metasploit-framework/embedded/framework/plugins/lab: WARNING: Lab gem not found, Please 'gem install lab'
`

Am I doing something wrong?

Accidentally installed with part of anti-virus still active, reinstall doesn't write any files & windows-defender crashes

I installed on Windows using the latest .msi, I turned off antivirus real-time protection, but some other area of protection was apparently still running and flagged dozens of files. Tried uninstalling, turning Everything off, excluding the install folder, and tried to reinstall. The installer succeeds, but no actual files are written in the destination folder.

Also I try to go into "Protection History" in Windows Defender, to see if the specific files are now being blacklisted and auto-removed.. and the Protection History window comes up for a second and shows there's a bunch of files waiting for 'action' to be taken, and then the window immediately crashes before I can take any action to 'ignore/allow' the files.

Every time I try to reinstall now the files don't show up, and every time I open the protection history screen in windows defender it crashes.

What to do?

Package Git for Windows platform

The Omnibus installer works great out of the box on Windows, it runs. But it is not able to run bundle install without git; it will fail during the process. It feels rather important to package this by default, so the user can update and run Metasploit again.

msfdb fails to init database if msfconsole hasn't been run

Depending on how metasploit was installed, or what was run after install, the ~/.msf4 directory will not exist.

For example, if you use this installer and don't run msfconsole, the ~/.msf4 directory will not exist (assuming an otherwise clean system). Normally this isn't a problem, because when you then run msfconsole (as non-root), it will prompt you to create the database, and at that point ~/.msf4 will have been created and all is well.

However, if you are attempting to run msfconsole, say, with an RC file or other ~unattended fashion, the prompting may not happen or may not be desirable. In these situations, one could run msdb init, but because ~/.msf4 doesn't exist, you will encounter the following:

/opt/metasploit-framework/embedded/framework/msfdb:210:in `initialize': No such file or directory @ rb_sysopen - /home/msf/.msf4/database.yml (Errno::ENOENT)
	from /opt/metasploit-framework/embedded/framework/msfdb:210:in `open'
	from /opt/metasploit-framework/embedded/framework/msfdb:210:in `init_db'
	from /opt/metasploit-framework/embedded/framework/msfdb:315:in `<main>'

Until I read the code, I chased my tail a bit trying to find a database.yml that would work, and was confused because there wasn't one that came with the installer. As it turns out, the issue is as I described above.

This is a simple fix. PR incoming.

My simple work around locally was to mkdir ~/.msf4 prior to msfdb init, which #62 implements more officially.

The necessary IP address cannot be accessed.

I want to try msf5,so I tryed to compile it
#bin/omnibus build metasploit-framework
the console displayed:

/usr/lib/ruby/2.5.0/socket.rb:64:in `connect': Connection timed out - connect(2) for 192.124.249.12:21 (Errno::ETIMEDOUT)

so pity

it is verbose:

┌─[✗]─[root@parrot]─[/opt/metasploit-omnibus]
└──╼ #bin/omnibus build metasploit-framework
                    [CLI] I | 2018-10-18T01:29:45+08:00 | Using config from 'omnibus.rb'
 [Software: config_guess] W | 2018-10-18T01:29:54+08:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
Building metasploit-framework 4.17.10+20181017172945.git.3.dd382cf-1rapid7...
         [Software: zlib] I | 2018-10-18T01:29:55+08:00 | Resolving manifest entry for zlib
      [Software: cacerts] I | 2018-10-18T01:29:55+08:00 | Resolving manifest entry for cacerts
       [Software: xproto] I | 2018-10-18T01:29:55+08:00 | Resolving manifest entry for xproto
  [Software: util-macros] I | 2018-10-18T01:29:55+08:00 | Resolving manifest entry for util-macros
[Software: pkg-config-lite] I | 2018-10-18T01:29:55+08:00 | Resolving manifest entry for pkg-config-lite
   [Software: makedepend] I | 2018-10-18T01:29:55+08:00 | Resolving manifest entry for makedepend
      [Software: openssl] I | 2018-10-18T01:29:55+08:00 | Resolving manifest entry for openssl
 [Software: config_guess] I | 2018-10-18T01:29:55+08:00 | Resolving manifest entry for config_guess
 [Software: config_guess] W | 2018-10-18T01:29:55+08:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
 [Software: config_guess] W | 2018-10-18T01:29:55+08:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
      [Software: ncurses] I | 2018-10-18T01:29:55+08:00 | Resolving manifest entry for ncurses
    [NetFetcher: ncurses] I | 2018-10-18T01:29:55+08:00 | Downloading from `ftp://invisible-island.net/ncurses/current/ncurses-6.0-20150810.tgz'
      [Software: libedit] I | 2018-10-18T01:29:56+08:00 | Resolving manifest entry for libedit                                      0% (0 KB/sec)
      [Software: libtool] I | 2018-10-18T01:29:56+08:00 | Resolving manifest entry for libtool
       [Software: libffi] I | 2018-10-18T01:29:56+08:00 | Resolving manifest entry for libffi
      [Software: libyaml] I | 2018-10-18T01:29:56+08:00 | Resolving manifest entry for libyaml
         [Software: ruby] I | 2018-10-18T01:29:56+08:00 | Resolving manifest entry for ruby
     [Software: rubygems] I | 2018-10-18T01:29:56+08:00 | Resolving manifest entry for rubygems
  [NullFetcher: rubygems] I | 2018-10-18T01:29:56+08:00 | Fetching `rubygems' (nothing to fetch)
      [Software: bundler] I | 2018-10-18T01:29:56+08:00 | Resolving manifest entry for bundler
   [NullFetcher: bundler] I | 2018-10-18T01:29:56+08:00 | Fetching `bundler' (nothing to fetch)
      [Software: libpcap] I | 2018-10-18T01:29:56+08:00 | Resolving manifest entry for libpcap
      [Software: pcaprub] I | 2018-10-18T01:29:56+08:00 | Resolving manifest entry for pcaprub
   [NullFetcher: pcaprub] I | 2018-10-18T01:29:56+08:00 | Fetching `pcaprub' (nothing to fetch)
      [Software: liblzma] I | 2018-10-18T01:29:56+08:00 | Resolving manifest entry for liblzma
      [Software: libxml2] I | 2018-10-18T01:29:56+08:00 | Resolving manifest entry for libxml2
      [Software: libxslt] I | 2018-10-18T01:29:56+08:00 | Resolving manifest entry for libxslt
      [Software: libuuid] I | 2018-10-18T01:29:57+08:00 | Resolving manifest entry for libuuid
   [Software: postgresql] I | 2018-10-18T01:29:57+08:00 | Resolving manifest entry for postgresql
       [Software: sqlite] I | 2018-10-18T01:29:57+08:00 | Resolving manifest entry for sqlite
[Software: metasploit-framework] I | 2018-10-18T01:29:57+08:00 | Resolving manifest entry for metasploit-framework
[Software: metasploit-framework] W | 2018-10-18T01:29:57+08:00 | Version master for software metasploit-framework was not parseable. Comparison methods such as #satisfies? will not be available for this version.
[Software: metasploit-framework] W | 2018-10-18T01:29:57+08:00 | Version master for software metasploit-framework was not parseable. Comparison methods such as #satisfies? will not be available for this version.
[Software: metasploit-framework-wrappers] I | 2018-10-18T01:30:02+08:00 | Resolving manifest entry for metasploit-framework-wrappers
[NullFetcher: metasploit-framework-wrappers] I | 2018-10-18T01:30:02+08:00 | Fetching `metasploit-framework-wrappers' (nothing to fetch)
#<Thread:0x000056020e3f9bc8@/var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/thread_pool.rb:57 run> terminated with exception (report_on_exception is true):
Traceback (most recent call last):
	30: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/thread_pool.rb:61:in `block (2 levels) in initialize'
	29: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/thread_pool.rb:61:in `catch'
	28: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/thread_pool.rb:62:in `block (3 levels) in initialize'
	27: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/thread_pool.rb:62:in `loop'
	26: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/thread_pool.rb:64:in `block (4 levels) in initialize'
	25: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/project.rb:1066:in `block (3 levels) in download'
	24: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/software.rb:897:in `fetch'
	23: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/fetchers/net_fetcher.rb:86:in `fetch'
	22: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/fetchers/net_fetcher.rb:173:in `download'
	21: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/download_helpers.rb:80:in `download_file!'
	20: from /usr/lib/ruby/2.5.0/open-uri.rb:35:in `open'
	19: from /usr/lib/ruby/2.5.0/open-uri.rb:735:in `open'
	18: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/core_extensions/open_uri.rb:51:in `open_uri'
	17: from /usr/lib/ruby/2.5.0/open-uri.rb:165:in `open_uri'
	16: from /usr/lib/ruby/2.5.0/open-uri.rb:224:in `open_loop'
	15: from /usr/lib/ruby/2.5.0/open-uri.rb:224:in `catch'
	14: from /usr/lib/ruby/2.5.0/open-uri.rb:226:in `block in open_loop'
	13: from /usr/lib/ruby/2.5.0/open-uri.rb:793:in `buffer_open'
	12: from /usr/lib/ruby/2.5.0/net/ftp.rb:367:in `connect'
	11: from /usr/lib/ruby/2.5.0/monitor.rb:226:in `mon_synchronize'
	10: from /usr/lib/ruby/2.5.0/net/ftp.rb:369:in `block in connect'
	 9: from /usr/lib/ruby/2.5.0/net/ftp.rb:328:in `open_socket'
	 8: from /usr/lib/ruby/2.5.0/timeout.rb:76:in `timeout'
	 7: from /usr/lib/ruby/2.5.0/net/ftp.rb:333:in `block in open_socket'
	 6: from /usr/lib/ruby/2.5.0/socket.rb:631:in `tcp'
	 5: from /usr/lib/ruby/2.5.0/socket.rb:227:in `foreach'
	 4: from /usr/lib/ruby/2.5.0/socket.rb:227:in `each'
	 3: from /usr/lib/ruby/2.5.0/socket.rb:641:in `block in tcp'
	 2: from /usr/lib/ruby/2.5.0/socket.rb:137:in `connect'
	 1: from /usr/lib/ruby/2.5.0/socket.rb:64:in `connect_internal'
/usr/lib/ruby/2.5.0/socket.rb:64:in `connect': Connection timed out - connect(2) for 192.124.249.12:21 (Errno::ETIMEDOUT)
Traceback (most recent call last):
	30: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/thread_pool.rb:61:in `block (2 levels) in initialize'
	29: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/thread_pool.rb:61:in `catch'
	28: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/thread_pool.rb:62:in `block (3 levels) in initialize'
	27: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/thread_pool.rb:62:in `loop'
	26: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/thread_pool.rb:64:in `block (4 levels) in initialize'
	25: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/project.rb:1066:in `block (3 levels) in download'
	24: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/software.rb:897:in `fetch'
	23: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/fetchers/net_fetcher.rb:86:in `fetch'
	22: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/fetchers/net_fetcher.rb:173:in `download'
	21: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/download_helpers.rb:80:in `download_file!'
	20: from /usr/lib/ruby/2.5.0/open-uri.rb:35:in `open'
	19: from /usr/lib/ruby/2.5.0/open-uri.rb:735:in `open'
	18: from /var/lib/gems/2.5.0/bundler/gems/omnibus-3a2d7755a617/lib/omnibus/core_extensions/open_uri.rb:51:in `open_uri'
	17: from /usr/lib/ruby/2.5.0/open-uri.rb:165:in `open_uri'
	16: from /usr/lib/ruby/2.5.0/open-uri.rb:224:in `open_loop'
	15: from /usr/lib/ruby/2.5.0/open-uri.rb:224:in `catch'
	14: from /usr/lib/ruby/2.5.0/open-uri.rb:226:in `block in open_loop'
	13: from /usr/lib/ruby/2.5.0/open-uri.rb:793:in `buffer_open'
	12: from /usr/lib/ruby/2.5.0/net/ftp.rb:367:in `connect'
	11: from /usr/lib/ruby/2.5.0/monitor.rb:226:in `mon_synchronize'
	10: from /usr/lib/ruby/2.5.0/net/ftp.rb:369:in `block in connect'
	 9: from /usr/lib/ruby/2.5.0/net/ftp.rb:328:in `open_socket'
	 8: from /usr/lib/ruby/2.5.0/timeout.rb:76:in `timeout'
	 7: from /usr/lib/ruby/2.5.0/net/ftp.rb:333:in `block in open_socket'
	 6: from /usr/lib/ruby/2.5.0/socket.rb:631:in `tcp'
	 5: from /usr/lib/ruby/2.5.0/socket.rb:227:in `foreach'
	 4: from /usr/lib/ruby/2.5.0/socket.rb:227:in `each'
	 3: from /usr/lib/ruby/2.5.0/socket.rb:641:in `block in tcp'
	 2: from /usr/lib/ruby/2.5.0/socket.rb:137:in `connect'
	 1: from /usr/lib/ruby/2.5.0/socket.rb:64:in `connect_internal'
/usr/lib/ruby/2.5.0/socket.rb:64:in `connect': Connection timed out - connect(2) for 192.124.249.12:21 (Errno::ETIMEDOUT)

installation finished, but no folder or file created

Expected behavior

Installer with create folder and files in it.

Current behavior

Does absolutely nothing, looks like it installs, but no file found.

System stuff

Metasploit version

no idea, cant check

I installed Metasploit with:

latest metasploit installer.msi,
metasploit-framework-5.0.19+20190425193324.git.7.b9e2e14-1rapid7-1-x64.msi
same results

OS

win 10 x64 enterprise ltsb

Additional

Selecting any other place to install, than default C:/ also does nothing and once it looks like its installed and I run the installer once again and select change, I see again C:/ path, even when I selected G:/ in installation before.
I am not running any antivirus/anti-malware software or any of that sort.

Any ideas ? also side question: Will virtual linux machine running on windows work fine? if so, can you point me to a working setup guide please?

msfremove should auto-stop the database and offer to delete it

Right now, you can leave things in a weird state if you remove without stopping first.

rpm installation removing all symlinks on update

Tested on but not limited to Fedora32(probably affecting all rpm related distros):
After installation symlinks to all binary files get set correct but after package update all symlinks will be deleted leaving all binary files in place without any references.

This results in unusable binaries from the terminal environment.

Package Ruby Development Tookit for Windows platform

The Omnibus installer works great out of the box on Windows, it runs. But if the gem file is changed after an update, the user cannot do bundle install because there is no bundler at all. It feels rather important to have this packaged by default, so the user can update/and continue using Framework.

32-bit:
http://dl.bintray.com/oneclick/rubyinstaller/DevKit-mingw64-32-4.7.2-20130224-1151-sfx.exe

x64:
http://dl.bintray.com/oneclick/rubyinstaller/DevKit-mingw64-64-4.7.2-20130224-1432-sfx.exe

bcrypt on Windows is busted since we moved to Ruby 2.3

It looks like the system tests failed to spot it automatically too.

We need to workaround this issue:

bcrypt-ruby/bcrypt-ruby#139

OOB experience should give the ability to auto-start the database on start

This would require windows support, and probably unix. For unix, I think the easiest thing is to add @reboot to the local user crontab, since that is cross-platform.

> As of this writing, we see the following files being published at windows.metasploit.com

As of this writing, we see the following files being published at windows.metasploit.com

index.html
LATEST
metasploit-framework-5.0.11+20190312193250-1rapid7-1-x64.msi
metasploit-framework-5.0.11+20190312193250-1rapid7-1-x64.msi.asc
metasploit-framework-5.0.11+20190313193429-1rapid7-1-x64.msi
metasploit-framework-5.0.11+20190313193429-1rapid7-1-x64.msi.asc
metasploit-framework-5.0.11+20190314193219-1rapid7-1-x64.msi
metasploit-framework-5.0.11+20190314193219-1rapid7-1-x64.msi.asc
metasploit-framework-5.0.12+20190315193240-1rapid7-1-x64.msi
metasploit-framework-5.0.12+20190315193240-1rapid7-1-x64.msi.asc
metasploit-framework-5.0.12+20190316193233-1rapid7-1-x64.msi
metasploit-framework-5.0.12+20190316193233-1rapid7-1-x64.msi.asc
metasploit-framework-5.0.12+20190317193324-1rapid7-1-x64.msi
metasploit-framework-5.0.12+20190317193324-1rapid7-1-x64.msi.asc
metasploit-framework-5.0.12+20190318193336-1rapid7-1-x64.msi
metasploit-framework-5.0.12+20190318193336-1rapid7-1-x64.msi.asc
metasploit-framework-5.0.12+20190319193251-1rapid7-1-x64.msi
metasploit-framework-5.0.12+20190319193251-1rapid7-1-x64.msi.asc
metasploit-framework-5.0.13+20190320193306-1rapid7-1-x64.msi.asc
metasploitframework-latest.msi.asc

the 2 latest files are actually just signatures, which seems to indicate the pruning script is using the wrong method of deleting older files from the repository. This currently breaks the ability for msfupdate to do the right thing, since the file it downloads is missing.

Originally posted by @jorgeluisrdz198 in #98 (comment)

Update are very huge with APT repository

Hello Everyone :-)

Is it possible to "optmize" update process ?
Each update take 200MB to be download, is it possible to reduce update size ?
I have at least 1 update per week ( is not a problem ! 👍 , thanks you ! 🥇 ) but it's very hard to maintain this package updated due to the bandwith usage.

Steps to reproduce

Install metasploit with Nightly Installers

https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers

Current behavior

Each update require ~230 MB to be downloaded which is too much for me.

System stuff

Apt-based system ( i tried on: Ubuntu, Debian, Kubuntu )

I installed Metasploit with:

Kali package via apt
Omnibus installer (nightly)
Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)
Source install (please specify ruby version)

OS

What OS are you running Metasploit on?
Ubuntu, Kubuntu, Debian

msfdb does not pull user specific port

When running in a multi-user environment, the msfdb script uses the hardcoded port value in the msfdb script rather than the one that is defined in the users database.yml and db/postgresql.conf. This means after reboot, the msfdb will not correctly start the postgres server. Suggested fix: If the database.yml file exists, read the postgres port from the file and try to start the server using it rather than using the default port in the msfdb script.

I can't seem to find the source for the msfdb script in this repo or I'd attempt to make the change. Here's the snippet I added to the start_db func below the check for the database dir. The spacing appears to be getting f-ed.

def start_db
  if !Dir.exist?(@db)
    puts "No database found at #{@db}, not starting"
    return
  end

#--------------------- Check for database config ---------------------------------

  if File.exist?(@dbconf)
     File.readlines("#{@dbconf}").each do |line|
        arr = line.split(":")
        key = arr.first.strip
        val = arr.last.strip
        if key == "port"
           @dbport = val
        end
     end
  end

Hard error after running; bundle install --binstubs

Is this breaking because it's not running as a different user other than root?

root@localhost:~/metasploit-omnibus# bundle install --binstubs
Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will break this application for all non-root users on
this machine.
Fetching https://github.com/rapid7/omnibus
Fetching gem metadata from https://rubygems.org/.........
Fetching gem metadata from https://rubygems.org/..
Resolving dependencies....
Fetching addressable 2.3.8
Installing addressable 2.3.8
Fetching awesome_print 1.8.0
Installing awesome_print 1.8.0
Fetching aws-sigv4 1.0.3 (was 1.0.2)
Installing aws-sigv4 1.0.3 (was 1.0.2)
Fetching jmespath 1.4.0 (was 1.3.1)
Installing jmespath 1.4.0 (was 1.3.1)
Fetching aws-sdk-core 2.11.109 (was 2.10.134)
Installing aws-sdk-core 2.11.109 (was 2.10.134)
Fetching aws-sdk-resources 2.11.109 (was 2.10.134)
Installing aws-sdk-resources 2.11.109 (was 2.10.134)
Fetching aws-sdk 2.11.109 (was 2.10.134)
Installing aws-sdk 2.11.109 (was 2.10.134)
Fetching multipart-post 2.0.0
Installing multipart-post 2.0.0
Fetching faraday 0.9.2
Installing faraday 0.9.2
Fetching httpclient 2.6.0.1
Installing httpclient 2.6.0.1
Fetching berkshelf-api-client 1.3.1
Installing berkshelf-api-client 1.3.1
Fetching buff-extensions 1.0.0
Installing buff-extensions 1.0.0
Fetching hashie 3.5.7
Installing hashie 3.5.7
Fetching varia_model 0.4.1
Installing varia_model 0.4.1
Fetching buff-config 1.0.1
Installing buff-config 1.0.1
Fetching buff-ruby_engine 0.1.0
Installing buff-ruby_engine 0.1.0
Fetching buff-shell_out 0.2.0
Installing buff-shell_out 0.2.0
Fetching hitimes 1.2.6
Installing hitimes 1.2.6 with native extensions
Fetching timers 4.0.4
Installing timers 4.0.4
Fetching celluloid 0.16.0
Installing celluloid 0.16.0
Fetching nio4r 1.2.1
Installing nio4r 1.2.1 with native extensions
Fetching celluloid-io 0.16.2
Installing celluloid-io 0.16.2
Fetching cleanroom 1.0.0
Installing cleanroom 1.0.0
Fetching minitar 0.5.4
Installing minitar 0.5.4
Fetching sawyer 0.6.0
Installing sawyer 0.6.0
Fetching octokit 3.8.0
Installing octokit 3.8.0
Fetching retryable 2.0.4
Installing retryable 2.0.4
Fetching buff-ignore 1.2.0
Installing buff-ignore 1.2.0
Fetching fuzzyurl 0.9.0
Installing fuzzyurl 0.9.0
Fetching mixlib-config 2.2.5
Installing mixlib-config 2.2.5
Fetching mixlib-shellout 2.3.2
Installing mixlib-shellout 2.3.2
Fetching tomlrb 1.2.6
Installing tomlrb 1.2.6
Fetching chef-config 13.7.16
Installing chef-config 13.7.16
Fetching erubis 2.7.0
Installing erubis 2.7.0
Using json 2.1.0
Fetching mixlib-authentication 1.4.2
Installing mixlib-authentication 1.4.2
Fetching semverse 1.2.1
Installing semverse 1.2.1
Fetching ridley 4.4.2
Installing ridley 4.4.2
Fetching dep-selector-libgecode 1.3.1
Installing dep-selector-libgecode 1.3.1 with native extensions

Fetching ffi 1.9.21
Installing ffi 1.9.21 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

current directory: /var/lib/gems/2.5.0/gems/ffi-1.9.21/ext/ffi_c

/usr/bin/ruby2.5 -r ./siteconf20180816-16668-rm0sec.rb extconf.rb
checking for ffi.h... no
checking for ffi.h in /usr/local/include,/usr/include/ffi... no
checking for shlwapi.h... no
checking for rb_thread_blocking_region()... no
checking for rb_thread_call_with_gvl()... yes
checking for rb_thread_call_without_gvl()... yes
creating extconf.h
creating Makefile

current directory: /var/lib/gems/2.5.0/gems/ffi-1.9.21/ext/ffi_c
make "DESTDIR=" clean

current directory: /var/lib/gems/2.5.0/gems/ffi-1.9.21/ext/ffi_c
make "DESTDIR="
Running autoreconf for libffi
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
configure.ac:376: warning: AC_PROG_LD is m4_require'd but not m4_defun'd
acinclude.m4:251: LIBFFI_CHECK_LINKER_FEATURES is expanded from...
acinclude.m4:349: LIBFFI_ENABLE_SYMVERS is expanded from...
configure.ac:376: the top level
configure.ac:376: warning: AC_PROG_LD is m4_require'd but not m4_defun'd
acinclude.m4:251: LIBFFI_CHECK_LINKER_FEATURES is expanded from...
acinclude.m4:349: LIBFFI_ENABLE_SYMVERS is expanded from...
configure.ac:376: the top level
autoreconf: configure.ac: tracing
configure.ac:376: warning: AC_PROG_LD is m4_require'd but not m4_defun'd
acinclude.m4:251: LIBFFI_CHECK_LINKER_FEATURES is expanded from...
acinclude.m4:349: LIBFFI_ENABLE_SYMVERS is expanded from...
configure.ac:376: the top level
autoreconf: configure.ac: not using Libtool
autoreconf: running: /usr/bin/autoconf --force
configure.ac:376: warning: AC_PROG_LD is m4_require'd but not m4_defun'd
acinclude.m4:251: LIBFFI_CHECK_LINKER_FEATURES is expanded from...
acinclude.m4:349: LIBFFI_ENABLE_SYMVERS is expanded from...
configure.ac:376: the top level
configure.ac:41: error: possibly undefined macro: AC_PROG_LIBTOOL
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
configure:7624: error: possibly undefined macro: AC_PROG_LD
autoreconf: /usr/bin/autoconf failed with exit status: 1
make: *** [libffi.mk:7: "/var/lib/gems/2.5.0/gems/ffi-1.9.21/ext/ffi_c/libffi-arm-linux-gnueabihf"/.libs/libffi_convenience.a] Error 1

make failed, exit code 2

Gem files will remain installed in /var/lib/gems/2.5.0/gems/ffi-1.9.21 for inspection.
Results logged to /var/lib/gems/2.5.0/extensions/arm-linux/2.5.0/ffi-1.9.21/gem_make.out

An error occurred while installing ffi (1.9.21), and Bundler cannot continue.
Make sure that gem install ffi -v '1.9.21' succeeds before bundling.

In Gemfile:
berkshelf was resolved to 3.3.0, which depends on
solve was resolved to 1.2.1, which depends on
dep_selector was resolved to 1.0.6, which depends on
ffi
root@localhost:/metasploit-omnibus#
root@localhost:/metasploit-omnibus# gem install ffi -v '1.9.21'
Building native extensions. This could take a while...
ERROR: Error installing ffi:
ERROR: Failed to build gem native extension.

current directory: /var/lib/gems/2.5.0/gems/ffi-1.9.21/ext/ffi_c

/usr/bin/ruby2.5 -r ./siteconf20180816-14517-rd54rm.rb extconf.rb
checking for ffi.h... no
checking for ffi.h in /usr/local/include,/usr/include/ffi... no
checking for shlwapi.h... no
checking for rb_thread_blocking_region()... no
checking for rb_thread_call_with_gvl()... yes
checking for rb_thread_call_without_gvl()... yes
creating extconf.h
creating Makefile

current directory: /var/lib/gems/2.5.0/gems/ffi-1.9.21/ext/ffi_c
make "DESTDIR=" clean

make failed, exit code 2

Gem files will remain installed in /var/lib/gems/2.5.0/gems/ffi-1.9.21 for inspection.
Results logged to /var/lib/gems/2.5.0/extensions/arm-linux/2.5.0/ffi-1.9.21/gem_make.out
root@localhost:~/metasploit-omnibus# bin/omnibus build metasploit-framework
-bash: bin/omnibus: No such file or directory

Include database config and autostart if config is present

Create a random password for a new postgres user, create a database, bind to localhost only, and write out the database.yml.

Metasploit wrappers don't support spaces inside CWD

Inside Ubuntu 20.04 on WSL2 on a Windows 10 x64 20H2 host, after installing the latest Metasploit as of today via the omnibus installer:

jeff@DESKTOP-12PMAF5:/mnt/c/Users/Jeff McJunkin$ msfvenom -h
/usr/bin/msfvenom: 14: cd: can't cd to /mnt/c/Users/Jeff

 ** Welcome to Metasploit Framework Initial Setup **
    Please answer a few questions to get started.

Examining the source of msfvenom shows it gathers the current working directory (CWD), then changes to it later without quotes:

jeff@DESKTOP-12PMAF5:~$ which msfvenom
/usr/bin/msfvenom
jeff@DESKTOP-12PMAF5:~$ file /usr/bin/msfvenom
/usr/bin/msfvenom: symbolic link to /etc/alternatives/msfvenom
jeff@DESKTOP-12PMAF5:~$ file /etc/alternatives/msfvenom
/etc/alternatives/msfvenom: symbolic link to /opt/metasploit-framework/bin/msfvenom
jeff@DESKTOP-12PMAF5:~$ file /opt/metasploit-framework/bin/msfvenom
/opt/metasploit-framework/bin/msfvenom: POSIX shell script, ASCII text executable
jeff@DESKTOP-12PMAF5:~$ head -n 15 /opt/metasploit-framework/bin/msfvenom
#!/bin/sh
cmd=`basename $0`

CWD=`pwd`
SCRIPTDIR=/opt/metasploit-framework/bin
cd $SCRIPTDIR
EMBEDDED=$SCRIPTDIR/../embedded
BIN=$EMBEDDED/bin
FRAMEWORK=$EMBEDDED/framework

LOCALCONF=~/.msf4
DB=$LOCALCONF/db
DBCONF=$LOCALCONF/database.yml
cd $CWD

Since WSL2 makes the home directory based on the Windows username ("Jeff McJunkin") in my case, the path has spaces, and needs to be quoted.

The other shell wrappers do the same:

jeff@DESKTOP-12PMAF5:/opt/metasploit-framework/bin$ egrep '^cd \$CWD' *
msfbinscan:cd $CWD
msfconsole:cd $CWD
msfd:cd $CWD
msfelfscan:cd $CWD
msfmachscan:cd $CWD
msfpescan:cd $CWD
msfrop:cd $CWD
msfrpc:cd $CWD
msfrpcd:cd $CWD
msfvenom:cd $CWD

The fix should be simple -- change cd $CWD in all the shell wrappers to cd "$CWD". This will likely be a more common issue as WSL2 adoption rises, but it's not a WSL2-specific bug.

rapid7 / metasploit-omnibus Goto Github PK

metasploit-omnibus's Introduction

metasploit-framework Omnibus project

Installing the package

Building the package

Prerequisites

Building on Docker

Building on Ubuntu / Debian systems

Building on Windows

Building on OS X

Clean

Publish

Help

metasploit-omnibus's People

Contributors

Stargazers

Watchers

Forkers

metasploit-omnibus's Issues

Summary

Relevant information

Steps to reproduce

Expected behavior

Current behavior

System stuff

Metasploit version

I installed Metasploit with:

OS

What OS are you running Metasploit on?

Issue: Multiple concurrent versions of Postgresql DB causes metasploit to not install/initialize it's database properly

Root cause

OS Version

Solution

Full issue description/troubleshooting steps:

Proposed solutions

Steps to reproduce

Were you following a specific guide/tutorial or reading documentation?

Expected behavior

Current behavior

Metasploit version

Additional Information

Symptoms

Cause

Workaround

Possible Fix

Expected behavior

Current behavior

System stuff

Metasploit version

I installed Metasploit with:

OS

Additional

Steps to reproduce

Current behavior

System stuff

I installed Metasploit with:

OS

Recommend Projects

Recommend Topics

Recommend Org