Metasploit

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Add note about metasploit 3.x license change.)
Line 1: Line 1:
 +
{{admon/warning|Metasploit 3.x Licensing|The information on this page about Metasploit 3.x licensing may be out of date (see http://blog.metasploit.com/2008/10/metasploit-32-bsd-licensing.html).}}
 +
 
Metasploit 3.x is under the non-free [[Licensing/Metasploit Framework License | Metasploit Framework License]] and cannot be packaged in Fedora.
 
Metasploit 3.x is under the non-free [[Licensing/Metasploit Framework License | Metasploit Framework License]] and cannot be packaged in Fedora.
 
But since Metasploit comes with a "self update from SVN" feature and is updated with new exploits frequently most users likely prefer building from source anyway. This page adapts instructions on [http://www.metasploit.com/redmine/projects/framework/wiki/Install_Ubuntu Metasploit Wiki: Installation on Ubuntu Linux] to Fedora.
 
But since Metasploit comes with a "self update from SVN" feature and is updated with new exploits frequently most users likely prefer building from source anyway. This page adapts instructions on [http://www.metasploit.com/redmine/projects/framework/wiki/Install_Ubuntu Metasploit Wiki: Installation on Ubuntu Linux] to Fedora.

Revision as of 07:08, 16 May 2011

Warning (medium size).png
Metasploit 3.x Licensing
The information on this page about Metasploit 3.x licensing may be out of date (see http://blog.metasploit.com/2008/10/metasploit-32-bsd-licensing.html).

Metasploit 3.x is under the non-free Metasploit Framework License and cannot be packaged in Fedora. But since Metasploit comes with a "self update from SVN" feature and is updated with new exploits frequently most users likely prefer building from source anyway. This page adapts instructions on Metasploit Wiki: Installation on Ubuntu Linux to Fedora.

Contents

Dependencies

Install the Ruby dependencies:

$ sudo yum -y install ruby-irb ruby-ri rubygems

Install the Subversion client:

$ sudo yum -y install subversion

In order to build the native extensions (pcaprub, lorcon2, etc), the following packages need to be installed:

$ sudo yum-builddep -y ruby
$ sudo yum -y install ruby-devel libpcap-devel

Database support

In order to use the database functionality, RubyGems along with the appropriate drivers must be installed: Postgres is the recommended database:

$ sudo yum -y install postgresql-server postgresql-devel
$ sudo gem install pg  # you can't use the distro ruby-postgres rpm as a replacement

Or for MySQL:

$ sudo yum -y install mysql-server ruby-mysql

Sqlite will work for basic tasks, but is no longer supported!

$ sudo yum -y install sqlite rubygem-sqlite3-ruby

Metasploit Framework

Once the dependencies have been installed, download the Unix tarball from the Metasploit download page and run the following commands:

$ tar -xf framework-3.X.tar.gz
$ sudo mkdir -p /opt/metasploit3
$ sudo cp -a msf3/ /opt/metasploit3/msf3
$ sudo chown root:root -R /opt/metasploit3/msf3
$ sudo ln -sf /opt/metasploit3/msf3/msf* /usr/local/bin/

Metasploit Extensions

The Metasploit framework includes a few native Ruby extensions that must be compiled in order to use certain types of modules. To enable raw socket modules:

$ sudo yum -y install libpcap-devel
$ sudo bash
# cd /opt/metasploit3/msf3/external/pcaprub/
# ruby extconf.rb
# make && make install

To enable WiFi modules:

$ sudo bash
# cd  /opt/metasploit3/msf3/external/ruby-lorcon2/
# svn co https://802.11ninja.net/svn/lorcon/trunk lorcon2
# cd lorcon2
# ./configure --prefix=/usr && make && make install
# cd ..
# ruby extconf.rb
# make && make install

Updates

The Metasploit Framework is updated daily with the latest exploits, payloads, features, and bug fixes. To update your installation of the framework:

$ sudo svn update /opt/metasploit3/msf3/

This can also be installed into the root user's crontab:

$ sudo crontab -e -u root # enter the line below
 1 * * * * /usr/bin/svn update  /opt/metasploit3/msf3/ >> /var/log/msfupdate.log 2>&1

Database Configuration

Now that the framework is installed, you'll want to configure a database connection, and enable the framework to connect to it:
For postgres, see Metasploit Postgres Setup (recommended by upstream)
For mysql, see mysql_setup
For sqlite, see sqlite_setup (upstream: "not supported!!").

See Also