Package Details: metasploit 4.12.16-1

Git Clone URL: https://aur.archlinux.org/metasploit.git (read-only)
Package Base: metasploit
Description: An advanced open-source platform for developing, testing, and using exploit code
Upstream URL: https://www.metasploit.com/
Licenses: BSD
Submitter: None
Maintainer: anthraxx
Last Packager: anthraxx
Votes: 321
Popularity: 5.152983
First Submitted: 2005-12-07 00:45
Last Updated: 2016-07-30 21:24

Latest Comments

evilgnome commented on 2016-05-11 16:44

Just in case someone else finds this useful:

sed -i 's;bundle install;PATH=/usr/bin:$(/usr/bin/ruby -rubygems -e "puts Gem.user_dir")/bin:$PATH bundle install;' PKGBUILD

will allow folks using rbenv to install this properly without a chroot or build user

anthraxx commented on 2016-04-14 13:17

sorry but I won't include workarounds/hacks for custom environments as such as that would mean to try to support any possible weird custom environments. I also had a guy once who insisted that i should replace all 'python' shebangs with 'python3' just because he replaced his 'python' symlink with 'python2'.

Custom environments are: custom. If you don't like to build in a clean chroot, you can simply create a new user called 'build' that does not expose rbenv environment variables.

evilgnome commented on 2016-04-14 00:13

FWIW: The pkgbuild will work for folks who use rbenv if you add this line to the beginning of build():

export PATH=/usr/bin:$(/usr/bin/ruby -rubygems -e "puts Gem.user_dir")/bin:$PATH

anthraxx commented on 2016-04-13 23:36

@evilgnome: sure but if you alter your environment than thats your environment that needs to be made compatible, not the build script. Feel free to build this package in a clean chroot using the devtools package.

evilgnome commented on 2016-04-13 23:27

@anthraxx: if someone has rbenv installed, and loaded with their shell profile, it will pick up on the file ".ruby-version" in the fetched source, and try to change the present shell environment to use the version of ruby specified in the file.

You should be able to reproduce the problem by installing rbenv and putting this in your shell profile:

eval "$(rbenv init -)"

Screenshot: https://i.imgur.com/h7bzFSG.png

anthraxx commented on 2016-03-24 10:27

@marcs: doesn't look package related, feels like your harddrive or box is dying. especially that bsdtar complains about the usr/ directory, where there is no doubt it should exist.

marcs commented on 2016-03-24 09:35

I have a packaging error during installation:
http://pastebin.com/pYgQyUFP

Then if i try to launch msfconsole:
$ ./msfconsole
fatal: Not a git repository (or any of the parent directories): .git
Could not find rake-10.4.2 in any of the sources
Run `bundle install` to install missing gems.

anthraxx commented on 2016-03-14 17:29

@evilgnome: don't know what you mean. check your local ruby setup, this builds fine in a clean chroot with default ruby version 2.3.0p0 and works properly (running that myself)

evilgnome commented on 2016-03-14 17:27

This pkgbuild is incomplete for me. This is what I needed to do on my own so that this would build:

sudo pacman -S rbenv ruby-build
rbenv install -s 2.1.8
mkdir tmp
cd tmp
rbenv local 2.1.8
gem install bundler

anthraxx commented on 2016-03-05 16:22

GI_Jack: indeed, bundler now packages all ruby dependencies into the package and those contain native ruby extensions which are depending on arch

GI_Jack commented on 2016-03-05 15:57

any reason arch=() changed from 'any' to ('i686' 'x86_64')??

anthraxx commented on 2016-03-05 13:04

securitybreach: read the history next time, this was already answered. reinstall your ruby-bundler package as it has not been bumped after moving to [community] and a new ruby version came out.

securitybreach commented on 2016-03-05 04:01

/usr/lib/ruby/2.3.0/rubygems/dependency.rb:319:in `to_specs': Could not find 'bundler' (>= 0) among 11 total gem(s) (Gem::LoadError)
Checked in 'GEM_PATH=/home/comhack/.gem/ruby/2.3.0:/usr/lib/ruby/gems/2.3.0', execute `gem env` for more information
from /usr/lib/ruby/2.3.0/rubygems/dependency.rb:328:in `to_spec'
from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_gem.rb:65:in `gem'
from /usr/bin/bundle:22:in `<main>'
==> ERROR: A failure occurred in build().
Aborting...
:: failed to build metasploit package(s)

julio commented on 2016-03-02 14:23

The AUR packages for armitage provides a systemd service file to start and run msfrpcd. The service file makes use of /usr/bin/msfrpcd. The file /usr/bin/msfrpcd is created from makepkg. When it creates the file (and others) it does not have an interpreter set so when using the service file systemd complains. Below is my proposed patch for the PKGBUILD

---
PKGBUILD | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PKGBUILD b/PKGBUILD
index 2cd7a23..5388d11 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -27,7 +27,7 @@ package() {

for f in "${pkgdir}"/opt/${pkgname}/msf*; do
local _msffile="${pkgdir}/usr/bin/`basename "${f}"`"
- echo "BUNDLE_GEMFILE=/opt/${pkgname}/Gemfile bundle exec ruby /opt/${pkgname}/`basename "${f}"` \"\$@\"" > ${_msffile}
+ echo -e "#!/bin/sh\nBUNDLE_GEMFILE=/opt/${pkgname}/Gemfile bundle exec ruby /opt/${pkgname}/`basename "${f}"` \"\$@\"" > ${_msffile}
chmod 755 ${_msffile}
done

--
2.7.2

GI_Jack commented on 2016-02-19 15:40

add postgresql in optdepends

GI_Jack commented on 2016-01-22 01:34

I am getting the hash:
6f21368ce6a1a48cf30534afdff6ffe79621246f04cfecddf8e38b226b9370ad5acba3f02b7428268b3cead2f30f0bdea68eadd6033dfbe290151bf09da41cd1

package has: sha512sums=('fb09a324eee19ec040f98e9b6db07f0343cc29c3aa3af6a8b542dd4a9bf356f1e67fd0539fa4c3c05b809f623a4c6420a324c525d3fcdd87b39d4206db8958a5')

does anyone know what is going on, can we trust this?

JohnRobson commented on 2016-01-20 01:31

==> Validating source files with sha512sums...
metasploit-4.11.6.tar.gz ... FAILED
==> ERROR: One or more files did not pass the validity check!
==> ERROR: Makepkg was unable to build metasploit.

anthraxx commented on 2016-01-11 12:35

@petterek: ruby has changed to 2.3.0, you need to rebuild all ruby AUR packages yourself (like ruby-bundler)

petterk commented on 2016-01-11 12:10

/usr/lib/ruby/2.3.0/rubygems/dependency.rb:319:in `to_specs': Could not find 'bundler' (>= 0) among 11 total gem(s) (Gem::LoadError)
Checked in 'GEM_PATH=/home/petterk/.gem/ruby/2.3.0:/usr/lib/ruby/gems/2.3.0', execute `gem env` for more information
from /usr/lib/ruby/2.3.0/rubygems/dependency.rb:328:in `to_spec'
from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_gem.rb:65:in `gem'
from /usr/bin/bundle:22:in `<main>'

markzz commented on 2015-10-31 18:04

I wouldn't advise using bundler after the package is installed. They should be installed while the package is being made. This way, you can avoid running bundler as root.

A good example of how to do this is looking at the package gitlab.

anthraxx commented on 2015-05-12 14:08

Do NOT change to http gem source from https it is dangerous and insecure! Sorry for the wall of text, but it is important that people understand that it should not be left in a state where gem's are always pulled via http. This is a security package, people should obviously care about security!!! oO
proper solution follows:

The reason is outdated rubygems package that stores an old certificate.
If you get OpenSSL errors use gem update --system to upgrade the RubyGems system gem.

@linhua: the solution is not a proper fix and dangerous. Please take the advices from that link titled "How to fix error and get back to https with ssl" rather then the marked 'solution'.

For convenience i will copy the right solution here so its also referenced directly in the comments. You should only issue the --system update from a connection where you can be sure its kind of unlikely that you are getting MITM attacked right now.
If this does now work, please also try uninstalling metasploit totally and reinstall it (after the following fix).

How to fix error and get back to https with ssl:
================================================
The reason is old rubygems. So we need to remove ssl source to be able to update gem --system which includes rubygems and so on. after this we can feel free to get back to ssl source.

# to temporarily remove secure connection
gem sources -r https://rubygems.org/
# add insecure connection
gem sources -a http://rubygems.org/
# now we're able to update rubygems without SSL
gem update --system

after updating rubygems do vice versa

# to remove insecure connection
gem sources -r http://rubygems.org/
# add secure connection
gem sources -a https://rubygems.org/

Now you're able to update gems using secure connection.

gem update

If this does now work, please also try uninstalling metasploit totally and reinstall it.

anthraxx commented on 2015-05-12 13:32

@linhua: I will not change this, loading gems via http sounds insane as it makes it incredibly easier for a MITM attack to inject arbitrary gem doing something evil. However i will see if there is a sane solution. changing the retrieval from https to http is *not* a sane solution and should be considered dangerous.

linhua commented on 2015-05-12 12:36

@GI_Jack I also experienced this error.I follow this link.(http://stackoverflow.com/questions/10246023/bundle-install-fails-with-ssl-certificate-verification-error)
and it works fine.

In Gemfile(under /opt/metasploit),You may change

source 'https://rubygems.org'

to

source 'http://rubygems.org'

linhua commented on 2015-05-12 12:33

@GI_Jack I also experience this error.I follow this link.(http://stackoverflow.com/questions/10246023/bundle-install-fails-with-ssl-certificate-verification-error)
and it works fine.

In Gemfile(under /opt/metasploit),You may change

source 'https://rubygems.org'

to

source 'http://rubygems.org'

anthraxx commented on 2015-02-25 17:16

@GI_Jack: I tried this (again) on 2 different machines, works fine. Bundler is handling the dependencies locally and bundler installs xpath 2.0.0 fine in its local vendor directory under /opt/metasploit. Please try a clean install by removing and reinstalling the package.
Also "UnknownHostError" sounds like you had some kind of network issue maybe?

GI_Jack commented on 2015-02-25 16:37

Gem::RemoteFetcher::UnknownHostError: no such name (https://rubygems.org/gems/xpath-2.0.0.gem)
An error occurred while installing xpath (2.0.0), and Bundler cannot continue.
Make sure that `gem install xpath -v '2.0.0'` succeeds before bundling.

add ruby-xpath to depends=(), this fixes the problem

GI_Jack commented on 2015-02-25 16:36

add ruby-xpath to depends=()

anthraxx commented on 2015-02-12 19:35

@sbmomeni: as far it looks working fine (besides a bunch of warnings on startup but thats upstream failure). I will do additional tests and if i still don't find anything problematic I plan to push a new release with updated dependencies at the weekend. Thanks for reporting.

sbmomeni commented on 2015-02-09 20:37

Metasploit compiles and runs using ruby 2.2.0 (the ruby1.9 dependency can be updated).
Also following command should be added to the install script to fix a bug which is described in its wiki page:
chmod o+r /opt/metasploit/vendor/bundle/ruby/2.2.0/gems/robots-0.10.1/lib/robots.rb

anthraxx commented on 2015-01-23 10:28

Petron: please next time just flag this package out-of-date, adding comments for that is just unneeded noise. But thanks for notification.

Petron commented on 2015-01-23 06:41

metasploit has been out-of-date.
The latest version is 4.11.0, whose source code is avaliable at http://downloads.metasploit.com/data/releases/framework-latest.tar.bz2.

frederik commented on 2015-01-09 21:52

Great! Thank you!

anthraxx commented on 2015-01-09 21:40

@frederik: because you seem to be in a hurry, I have "pre-released" the packge to lay around in /opt/metasploit :P
However, there are still a lot of issues and problems which I'm currently fixing and testing, please be patient but i will make this package lot more 'shiny' :D

frederik commented on 2015-01-07 13:51

31c3 is over :)

anthraxx commented on 2014-12-28 21:22

makes sense, will work on this after the 31c3 :)

frederik commented on 2014-12-28 19:43

+1 @ Shibumi - it makes more sense to install into /opt because it is not read-only - msfupdate writes files to the installdir: https://wiki.archlinux.org/index.php/arch_filesystem_hierarchy#.2Fopt:_Problematic_packages

Also it is easier to handle a local bundle instead of a global install.

Patch: http://pastebin.com/7Hz2hMDv

frederik commented on 2014-12-28 18:46

+1 @ Shibumi - it makes more sense to install into /opt because it is not read-only - msfupdate writes files to the installdir: https://wiki.archlinux.org/index.php/arch_filesystem_hierarchy#.2Fopt:_Problematic_packages

It is easier to handle a local bundle instead of a global install - patch:

--- aaa/metasploit.install 2014-12-28 19:24:20.156665873 +0100
+++ bbb/metasploit.install 2014-12-28 19:24:48.277117362 +0100
@@ -1,6 +1,6 @@
update_ruby_deps() {
cd /usr/share/metasploit
- bundle-1.9 install
+ bundle-1.9 install --path vendor/bundle
}


@@ -14,3 +14,8 @@
echo 'Updating ruby dependencies with ruby-bundle'
update_ruby_deps
}
+
+post_remove() {
+ echo 'Deleting metasploit folder to remove local installed gems'
+ rm -rf /usr/share/metasploit
+}

steelcowboy commented on 2014-11-06 04:49

@axper Yes, when I run db_rebuild_cache it tells me "The database is not connected" even though db_status returns "postgresql connected to msf".

axper commented on 2014-11-06 03:31

@steelcowboy
Do you run db_rebuild_cache? It takes at least a few minutes to rebuild the cache, check the cpu usage of ruby/metasploit/postgres processes.

What tables does metasploit create in postgres database?

BTW also try https://aur.archlinux.org/packages/metasploit-git/

steelcowboy commented on 2014-11-06 02:24

There seems to be a problem; my postgresql server is running, msfconsole says connected but it won't build a cache. Anyone else having these issues? Occurs on both of my systems, online researching says a bug in msf

kralyk commented on 2014-10-18 22:37

This pkg didn't work for me at all. I had to remake it, see:

http://files.kral.hk/metasploit/

It should work. Credit goes to MrZYX for the --deployment switch which saves quite a headache...

seberm commented on 2014-10-03 21:37

Hi. I don't have time to maintain metasploit package anymore :(. Feel free to adopt it.

axper commented on 2014-10-03 18:52

@kralyk
Probably. See this: https://bbs.archlinux.org/viewtopic.php?id=186703

kralyk commented on 2014-10-02 17:37

Hi. I'm not exactly thrilled about running bundler as root, is there a way around it?

axper commented on 2014-09-18 05:15

Also I think the package would benefit from "PKGEXT='.pkg.tar'", as the package is fairly large and it takes it a long time to compress during building, while space benefits are negligable.

axper commented on 2014-09-18 05:14

Even when I do db_connect and db_status says "postgresql connected to msf", db_rebuild_cache still says "The database is not connected".

Is this just me or everyone has this problem and I should report this upstream?

ValdikSS commented on 2014-09-17 21:03

Current release or PKGBUILD is broken. You can't update it with msfupdate and msfconsole always says it has 0 exploits - 0 auxiliary - 0 post 0 payloads - 0 encoders - 0 nops

seberm commented on 2014-08-22 17:05

@Shibumi: Any specific reason why to change it?

@axper: Thanks. I will change the source.

axper commented on 2014-08-16 06:45

This PKGBUILD works for me for installing 4.9.3: https://gist.github.com/axper/4026f52d0e33d15c7026

axper commented on 2014-08-16 05:53

The package doesn't properly auto-update. Since the file `framework-latest.tar.bz2` is sitting in the download location, running `makepkg -sif` will still install the version that old file has, and will not download the newest one.

axper commented on 2014-08-16 05:51

Please don't.

@Shibumi any reason for the change?

Shibumi commented on 2014-08-07 00:32

could you change the install path to: /opt/ instead of /usr/share/ ?
/opt/ makes more sense..

seberm commented on 2014-06-04 19:47

Updated. Should be fixed now.

GI_Jack commented on 2014-06-03 02:00

http://downloads.metasploit.com/data/releases/metasploit-latest-linux-installer.run

http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run

GI_Jack commented on 2014-06-03 01:53

curl: (22) The requested URL returned error: 403 Forbidden
==> ERROR: Failure while downloading framework-latest.tar.bz2
Aborting...


what the?

DESPAIR commented on 2014-05-21 04:35

Yup, its work.

Zuckerlie commented on 2014-05-17 01:27

Necessary change in PKGBUILD:


[old]
source=('http://updates.metasploit.com/data/releases/framework-latest.tar.bz2')

must be changed to

[new]
source=('http://downloads.metasploit.com/data/releases/framework-latest.tar.bz2')

Tsetragus commented on 2014-04-12 11:12

The problems I had are resolved, I don't know what solved it, works fine now.

Tsetragus commented on 2014-04-12 08:20

Hi I am experiencing instability since the update. The old fashioned “Database not connected or cache not built” always shows up (it didn't before), also after a few tries of fixing the the postgresql error, metasploit totally screws and doesn't recognize any command even the "exit" one, as not totally a noob I of couse tried to rebuild the cache, restart the PostgreSQL service and etc, but still no hint on what's the cause of it. Even sometimes things seem to be working fine after a db_rebuild_cache, I'd like to know if there is anyway to solve the problem as the unstability of such a program is a pity to me, it worked divinly fine for a year witout updating it even once, but wasn't really secure anymore.
Thank's

seberm commented on 2014-04-11 08:43

@Synthead Yes, I know about it... :/. We have already discussed it. Take a look at the older comments here:

https://aur.archlinux.org/packages/metasploit/?comments=all

test0 commented on 2014-04-10 16:53

Synthead, exactly. Proposed solution is in comments to metasploit-git package.

Synthead commented on 2014-04-07 23:05

This package installs untracked gems as root to /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/. Please alter this PKGBUILD to require packages for these instead. pacman will never update these untracked files, which means the system will be inherently out-of-date and prone to security issues.

test0 commented on 2014-01-10 00:31

Thanks, but now it's "metasploit v4.8.2-2013121101 [core:4.8 api:1.0]" :)

test0 commented on 2013-10-20 21:54

Also, maybe it's the time to bump the version to 4.7.2? framework-latest.tar.bz2 is "metasploit v4.7.2-2013101601 [core:4.7 api:1.0]" now.

test0 commented on 2013-10-20 21:49

Also, maybe it's the time to bump the version to 4.7.2? framework-latest.tar.bz2 is 4.7.2 now.

test0 commented on 2013-10-20 21:34

@seberm @Shibumi
That's simple. Let's watch when this string is appearing:
>unless is_svn || is_git || is_installed || is_apt
is_git and is_svn are pretty self-explanatory, we are not using git or svn here, and haven't corresponding directories .svn or .git (like in metasploit-git package). is_apt too (it attempts to use aptitude package manager to update "metasploit"/"metasploit-framework" packages). is_installed checks whether we have a product key and attemps to use update.rb script, which is also not present here. So you cannot update here with msfupdate.

seberm commented on 2013-10-14 17:32

@Shibumi: Yeah.. it does not work for me, eighter..and I don't know why. Any hint?

@biotin: Strange... for me, it works.

biotin commented on 2013-10-13 22:30


[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html

/usr/bin/msfconsole: line 1: 13850 Aborted (core dumped) ruby-1.9 /usr/share/metasploit/msfconsole "$@"

biotin commented on 2013-10-13 22:26

[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html

/usr/bin/msfconsole: Zeile 1: 13487 Abgebrochen (Speicherabzug geschrieben) ruby-1.9 /usr/share/metasploit/msfconsole "$@"

biotin commented on 2013-10-13 21:04

please make new packet with ruby 2.0. thanks

Shibumi commented on 2013-10-03 15:35

How can I update the msf-exploitdb? msfupdate does not work:

[*]
[*] Attempting to update the Metasploit Framework...
[*]

/usr/share/metasploit/msfupdate:251:in `<main>': Cannot determine checkout type: `/usr/share/metasploit' (RuntimeError)

Shibumi commented on 2013-10-03 14:01

How can I update the exploit-db of metasploit? mfsupdate does not work:

[*]
[*] Attempting to update the Metasploit Framework...
[*]

/usr/share/metasploit/msfupdate:251:in `<main>': Cannot determine checkout type: `/usr/share/metasploit' (RuntimeError)

seberm commented on 2013-08-30 08:55

@American_Jesus: Thanks :)

American_Jesus commented on 2013-08-12 17:55

New PKGBUILD with some fixes http://pastie.org/pastes/8230273/text

seberm commented on 2013-07-17 14:20

+1 yeah.. we can just hope metasploit will move to ruby 2

sakalisc commented on 2013-07-17 11:57

I don't like the way dependencies are handled right now but creating 30 packages just for metasploit seems like a waste of time. Installation is going to take forever as well. I would suggest leaving it as is until a better solution arises.

seberm commented on 2013-07-16 18:58

Hm... There is a problem. Cause metasploit is not compatible with ruby of version 2... I would have to create package for every ruby dependency (of version 1.9) like for example:

ruby-pg => ruby1.9-pg
ruby-activerecord => ruby1.9-activerecord

...and so on.

It seems it's not the best idea...

Any better idea?

seberm commented on 2013-06-25 19:40

Yeah... I know :/. Ok... I try to add every ruby dependency into PKGBUILD dependencies... but first I have to create some "ruby-xyz" packages which do not exist yet

test0 commented on 2013-06-25 15:09

But what about the fact that gems are not tracked by pacman after issuing `bundle install`?

seberm commented on 2013-06-18 21:25

Metasploit is now using ruby1.9 package instead of ruby-2.0.x.

seberm commented on 2013-06-18 15:02

Ok, problems are solved.

It's necessary to downgrade to ruby<2.0.0 (for me ruby-1.9.3_p392-1 is working fine).

After it I just updated ruby deps with:
$ cd /usr/share/metasploit
$ sudo bundle install
Fetching gem metadata from http://rubygems.org/.........
Installing builder (3.0.4)
....
Installing simplecov (0.5.4)
Installing timecop (0.6.1)
Installing yard (0.8.5.2)
Using bundler (1.3.5)
Your bundle is complete!
Use `bundle show [gemname]` to see where a bundled gem is installed.


After this metasploit is working fine for me...
I also added an install file. Everything should work fine now.

Please test. Thanks

Sajmon commented on 2013-06-18 10:15

Hmm, i'm fir bundling rubygems if necessary. Aaaand, guess what? MD5sums ;)

seberm commented on 2013-06-10 20:01

Sorry for my late answer.

- I made some changes in PKGBUILD (according to metasploit-git) - @sakalisc thanks for your hints.
- md5sum updated for metasploit-latest

New PKGBUILD you can find here: http://pastebin.com/nJFD6M82
Please test it and if it's ok I'll update it.

Maybe I should create an install file with "bundle install" command in pre_install() function. What do you think?

- @earlz: I think it's not possible to leave md5sum out because everyone will get an "Integrity checks are missing" error

Now I'm getting same errors like people here: https://aur.archlinux.org/packages/metasploit-git/
I tryied to install gem packages with "$ bundle install" but it doesn't solve my problems:
http://pastebin.com/a9PuwzmS


# Bundle installation output:
$ sudo bundle install
Fetching gem metadata from http://rubygems.org/.........
Fetching gem metadata from http://rubygems.org/..
Using rake (10.0.4)
Using i18n (0.6.1)
Using multi_json (1.0.4)
Using activesupport (3.2.13)
Using builder (3.0.4)
Using activemodel (3.2.13)
Using arel (3.0.2)
Using tzinfo (0.3.37)
Using activerecord (3.2.13)
Using metaclass (0.0.1)
Using mocha (0.13.3)
Using bourne (1.4.0)
Using database_cleaner (0.9.1)
Using diff-lcs (1.2.2)
Using factory_girl (4.2.0)
Using json (1.7.7)
Using pg (0.15.1)
Installing metasploit_data_models (0.15.1)
Using msgpack (0.5.4)
Using nokogiri (1.5.9)
Using pcaprub (0.11.3)
Using redcarpet (2.2.2)
Using robots (0.10.1)
Using rspec-core (2.13.1)
Using rspec-expectations (2.13.0)
Using rspec-mocks (2.13.0)
Using rspec (2.13.0)
Using shoulda-matchers (1.5.2)
Using simplecov-html (0.5.3)
Using simplecov (0.5.4)
Using timecop (0.6.1)
Using yard (0.8.5.2)
Using bundler (1.3.5)
Your bundle is complete!
Use `bundle show [gemname]` to see where a bundled gem is installed

Youpi commented on 2013-06-09 13:27

md5sum framework-latest.tar.bz2
d558c30a31c52b8e588f317cb516a408

alexdantas commented on 2013-06-07 05:24

Same as 'earlz', please update md5sums

sakalisc commented on 2013-06-02 15:37

Hello,
I think that metasploit.sh has the wrong path. Shouldn't it be /opt/metasploit/msf3 ?

Also, when you move the whole $srcdir (why?) you are also moving the two symlinks that makepkg creates for the sources.

Regards,
Chris Sakalis

earlz commented on 2013-06-01 21:08

I get a failing md5sum on framework-latest.tar.bz2 .Updating the md5 and then making appears to work fine. Since the source isn't fixed on a certain release (latest), wouldn't it be appropriate to leave out md5sum?

antoniovazquez commented on 2013-05-22 21:35

Please test http://pastebin.com/kxSmXrKe and update the package.

antoniovazquez commented on 2013-05-22 20:28

The package did not pass sums test:

==> Validating source files with md5sums...
framework-latest.tar.bz2 ... FAILED
metasploit.sh ... Passed

The new sum is: 366cdeb510795fe1a763db87d869396b

antoniovazquez commented on 2013-05-22 20:24

The package did not pass sums test:

==> Validating source files with md5sums...
framework-latest.tar.bz2 ... FAILED
metasploit.sh ... Passed

antoniovazquez commented on 2013-05-22 20:16

Please add postgresql-libs to the dependency list.

msx commented on 2013-05-15 03:34

@uberscientist
That's ruby-pg 0.15.1

uberscientist commented on 2013-04-30 18:36

Hi, just as a note one of the gems needed the postgresql-libs package during the "bundle install" for metasploit, I'm not sure if that would qualify as a dependency or not. Cheers, thanks for maintaining this!

crispaper commented on 2013-04-18 22:32

Nothing to be sorry about, thanks for your work ;)

seberm commented on 2013-04-18 22:29

Hi... updated ;-). Sorry for my late update.

nicebloom commented on 2013-04-18 15:37

You could use the following PKGBUILD to install it:

http://pastebin.com/x6rTk41j

@seberm: looking forward for an update... ;)

nicebloom commented on 2013-04-18 15:30

You could use the following PKGBUILD to install it:
http://pastebin.de/33915

@seberm: looking forward for an update... ;)

Anonymous comment on 2013-03-08 00:43

I was receiving an error while running the msfgui. It was not able to access "./data/gui/msfgui.jar". I noticed that many of the directories and files were prepended with "msf3". Removing this from everything made everything work like a charm. I think the installation is messing the file/directory names (limited to first and second levels only).

jonandermb commented on 2013-03-02 08:57

Can anyone point out how to configure metasploit after installing?
Appart from the exports, I feel there is a lot to do: Are we forced to use the postgresql connection?
Thanks

Anonymous comment on 2013-02-27 22:59

@honza801 i got the same error where do i put

export RUBYLIB=/opt/metasploit/msf3lib/

honza801 commented on 2013-02-21 15:16

@thayoz export RUBYLIB=/opt/metasploit/msf3lib/

Anonymous comment on 2013-02-11 16:26

I've downloaded and build the package, updated the PATH. But when running msf3msfconsole, I got the following:

/usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': cannot load such file -- msfenv (LoadError)
from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require'
from /usr/lib/ruby/gems/1.9.1/gems/fastlib-0.0.7/lib/fastlib.rb:361:in `require'
from /opt/metasploit/msf3msfconsole:19:in `<main>'

It seems that some of the dependencies either from the system or from rubygems are not fully satisfied.

seberm commented on 2013-02-11 08:53

It seems like they forgot to add a slash in their path :-). Thanks for notification. Updated

ArcRaven commented on 2013-02-08 13:02

@ryon.sherman:
Thanks for your update, worked for me! :)

devrs0 commented on 2013-02-07 17:48

@zozo - http://sprunge.us/YWgc

securitybreach commented on 2013-02-07 17:30

Same error as zozo

noplomplom commented on 2013-02-07 12:57

Build failure since update to 4.5.1-1:

-> Found metasploit.sh
==> Validating source files with md5sums...
framework-4.5.1.tar.bz2 ... Passed
metasploit.sh ... Passed
==> Extracting Sources...
-> Extracting framework-4.5.1.tar.bz2 with bsdtar
==> Starting build()...
/tmp/packerbuild-0/metasploit/metasploit/PKGBUILD: line 22: cd: /tmp/packerbuild-0/metasploit/metasploit/src/msf3: No such file or directory
==> ERROR: A failure occurred in build().
Aborting...
The build failed.

vnoel commented on 2013-01-31 18:38

Hi, msfupdate doesn't seem to work ... I get this error:
/opt/metasploit/msfupdate:156:in `<main>': Cannot determine checkout type: `/opt/metasploit' (RuntimeError)

dkorzhevin commented on 2013-01-22 11:01

Please, update to Metasploit 4.5.1 according https://community.rapid7.com/docs/DOC-2144

qrlr commented on 2012-12-31 17:12

@renodesper:
It's just the splash screen ;)

renodesper commented on 2012-12-30 14:56

I tried to install the latest version but I got this warning when execute msfconsole:

Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
EFLAGS: 00010046
eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
ds: 0018 es: 0018 ss: 0018
Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)

Stack:
90909090990909090990909090
90909090990909090990909090
90909090.90909090.90909090
90909090.90909090.90909090
90909090.90909090.09090900
90909090.90909090.09090900
..........................
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
ccccccccc.................
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
.................ccccccccc
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
..........................
ffffffffffffffffffffffffff
ffffffff..................
ffffffffffffffffffffffffff
ffffffff..................
ffffffff..................
ffffffff..................

Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to kill the idle task!
In swapper task - not syncing

nuc commented on 2012-12-05 15:08

Btw I didn't run msfupdate yet. Am I advised to do that?

nuc commented on 2012-12-05 15:06

Now I installed the metasploit AUR package on my laptop and I don't get any warnings.

However the database is not working at all. I installed ruby-pg and postgresql but it still doesn't work.
Sould I try 'gem install pg'?

msf > db_status
[-] No database driver installed. Try 'gem install pg'

Anonymous comment on 2012-12-02 20:03

the official metasploit package doesn't have a systemd unit so it starts the services. only to be used of course if you need it - no point having ports open. ^_^

nuc commented on 2012-12-02 19:52

Important for all users:
I you get a conflict running msfupdate with 'outlook.db', then you need to delete 'outlook.db' from '/opt/metasploit-4.4.0/msf3/modules/post/windows/gather/credentials/' and then run msfupdate again. See http://top-hat-sec.com/forum/index.php?PHPSESSID=ndlq8t7v9lrbp7c1qf6dv0alh5&topic=1564.msg14003#msg14003


@shirokuro: Thx it works now

msf > db_status
[*] postgresql connected to msf3dev

What does "sudo sh /opt/metasploit/ctlscript.sh start" do?

Anonymous comment on 2012-12-02 18:48

oh, and and after reboots do:
sudo sh /opt/metasploit/ctlscript.sh start

Anonymous comment on 2012-12-02 17:20

i would recommend removing the aur metasploit package as well as the .gem folders in /root and your home directory, and rm -rf /opt/metasploit if you want to reinstall to that directory. chmod u+x the installer file and run it. if your browser errors after the installation just navigate to https://localhost:3790 (assuming you set that port, which is the default). it'll warn you about the certificate - it's fine. then msfupdate and msfconsole should work as intended.

nuc commented on 2012-12-02 17:16

Ah, I suppose the ruby-pg package is the same as libpq-dev in Ubuntu?

Hm, I still wonder why metasploit has no connection to the database.


@shirokuro: Thanks for the tip I'll give that a try. Since the installer installs metasploit in /opt/metasploit I don't need to remove my current metasploit, do I?

Anonymous comment on 2012-12-02 16:34

no offense to the packager, but you could just save yourself the headache and install with the official download package at the metasploit website.

nuc commented on 2012-12-02 16:18

I had ruby-pg installed, yes.

nuc commented on 2012-12-02 16:11

ok, I had to rebuild metasploit with postgresql installed and now metasploit finds the database:

msf > db_status
[*] postgresql selected, no connection

I found the info to install postgresql here: http://wikimatze.de/installing-postgresql-gem-under-ubuntu-and-mac
Do I also need to install libpq-dev as mentioned there? The Arch repo only contains libpqxx package...


However I still get the warnings mentioned in my second post.

sakalisc commented on 2012-12-02 15:46

Did you install the ruby-pg package? It's an optional dependency.

nuc commented on 2012-12-02 15:31

I got more issues:

msf > db_status
[-] No database driver installed. Try 'gem install pg'
msf > gem install pg
[*] exec: gem install pg

WARNING: You don't have /root/.gem/ruby/1.9.1/bin in your PATH,
gem executables will not run.
Building native extensions. This could take a while...
Successfully installed pg-0.14.1
1 gem installed
Installing ri documentation for pg-0.14.1...
Installing RDoc documentation for pg-0.14.1...
msf > db_status
[-] No database driver installed. Try 'gem install pg'

What the ??

sakalisc commented on 2012-12-02 08:15

I get no warnings when I start msfconsole. As for your other question, I do use msfupdate but I have to force the update when the package is updated.

nuc commented on 2012-12-02 00:50

I get some warnings when I start metasploit:
http://pastebin.com/nphXATqf

Do others also have this issue?

nuc commented on 2012-12-01 14:39

Is it actually safe to run msfupdate?

seberm commented on 2012-11-17 19:24

OK. I tried some modules without ruby-msgpack and they worked fine for me too. So, I changed ruby-msgpack to optdep for armitage.

If there is some problem with this change, just let me know.

Thank you

sakalisc commented on 2012-11-16 18:51

I am not really sure myself. The Armitage manual installation guide gives the
msgpack gem as a requirement, that's why I asked. I tried some basic modules
without the ruby-msgpack package and they worked but I can't test all the modules
of course.

seberm commented on 2012-11-16 01:50

Hello. I really don't know if ruby-msgpack is only used by armitage. I haven't found any information about it (README.md). Have you tried metasploit without this package? If everything works fine, I'll change ruby-msgpack to optdep.

sakalisc commented on 2012-11-05 17:42

Hello. I like the new PKGBUILD however, is ruby-msgpack used by anything except armitage and if not, wouldn't it be better if it was an optional dependency?

dkorzhevin commented on 2012-11-03 21:16

Thanks for the package!

Anonymous comment on 2012-10-24 14:56

Recommend not to remove all .svn directories in PKGBUILD file for we can continue do msfupdate later.

Anonymous comment on 2012-08-20 15:49

recommend the installer, beware issues if using systemd

noplomplom commented on 2012-08-04 15:38

New version 4.4.0 available (md5sum = '674b6bf22606298c98e7735b994dec25')

seberm commented on 2012-07-18 21:26

Hi, never mind. But thank for the hint.

Anonymous comment on 2012-07-15 02:09

Ignore me; this isn't this packages problem; it's in the dependency chain.

Anonymous comment on 2012-07-11 03:48

rubygems has apparently been renamed to rubygems1.8

Getting the following:
Dependency `rubygems' of `metasploit' does not exist.

seberm commented on 2012-05-05 12:31

Updated. Thank you :-)

sploit commented on 2012-05-04 07:53

Appanrently this PKGBUILD contains a wrong md5sum:

md5sums=('08bdac20ed98b11456cf413ef852c0f2'
'912c21a795ac6116a8c13bee876ddf99')

The first one in the list needs to be replaced with:


t@thinkpad ~/downloads $ md5sum framework-4.3.0.tar.bz2
d5607fba7f6fff8b5e5c19aacde4064e framework-4.3.0.tar.bz2

Anonymous comment on 2012-04-24 12:22

They are required to run armitage, which is a part of this package. I migrated to Arch few days ago, so I don't really know, what kind of dependency they are

seberm commented on 2012-04-24 10:19

Ok... if ruby-msgpack and ruby-pg are necessary for running of metaspolit-4.3.0 I'll add them as dependecies. But, if they are not required maybe we should consider adding them as optional deps. What do you think?

Anonymous comment on 2012-04-24 09:38

and I had to install ruby-pg and ruby-msgpack to get it work, may be it would be better to set them as dependencies?

Anonymous comment on 2012-04-24 09:35

can't update to 4.3... installed without aur from svn and there I have v4.3.0 release...

seberm commented on 2012-04-24 09:00

What exactly is not working? Are you getting same error? For me everything works fine.

$ ruby -v
ruby 1.9.3p194 (2012-04-20 revision 35410) [i686-linux]

Anonymous comment on 2012-04-24 08:50

any manual or something to get it work?
it doesn't even update...

idovitz commented on 2012-04-19 11:16

After install cant run the program:

/usr/bin/msfcli -> /tmp/yaourt-tmp-MYUSERNAME/aur-metasploit-svn/src/metasploit/msfcli

file not exist!

TuxLyn commented on 2012-03-21 17:36

I have version 4.2.0 in my repos if any one interested see http://wiki.gotux.net/archlinux/packages/security

TuxLyn commented on 2012-03-20 21:27

I have version 4.2.0 in my repos if any one interested see http://wiki.gotux.net/arch/packages

seberm commented on 2011-05-18 14:45

Thanks:-).

Updated.

Synthead commented on 2011-05-18 12:36

java-runtime is a "fake" package that could include openjdk6, jre, or another java implementation of a user's choice. Since there's a handful to choose from, packages should indeed have "java-runtime" as the dependency so the user can choose which software should satisfy the dependency.

In a nutshell, please revert the PKGBUILD to use "java-runtime"

seberm commented on 2011-05-17 17:37

Updated - 3.7.1:

Release notes here:
https://dev.metasploit.com/redmine/projects/pro/wiki/Updates

seberm commented on 2011-05-07 21:08

Changed:-). Thanks

jyaworski commented on 2011-05-07 12:05

Just a small thing about the PKGBUILD's opt-depends; there's no package java-runtime. Maybe change it to openjdk6.

seberm commented on 2011-05-04 17:44

Updated:-)..
- Release notes here: https://dev.metasploit.com/redmine/projects/framework/wiki/Release_Notes_370

Is the "!strip" option still needed?

hellnest commented on 2011-04-03 21:42

Thanks for this. :)

hellnest commented on 2011-04-03 21:36

Thanks for this. :)

seberm commented on 2011-04-03 21:35

I've found this advice: http://aur.archlinux.org/packages.php?ID=23031 (Comment by phara0h)
Problem causes libeay32.lib.

hellnest commented on 2011-04-03 21:07

what's the diff that causing strip error before?

seberm commented on 2011-04-03 20:23

Problems with strip were fixed.

seberm commented on 2011-03-27 19:58

Sorry, I can't help here. Maybe try to install metasploit-svn: http://aur.archlinux.org/packages.php?ID=23031 ;-)

seberm commented on 2011-03-27 19:57

Sorry, I can't help here. Maybe try to install http://aur.archlinux.org/packages.php?ID=23031 ;-)

hellnest commented on 2011-03-23 14:51

Using binutils from extra or core still gave me a same result

hellnest commented on 2011-03-23 14:48

Failed to build
/usr/bin/strip:./usr/src/metasploit/data/meterpreter/msflinker_linux_x86.bin: File truncated

seberm commented on 2011-03-20 10:39

Hi,
I found this bug: http://www.metasploit.com/redmine/issues/3689
It seems you have the same problem.

I'm using ruby from [extra]:
$ ruby -v
ruby 1.9.2p180 (2011-02-18 revision 30909) [i686-linux]
$ gem -v
1.3.7

... and everything works fine.
Maybe try to reinstall or downgrade your ruby package.

mortzu commented on 2011-03-19 22:03

getting this on startup: http://planetcyborg.de/np/?g=355523

andre.vmatos commented on 2011-03-17 23:58

Got this message error on strip:
/usr/bin/strip:./usr/src/metasploit/data/meterpreter/msflinker_linux_x86.bin: File truncated
And failed on package build.

Bonstra commented on 2011-03-09 18:58

Metasploit 3.6.0 is out.

seberm commented on 2011-02-13 18:47

Updated to 3.5.2! (Thanks for notification:-))

Some pieces of information about metasploit 3.4.2 you can find here:
http://www.metasploit.com/redmine/projects/framework/wiki/Release_Notes_352
http://blog.metasploit.com/2011/02/metasploit-framework-352-released.html

mortzu commented on 2010-12-16 14:08

3.5.1 is releases

M0Rf30 commented on 2010-12-11 11:22

take a look to this
S=${WORKDIR}/msf3
27
28 src_install() {
29 if [[ "${SRC_URI}" != "" ]] ; then
30 # svn sources...
31 find "${S}" -type d -name ".svn" -print0 | xargs -0 -n1 rm -R
32 fi

ptchinster commented on 2010-11-10 15:12

@pootzko

Use metasploit-svn

Anonymous comment on 2010-11-10 09:25

when trying to 'svn update' from msfconsole, I get this..

[*] exec: svn update

Skipped '.'

tried googleing it, but eventualy could not make it work. any hints please? thank you

seberm commented on 2010-10-13 21:16

Added:). Thank you.

ptchinster commented on 2010-10-13 21:11

Add op depends = dradis

http://aur.archlinux.org/packages.php?ID=41769

seberm commented on 2010-08-21 18:53

Yeah:), Sorry for this. I think it's now ok.

solstice commented on 2010-07-05 20:56

there is a bug , no ?
because /etc/profile.d/metasploit.sh has 600 permission once the package is installed.
it should be 755.