Saturday, October 19, 2013

Setting Up a Metasploit Development Environment for CentOS/Fedora

Here are steps to quickly set up development environment for Metasploit Project on rpm-based (CentOS & Fedora Core) Linux distros. The following is shortened version of official Metasploit tutorial (which describes whole process for Debian/Ubuntu distros). Idea is to prepare basic environment to start development quickly.

Install required packages:
 # yum -y install postgresql-devel libpcap-devel git
Install Ruby environment:
 $ curl -L https://get.rvm.io | bash -s stable --autolibs=enabled \
     --ruby=1.9.3
I got complaints about checksum verification, so I had to run:
 $ ~/.rvm/bin/rvm get stable
and now rerun:
 $ curl -L https://get.rvm.io | bash -s stable --autolibs=enabled \
     --ruby=1.9.3
Source rvm environment for current Bash session (also remember to add it to your ~/.bashrc):
 $ source ~/.rvm/scripts/rvm
Set your default ruby and gemset:
 $ rvm use --create --default 1.9.3-p448@msf
On CentOS when I tried to run from my metasploit-framework checkout:
 $ gem install bundle && bundle install
I got following error message:
 ERROR:  While executing gem ... (Gem::FilePermissionError)
 You don't have write permissions into the
 ~/.rvm/gems/ruby-1.9.3-p448@msf/bin directory.
It turned out that ~/.rvm/gems/ruby-1.9.3-p448@msf/bin directory doesn't exist - creating it solved the problem:
 $ cd ~/.rvm/gems/ruby-1.9.3-p448@msf
 $ mkdir bin
Ater rerun:
 $ gem install bundle && bundle install
I got similar error message (on CentOS):
 ERROR:  While executing gem ... (Gem::FilePermissionError)
 You don't have write permissions into the
 ~/.rvm/gems/ruby-1.9.3-p448@metasploit-framework/bin directory.
As previously, creating bin/ directory solved the issue:
 $ cd ~/.rvm/gems/ruby-1.9.3-p448@metasploit-framework
 $ mkdir bin
From now on bundle installation went smoothly and soon I was able to start msfconsole from my metasploit-framework directory:
 $ ./msfconsole -L
It's all that is required to start hacking on Metasploit codebase. I've ommited some optional steps listed in official tutorial - most notably step with forking official Metasploit repo, but because it is only required to perform pull requests, one can postpone it for now and do it when his new feature/module will be initially implemented.