From Fedora Project Wiki

(modern Fedora versions using dnf instead yum)
 
Line 15: Line 15:
 
== Dependencies ==
 
== Dependencies ==
 
Install the Ruby dependencies using [[yum]] or [[dnf]]:
 
Install the Ruby dependencies using [[yum]] or [[dnf]]:
  $ sudo yum|dnf -y install ruby-irb rubygems rubygem-bigdecimal rubygem-rake rubygem-i18n rubygem-bundler
+
  $ sudo dnf -y install ruby-irb rubygems rubygem-bigdecimal rubygem-rake rubygem-i18n rubygem-bundler
 
Install the git and the svn client:
 
Install the git and the svn client:
  $ sudo yum|dnf -y install git svn
+
  $ sudo dnf -y install git svn
 
In order to build the native extensions (pcaprub, lorcon2, etc), the following packages need to be installed:
 
In order to build the native extensions (pcaprub, lorcon2, etc), the following packages need to be installed:
 +
$ sudo dnf builddep -y ruby
 +
or with yum:
 
  $ sudo yum-builddep -y ruby
 
  $ sudo yum-builddep -y ruby
or with dnf:
 
$ sudo dnf builddep -y ruby
 
  
 
then:
 
then:
  
  $ sudo yum|dnf -y install ruby-devel libpcap-devel
+
  $ sudo dnf -y install ruby-devel libpcap-devel
  
 
Get the latest version of rake
 
Get the latest version of rake
Line 34: Line 34:
 
In order to use the database functionality, RubyGems along with the appropriate drivers must be installed:
 
In order to use the database functionality, RubyGems along with the appropriate drivers must be installed:
 
Postgres is the recommended database:
 
Postgres is the recommended database:
  $ sudo yum|dnf -y install postgresql-server postgresql-devel
+
  $ sudo dnf -y install postgresql-server postgresql-devel
 
  $ sudo gem install pg
 
  $ sudo gem install pg
  
Line 40: Line 40:
  
 
Or for MySQL:
 
Or for MySQL:
  $ sudo yum|dnf -y install mysql-server ruby-mysql
+
  $ sudo dnf -y install mysql-server ruby-mysql
 
Sqlite will work for basic tasks, but is no longer supported!
 
Sqlite will work for basic tasks, but is no longer supported!
  $ sudo yum|dnf -y install sqlite rubygem-sqlite3
+
  $ sudo dnf -y install sqlite rubygem-sqlite3
  
 
== Metasploit Framework ==
 
== Metasploit Framework ==
Line 97: Line 97:
 
== See Also ==
 
== See Also ==
 
* [http://www.metasploit.com/redmine/projects/framework/wiki/Install_Ubuntu Metasploit Wiki: Installation on Ubuntu Linux]
 
* [http://www.metasploit.com/redmine/projects/framework/wiki/Install_Ubuntu Metasploit Wiki: Installation on Ubuntu Linux]
 +
*[https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment Metasploit Wiki: Metasploit Development Environment]

Latest revision as of 17:55, 13 March 2018

Since Metasploit comes with a "self update from Git" feature and is updated with new exploits frequently most users likely prefer building from source or the git checkout.

NOTE: These instructions are outdated, see the updated guide on how to install the Metasploit Penetration Testing Framework for more details.


NOTE: The instruction has been outdated:

  • Fedora 19 ships with Ruby 2.0 and Metasploit requires 1.9.3 to function. rvm is required to get 1.9.3 running
  • Metasploit directory structure has been changed. msf/ is now msf3/
  • Ruby-extension pcaprub is no longer distributed with Metasploit. Use gem install pcaprub

Dependencies

Install the Ruby dependencies using yum or dnf:

$ sudo dnf -y install ruby-irb rubygems rubygem-bigdecimal rubygem-rake rubygem-i18n rubygem-bundler

Install the git and the svn client:

$ sudo dnf -y install git svn

In order to build the native extensions (pcaprub, lorcon2, etc), the following packages need to be installed:

$ sudo dnf builddep -y ruby

or with yum:

$ sudo yum-builddep -y ruby

then:

$ sudo dnf -y install ruby-devel libpcap-devel

Get the latest version of rake

$ sudo gem install rake

Database support

In order to use the database functionality, RubyGems along with the appropriate drivers must be installed: Postgres is the recommended database:

$ sudo dnf -y install postgresql-server postgresql-devel
$ sudo gem install pg

Unfortunately the ruby-postgres RPM can't be used as a replacement.

Or for MySQL:

$ sudo dnf -y install mysql-server ruby-mysql

Sqlite will work for basic tasks, but is no longer supported!

$ sudo dnf -y install sqlite rubygem-sqlite3

Metasploit Framework

Once the dependencies have been installed, download the Unix tarball from the Metasploit download page and run the following commands:

$ wget http://downloads.metasploit.com/data/releases/framework-latest.tar.bz2
$ tar -jxf framework-latest.tar.bz2
$ sudo mkdir -p /opt/metasploit4
$ sudo cp -a msf/ /opt/metasploit4/msf
$ sudo chown root:root -R /opt/metasploit4/msf
$ sudo ln -sf /opt/metasploit4/msf/msf* /usr/local/bin/

Or checkout the source from the upstream git repository in a directory of your choice.

$ git clone git://github.com/rapid7/metasploit-framework.git

Metasploit Extensions

The Metasploit framework includes a few native Ruby extensions that must be compiled in order to use certain types of modules.

To enable WiFi modules:

$ sudo bash
# cd  /opt/metasploit4/msf/external/ruby-lorcon2/
# svn co http://802.11ninja.net/svn/lorcon/trunk lorcon2
# cd lorcon2
# ./configure --prefix=/usr && make && make install
# cd ..
# ruby extconf.rb
# make && make install

To enable raw socket modules:

$ sudo gem install pcaprub

Updates

The Metasploit Framework is updated daily with the latest exploits, payloads, features, and bug fixes. To update your installation of the framework:

$ sudo svn update /opt/metasploit4/msf/

This can also be installed into the root user's crontab:

$ sudo crontab -e -u root # enter the line below
 1 * * * * /usr/bin/svn update  /opt/metasploit4/msf/ >> /var/log/msfupdate.log 2>&1

Database Configuration

Now that the framework is installed, you'll want to configure a database connection, and enable the framework to connect to it:
For postgres, see Metasploit Postgres Setup (recommended by upstream)
For mysql, see mysql_setup
For sqlite, see sqlite_setup (upstream: "not supported!!").

Important.png
This is important
Keep in mind that services firewalld and selinux must be disabled or configured to allow the pass of the exploits and payloads.

See Also