rapid7/metasploit-omnibus rapid7/metasploit-omnibus

  • Stars
    star
    222
  • Rank 172,467 (Top 4 %)
  • Language
    Ruby
  • Created about 9 years ago
  • Updated 7 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
rapid7/metasploit-omnibus
github

rapid7

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Packaging metasploit-framework with omnibus

metasploit-framework Omnibus project

This project creates full-stack platform-specific packages for metasploit-framework. This is not the same as the Metasploit Community edition. It only contains the framework command-line interface and the associated tools and modules.

Installing the package

If you just want to install this package, we provide a number of pre-built binaries for Metasploit that are rebuilt every night. See https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers for installation information.

Building the package

Prerequisites

This project has a package cache that should be pulled in before building. Run 'git submodule update -i' to download the git submodule that contains these packages. We cache these both for performance, and because occasionally upstream locations go away, and this allows the build to continue without broken dependencies.

Building on Docker

The Dockerfiles for metasploit-omnibus are located within the docker directory of this repository.

You can build images yourself:

git clone https://github.com/rapid7/metasploit-omnibus.git
cd metasploit-omnibus
docker build --tag metasploit-omnibus-builder - < ./docker/kali109-x64/Dockerfile

You can then run a new container using the above tagged image, whilst mounting the current directory as a volume:

docker run -it --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins metasploit-omnibus-builder /bin/bash --login

Or you can run a new container using pre-built images from Rapid7's Docker Hub account:

docker run -it --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins rapid7/msf-kali109-x64-omnibus:2019_01 /bin/bash --login

By default, metasploit-omnibus will download the latest version of Metasploit framework from Github, but also supports building with local copies from /metasploit-framework - full details.

To build omnibus with a local version of Metasploit framework, you can mount your framework repository as a volume to /metasploit-framework within the container. The following command assumes that the repository exists within the parent directory:

docker run -it --rm --volume $(pwd):$(pwd) --volume=$(pwd)/../metasploit-framework:/metasploit-framework --workdir $(pwd) --user jenkins rapid7/msf-kali109-x64-omnibus:2019_01 /bin/bash --login

When running inside the container, you can perform a normal ommibus build:

# Download the git submodule that contains cached packages
git submodule update -i

# install omnibus' dependencies
bundle install --binstubs

# build the metasploit-framework package
bin/omnibus build metasploit-framework

When complete, there will be a new installable .deb file under the 'pkg' directory. Note that the use of Docker volumes may cause builds to run slower.

Building on Ubuntu / Debian systems

In general, a build environment needs a working C/C++ compiler, Ruby 1.9 or higher and the ruby development headers, bundler, git, bison and flex. A quad-core CPU and 4GB of ram are recommended.

The following steps should produce a successful build with Ubuntu and other Debian derivatives, starting from a fresh installation:

# install required packages to build on Ubuntu / Debian systems
sudo apt-get -y install build-essential git ruby bundler ruby-dev bison flex autoconf automake

Configure the omnibus cache and target directories if you want to build as non-root user (recommended).

# setup build directories you can write to
sudo mkdir -p /var/cache/omnibus
sudo mkdir -p /opt/metasploit-framework
sudo chown `whoami` /var/cache/omnibus
sudo chown `whoami` /opt/metasploit-framework

Next setup git if you need to.

# setup git (ignore if you already have it configured)
git config --global user.name "Nobody"
git config --global user.email "[email protected]"

Checkout the metasploit-framework installer builder and install omnibus' dependencies.

# checkout the builder repository
git clone https://github.com/rapid7/metasploit-omnibus.git
cd metasploit-omnibus
# install omnibus' dependencies
bundle install --binstubs

Finally, build the installer itself:

# build the metasploit-framework package
bin/omnibus build metasploit-framework

when complete, there will be a new installable .deb file under the 'pkg' directory.

Building on Windows

From Windows 10, install ruby, msys2, ruby-devkit, wixtoolset, git. Add the following command to the the preparation steps before executing the build command.

xz -d local/cache/*.xz

Building on OS X

From OS X, first install XCode and the command line development tools. I use ruby, bundler, git, bison and flex from the Mac Homebrew project. The rest of the steps are identical to building on Ubuntu. A .pkg file will be under the pkg directory instead.

Clean

You can clean up all temporary files generated during the build process with the clean command:

$ bin/omnibus clean metasploit-framework

Adding the --purge purge option removes ALL files generated during the build including the project install directory (/opt/metasploit-framework) and the package cache directory (/var/cache/omnibus/pkg) as well as ALL files in the local package cache directory (./local/cache):

$ bin/omnibus clean metasploit-framework --purge

Restore the git submodule that contains the local package cache:

$ git submodule update -i

Publish

Omnibus has a built-in mechanism for releasing to a variety of "backends", such as Amazon S3. You must set the proper credentials in your omnibus.rb config file or specify them via the command line.

$ bin/omnibus publish path/to/*.deb --backend s3

Help

Full help for the Omnibus command line interface can be accessed with the help command:

$ bin/omnibus help

More Repositories

1

metasploit-framework

Metasploit Framework
Ruby
31,198
star
2

metasploitable3

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
HTML
4,454
star
3

metasploit-payloads

Unified repository for different Metasploit Framework payloads
C
1,543
star
4

hackazon

A modern vulnerable web app
HTML
944
star
5

ssh-badkeys

A collection of static SSH keys (public and private) that have made their way into software and hardware products.
790
star
6

IoTSeeker

Created by Jin Qian via the GitHub Connector
Perl
735
star
7

recog

Pattern recognition for hosts, services, and content
Ruby
591
star
8

metasploit-vulnerability-emulator

Created by Jin Qian via the GitHub Connector
Perl
424
star
9

mettle

This is an implementation of a native-code Meterpreter, designed for portability, embeddability, and low resource utilization.
C
398
star
10

meterpreter

THIS REPO IS OBSOLETE. USE https://github.com/rapid7/metasploit-payloads INSTEAD
C
318
star
11

sonar

Project Sonar
234
star
12

warvox

Ruby
197
star
13

dap

Data Analysis Pipeline
Ruby
151
star
14

nexpose-client

DEPRECATED: Rapid7 Nexpose API client library written in Ruby
Ruby
145
star
15

embedded-tools

AGS Script
143
star
16

awsaml

Awsaml is an application for providing automatically rotated temporary AWS credentials.
JavaScript
133
star
17

myBFF

myBFF - a Brute Force Framework
Python
132
star
18

docker-logentries

Forward all your Docker logs to logentries, like a breeze
JavaScript
111
star
19

le_node

Node module for logentries.com
JavaScript
108
star
20

jsobfu

Obfuscate JavaScript (beyond repair) with Ruby
JavaScript
89
star
21

metasploit-javapayload

THIS REPO IS OBSOLETE. USE https://github.com/rapid7/metasploit-payloads INSTEAD
Java
87
star
22

ruby_smb

A native Ruby implementation of the SMB Protocol Family
Ruby
76
star
23

vm-console-client-python

the UNOFFICIAL (but useful) Python library for the Rapid7 InsightVM/Nexpose RESTful API
Python
75
star
24

le_js

Client-side JavaScript logging library for Logentries
JavaScript
73
star
25

vm-automation

Created to simplify interactions with virtual machines
Python
73
star
26

insightconnect-plugins

Plugin source code for the InsightConnect SOAR product, developer documentation at https://docs.rapid7.com/insightconnect/getting-started
Python
62
star
27

conqueso

Centrally and dynamically change configuration values of your services!
JavaScript
55
star
28

smbj-rpc

Created by Paul Miseiko via the GitHub Connector
Java
54
star
29

metasploit_data_models

MSF database code, gemified
Ruby
51
star
30

rex-powershell

Rex library for dealing with Powershell Scripts
Ruby
51
star
31

DLLHijackAuditKit

This toolkit detects applications vulnerable to DLL hijacking (released in 2010)
JavaScript
51
star
32

metasploit-aggregator

Created by Jeffrey Martin via the GitHub Connector
Ruby
50
star
33

go-get-proxied

Cross platform retrieval of system proxy configurations
Go
49
star
34

insightvm-sql-queries

InsightVM helpful SQL queries
49
star
35

rex

Rex provides a variety of classes useful for security testing and exploit development.
Ruby
48
star
36

le_ruby

Ruby logging support for logentries.com
Ruby
47
star
37

data

HTML
42
star
38

convection

A fully generic, modular DSL for AWS CloudFormation
Ruby
41
star
39

github-connector

The GitHub Active Directory Connector allows managing GitHub organizations with Active Directory.
Ruby
34
star
40

krip

Dead simple encryption, using WebCrypto under the hood
JavaScript
33
star
41

le_dotnet

.NET support for Logentries
C#
30
star
42

le_java

Direct logging support for Java language
Java
30
star
43

metasploit-credential

Code for modeling and managing credentials in Metasploit, implemented as a Rails Engine
Ruby
29
star
44

re2-java

re2 for Java
Java
27
star
45

vaccination

C
26
star
46

metasploit-baseline-builder

Created by Jeffrey Martin via the GitHub Connector
Python
25
star
47

nexpose-client-python

DEPRECATED : Rapid7 Nexpose API client library written in Python
Python
25
star
48

nexpose-resources

Scripts, SQL queries, and other resources for Nexpose
Ruby
25
star
49

metabot

Use security tools from within IRC.
Ruby
24
star
50

pdf-renderer

Golang based app that will render an html page and create a pdf.
Go
24
star
51

lecli

Seamlessly view recent events, run queries and manage your account from the command line
Python
23
star
52

msfrpc-client

Rapid7 Metasploit API client library written in Ruby
Ruby
23
star
53

propsd

Dynamic property management at scale
JavaScript
22
star
54

builderator

Tools to make CI Packer builds awesome
Ruby
22
star
55

sonar-client

Ruby
21
star
56

savery

JavaScript
21
star
57

tabtalk

Secure, encrypted cross-tab communication in the browser
JavaScript
21
star
58

le_chef

Ruby
20
star
59

Websploit-Tests

A place for scripts that describe web exploits to live so they can be used in testing
PHP
20
star
60

rex-text

Rex library for text generation and manipulation
Ruby
19
star
61

rex-exploitation

Rex library for various exploitation helpers
Ruby
19
star
62

godap

The Data Analysis Pipeline
Go
18
star
63

memorandom

Ruby
18
star
64

dogwatch

A Ruby DSL to create DataDog monitors.
Ruby
17
star
65

akheron-proxy

UART proxy tool for inter-chip analysis.
Python
16
star
66

metakitty

Metakitty, The Metasploit Resource Portal
Ruby
16
star
67

guardian

A lightweight authentication proxy for HTTP services
JavaScript
16
star
68

le_community_packs

Logentries Community Packs
VCL
16
star
69

le_lambda

Python
16
star
70

FullAutoOSINT

Python
15
star
71

fastlib

FastLib provides a "jar-like" format for Ruby libraries, with specific features for the Metasploit Framework
Ruby
15
star
72

react-prefixer

JavaScript
15
star
73

nexpose_java_api

DEPRECATED : A library used to connect to the Nexpose API
Java
15
star
74

raptor-io

The eventual successor to the networking/IO functionalities of Metasploit's REX library
Ruby
13
star
75

geppetto

Geppetto - Virtual machine and infrastructure orchestration
Python
13
star
76

presales-engineering

Shell
13
star
77

marionette.carpenter

A thing that makes tables
JavaScript
13
star
78

docker-image-analyzer

docker image analyzer
Java
13
star
79

tokend

A Node.js daemon that interfaces with Vault and Warden to provide a secure method to deliver secrets to servers in the cloud.
JavaScript
13
star
80

rex-socket

The Rex Socket Abstraction Library
Ruby
12
star
81

psych_shield

PsychShield provides a filtering mechanism for YAML.load when using the Psych parser
Ruby
12
star
82

appspider-pentestkit

Created by Denis Podgurskiy via the GitHub Connector
JavaScript
12
star
83

rex-bin_tools

Created by David Maloney via the GitHub Connector
Ruby
11
star
84

metasploit-vagrant-builders

Build tools to generate vagrant images used by metasploit-framework CI
Ruby
11
star
85

javascript-style-guide

10
star
86

vm-console-client-ruby

The UNOFFICIAL (but useful) Ruby gem for the Rapid7 InsightVM/Nexpose RESTful API
Ruby
10
star
87

insightcloudsec-actions

10
star
88

insightvm-api-examples

Created by Ivan Quintanilla via the GitHub Connector
Python
10
star
89

network_interface

C
10
star
90

attackerkb

Repo for creating-and-tracking issues related to AttackerKB
10
star
91

metasploit-model

Common code, such as validators and mixins, that are shared between ActiveModels in metasploit-framework and ActiveRecords in metasploit_data_models
Ruby
10
star
92

jenkinsci-appspider-plugin

Jenkins plugin that calls the AppSpider API
Java
9
star
93

insightappsec-azure-devops-extension

Rapid7 InsightAppSec Extension for Azure DevOps
TypeScript
9
star
94

recog-java

Recog java
Java
9
star
95

armor

Java
8
star
96

acs

Automatic Ciphertext Service
JavaScript
8
star
97

r7insight_node

node logging support for InsightOps
JavaScript
8
star
98

r7insight_js

Client-side JavaScript logging library for InsightOps
JavaScript
8
star
99

conqueso-client-java

Connect your Java services to Conqueso
Java
8
star
100

insightappsec-api-examples

Project intended to provide guides for InsightAppSec API examples and use cases
Python
8
star