Installation on Linux (generic)¶

The Metasploit Framework requires the Ruby interpreter, RubyGems, Subversion, and a number of dependencies. Unfortunately, many Linux distributions ship with broken Ruby packages and dependency versions that are obsolete and unsupported. This guide can be used to install a binary package for your platform or walk through the basic steps for a "from-scratch" source-based installation. At this time, we recommend the binary installer for the the x86 (32-bit) and x64_x86 (amd64, 64-bit) versions of the following distributions:

Red Hat Enterprise Linux
Fedora and Fedora Core
CentOS
Slackware
Ubuntu (< 8.04)
Arch Linux

Ubuntu (8.04+) users should use the Installing on Ubuntu instructions instead.

BackTrack users should use the Installing on BackTrack instructions instead.

Official Linux x86 (i686+) Binary Installer¶

Download the Linux 32-bit (x86) installer from the downloads page and run the following commands:

$ chmod +x framework-3.*-linux-i686.run
$ sudo ./framework-3.*-linux-i686.run

Once the installation process is complete, enter "hash -r" to reload your path. At this point all of the framework commands should be in the system path (via symlinks in /usr/local/bin), and the framework can be updated by running "msfupdate" as the root user.

Official Linux x64 (amd64) Binary Installer¶

Download the Linux 64-bit (x64) installer from the downloads page and run the following commands:

$ chmod +x framework-3.*-linux-x86_64.run
$ sudo ./framework-3.*-linux-x86_64.run

Using the system packages¶

Prior to trying a full "from-scratch" installation, determine what dependencies work on your platform.

First, download the Unix tarball from the download page and run the following commands:

$ tar xf framework-3.X.tar.gz
$ sudo mkdir -p /opt/metasploit3
$ sudo cp -a  msf3/ /opt/metasploit3/msf3
$ sudo chown root:root -R /opt/metasploit3/msf3
$ sudo ln -sf /opt/metasploit3/msf3/msf* /usr/local/bin/

Second, install whatever Subversion package (only the client is needed) is provided with your distribution. Once the package has been installed, test it with the following command:

$ svn ls https://www.metasploit.com/svn/framework3/trunk/

If this provides a directory listing, it should be usable. If this does not work, you will need to build a newer version of Subversion from source and skip ahead to the next section.

To determine if the Subversion client is new enough to update from a tarball installation:

$ sudo svn update /opt/metasploit3/msf3/

If this succeeds, congratulations, your Subversion client is usable! If this fails, you will need to delete the tarball installation and perform a fresh checkout:

$ sudo rm -rf /opt/metasploit3/msf3/
$ sudo svn checkout https://www.metasploit.com/svn/framework3/trunk /opt/metasploit3/msf3/

Now that Subversion has been sorted out, we need to test the Ruby installation:

$ ruby /opt/metasploit3/msf3/msfconsole

If this brings up a Metasploit Console with no warnings, your Ruby version has support for at least the basic functionality of the framework. If a warning is displayed about "short-named constants" or that your version of Ruby is too old, you will need to build a fresh version of Ruby from source. If a warning is displayed about missing Ruby libraries (openssl, readline, etc) , you can try to resolve those by installing the distribution provided packages. These often use a naming convention like "libopenssl-ruby" or "ruby-openssl".

If Ruby and Subversion are good to go, its time to install RubyGems. If you have a system version of RubyGems already installed, we recommend that you uninstall this and download the latest version of RubyGems from http://www.rubygems.org/ . Download the tar.gz, save it to disk, and run

$ tar -xf rubygems-*.tar.gz
$ cd rubygems*
$ sudo ruby setup.rb install

To verify that everything is working:

$ ruby -rrubygems -rreadline -ropenssl -rirb -rdl -riconv -e 'p :OK'

Installing dependencies from source¶

This method should be seen as a last resort, as it is error-prone and time consuming. First things first, make sure you have gcc, g++, flex, bison, bintuils, and all of the standard development packages installed on your system. On debian-based systems, the command "apt-get build-dep ruby" does a good job of identifying and installing build requirements. Once you have a working compiler (check gcc -v), you can continue to the first step. This process is nearly identical to that used to create the binary packages listed above. If you a binary package installed, delete the /opt/metasploit3 directory before completing these steps.

Installing Ruby¶

At this time, the recommended version of Ruby is 1.9.1. If you would like to use 1.8 anyways, keep in mind that the latest stable 1.8 release contains a bug that breaks support for the framework. The latest stable snapshot of 1.8 has this bug corrected. Ruby 1.9.1 can be downloaded from: ruby-lang.org .

The ruby build process requires that the header files and development libraries for openssl, readline, iconv, and zlib be installed first.

To build Ruby 1.9.1:

$ tar xf ruby-1.9.1-p243.tar.gz
$ cd ruby-1.9.1-p243
$ ./configure --prefix=/opt/metasploit3 --enable-pthread --enable-shared
$ make && make install

This installs Ruby 1.9.1 into /usr/local/ruby19. Now add /usr/local/ruby19/bin into your PATH:

$ export PATH=/opt/metasploit3/bin:$PATH
$ hash -r
$ which ruby
/opt/metasploit3/bin/ruby
$ ruby -v
ruby 1.9.1p243 (2009-07-16 revision 24175) [x86_64-linux]

Verify that all required extensions were built:

$ /opt/metasploit3/bin/ruby -ropenssl  -rreadline -rirb -rdl -riconv -e 'p :OK'

If this fails for any reason, install the development package for the missing library and rebuild/reinstall ruby.

Download Ruby Gems, extract the tarball, and execute the following command:

$ sudo /opt/metasploit3/bin/ruby setup install

Verify Ruby can load RubyGems:

$ /opt/metasploit3/bin/ruby -rrubygems -e 'p :OK'

Installing Subversion¶

Download the subversion and subversion-deps tarballs for the latest release of Subversion.

Extract both tarballs into the same directory:

$ tar xf subversion-1.X.X.tar.bz2
$ tar xf subversion-deps-1.X.X.tar.bz2

Configure and install Subversion into the same prefix as Ruby:

$ ./configure --without-ldap --without-gssapi --with-ssl --without-apxs --prefix=/opt/metasploit3
$ make
$ sudo make install

Verify that Subversion works properly by checking out a fresh copy of metasploit

$ sudo bash
# export LD_LIBRARY_PATH=/opt/metasploit3/lib 
# /opt/metasploit3/bin/svn co https://www.metasploit.com/svn/framework3/trunk/ /opt/metasploit3/msf3/

Configuring the Environment¶

This point, the binaries and libraries exist, but will not run unless the full path and the library path is specified. To work around this, add the following two lines to the .bashrc of any user that plans to use the Metasploit Framework:

export LD_LIBRARY_PATH=/opt/metasploit3/lib
export PATH=/opt/metasploit3/bin:/opt/metasploit3/msf3:$PATH

Building Native Extensions¶

Once the environment has been configured, its time to build the native Ruby extensions in Metasploit.

To enable raw socket modules:

$ sudo apt-get install libpcap-dev
$ sudo bash
# cd /opt/metasploit3/msf3/external/pcaprub/
# /opt/metasploit3/bin/ruby extconf.rb
# make && make install

To enable WiFi modules:

$ sudo bash
# cd /opt/metasploit3/msf3/external/ruby-lorcon2/
# svn co https://802.11ninja.net/svn/lorcon/trunk lorcon2
# cd lorcon2
# ./configure --prefix=/usr && make && make install
# cd ..
# /opt/metasploit3/bin/ruby extconf.rb
# make && make install

Complete¶

As long as the environment has been configured properly, you can start the Metasploit Console just by typing "msfconsole".

In order to update the framework, just run the following command:

$ sudo svn update /opt/metasploit3/msf3/

Updated by HD Moore at 11/18/2009 07:53 am.

Popular entries¶

Also available in: HTML TXT

Metasploit Framework

Wiki