Professional Documents
Culture Documents
Development Environment
adfoster-r7 edited this page on 4 Feb · 121 revisions
Pages 136
MSF-DEV Contents
Dependencies
Downloading
Ruby
Ruby Gems
REST and PostgreSQL
Workflows
Home Welcome to Metasploit!
Using Metasploit A collection of useful links for penetration testers.
Setting Up a Metasploit Development Environment From apt-get install to git push.
CONTRIBUTING.md What should your contributions look like?
Landing Pull Requests Working with other people's contributions.
Using Git All about Git and GitHub.
Contributing to Metasploit Be a part of our open source community.
Meterpreter All about the Meterpreter payload.
Assumptions
You have installed an apt-based Linux environment, such as Ubuntu or Kali.
You have created a GitHub account and associated an public ssh key with it.
You have familiarity with Git and Github, or have completed the Github bootcamp.
For optional database and REST API functionality, you will need regular user
account that is not root.
Install dependencies
1. Open a terminal on your Linux host and set up Git, build tools, and Ruby
dependencies:
sudo apt update && sudo apt install -y git autoconf build-essential libpcap-dev
libpq-dev zlib1g-dev libsqlite3-dev
If you are running a Windows machine
1. Install chocolatey
2. Install Ruby
3. Install pcaprub dependencies from your cmd.exe terminal:
powershell -Command
"[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
; [Net.ServicePointManager]::SecurityProtocol =
[Net.SecurityProtocolType]::Tls12; (New-Object
System.Net.WebClient).DownloadFile('https://www.winpcap.org/install/bin/
WpdPack_4_1_2.zip', 'C:\Windows\Temp\WpdPack_4_1_2.zip')"
1. Login to Github and click the "Fork" button in the top-right corner of
the metasploit-framework repository.
2. Create a git directory in your home folder and clone your fork to your local
machine:
export GITHUB_USERNAME=YOUR_USERNAME_FOR_GITHUB
export GITHUB_EMAIL=YOUR_EMAIL_ADDRESS_FOR_GITHUB
mkdir -p ~/git
cd ~/git
git clone git@github.com:$GITHUB_USERNAME/metasploit-framework
cd ~/git/metasploit-framework
6. Set up msftidy to run before each git commit and after each git merge to quickly
identify potential issues with your contributions:
cd ~/git/metasploit-framework
ln -sf ../../tools/dev/pre-commit-hook.rb .git/hooks/pre-commit
ln -sf ../../tools/dev/pre-commit-hook.rb .git/hooks/post-merge
Install Ruby
Linux distributions do not ship with the latest Ruby, nor are package managers
routinely updated. Additionally, if you are working with multiple Ruby projects,
each one has dependencies and Ruby versions which can start to conflict. For these
reasons, it is advisable to use a Ruby manager.
You could just install Ruby directly (eg. sudo apt install ruby-dev), but you may
likely end up with the incorrect version and no way to update. Instead, consider
using one of the many different Ruby environment managers available. The
Metasploit team prefers rbenv and rvm (note that rvm does require a re-login to
complete).
Regardless of your choice, you'll want to make sure that, when inside
the ~/git/metasploit-framework directory, you are running the correct version of
Ruby:
$ cd ~/git/metasploit-framework
$ cat .ruby-version
3.0.2
$ ruby -v
ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux]
Note: the Ruby version is likely to change over time, so don't rely on the output in
the above example. Instead, confirm your ruby -v output with the version number
listed in the .ruby-version file.
If the two versions don't match, restart your terminal. If that does not work, consult
the troubleshooting documentation for your Ruby environment manager.
Unfortunately, troubleshooting the Ruby environment is beyond the scope of this
document, but feel free to reach out for community support using the links at the
bottom of this document.
Install Gems
Before you run Metasploit, you will need to update the gems (Ruby libraries) that
Metasploit depends on:
cd ~/git/metasploit-framework/
gem install bundler
bundle install
If you encounter an error with the above command, refer to the bundle output and
search for the error message along with the name of the gem that failed. Likely,
you'll need to apt get install a dependency that is required by that particular
gem.
Congratulations! You have now set up a development environment and the latest
version of the Metasploit Framework. If you followed this guide step-by-step, and
you ran into any problems, it would be super great if you could open a new
issue so we can either help you, or, more likely, update the docs.
Optional: Set up the REST API and PostgreSQL
database
The following optional section describes how to manually install PostgreSQL and
set up the Metasploit database. Alternatively, use our Omnibus installer which
handles this more reliably.
cd ~/git/metasploit-framework
./msfdb init
4. If you receive an error about a component not being installed, confirm that
the binaries shown are in your path using the which and find commands,
then modifying your $PATH environment variable. If it was something else,
open a new issue to let us know what happened.
5. If the msfdb init command succeeds, then confirm that the database is
accessible to Metasploit:
$ ./msfconsole -qx "db_status; exit"
Congratulations! You have now set up the Metasploit Web Service (REST API) and
the backend database.
[alias]
# An easy, colored oneline log format that shows signed/unsigned status
nicelog = log --pretty=format:'%Cred%h%Creset -%Creset %s %Cgreen(%cr) %C(bold
blue)<%aE>%Creset [%G?]'
# Shorthand commands to always sign (-S) and always edit the commit message.
m = merge -S --no-ff --edit
c = commit -S --edit
tools/dev/add_pr_fetch.rb
After running the above script, you can checkout other pull requests more easily:
git fetch upstream
git checkout fixes-to-pr-12345 upstream/pr/12345
If you're writing test cases (which you should), then make sure rspec works:
rake spec
You should see over 9000 tests run, mostly resulting in green dots, a few in yellow
stars, and no red errors.