Metasploit on your Pi

So you don't want to run Kali on your Pi... fair enough. Perhaps you just want some very specific tools that you use frequently as part of your day job, or you just want to add to the list of things you can do with your single versatile Raspberry Pi, and maybe you would like a minimalistic install to run your favourite tool in the world... metasploit!

Equipment

I'm using a Raspberry Pi B+ (quad core, 1gb RAM), a 32gb microSD card,  micro WiFi USB dongle (Ralink Technology, Corp. RT5370 Wireless Adapter).

Process Overview

  1. Install Raspbian - I obtained and followed the instructions from http://www.raspbian.org/.
  2. Setup networking and make sure SSH is enabled.
    1. From here I detached from the monitor and did everything over SSH.
  3. Remove all ruby except version 2.1. (or just be normal and install rbenv)
    1. I do this because metasploit heavily relies upon Ruby and having only one version installed helps :)
    2. I also found that trying to run msfupdate would fail with ruby errors. This can be avoided by just setting the correct ruby version in your environment.
  4. Install required packages to obtain and update metasploit-framework.
  5. Install the bundler gem
  6. Fetch metasploit-framework using GIT (subversion has been deprecated).
  7. Update metasploit-framework.
  8. Install metasploit-framework prerequisite gems
  9. Make sure metasploit works!
    1. On the first run, you may get an error about not being able to find 'robots'. Two approaches to fix this:
      1. $ chmod 644 /var/lib/gems/2.1.0/gems/robots-0.10.1/lib/robots.rb
      2. Add your user account to the 'root' group.
  10. Time to pentest.




















Commands


$ sudo apt-get remove ruby1.9.1 libruby1.9.1
$ dpkg -l | grep ruby
$ sudo apt-get purge ruby1.9.1 ruby1.8
--
The following may work instead of removing ruby.
$ sudo apt-get install rbenv
$ rbenv rehash
--
$ apt-get install git ruby rubygems ruby-pg postgresql-common libpq-dev libpcap0.8 bundler ruby-pcaprub libpcap0.8 libpcap0.8-dev libsqlite3-dev 
$ sudo gem install bundler
$ cd $HOME; git clone git://github.com/rapid7/metasploit-framework
$ cd metasploit-framework; ./msfupdate
$ bundle install
...
Bundle complete! 16 Gemfile dependencies, 86 gems now installed.
...
$ ./msfconsole 
http://metasploit.pro

 =[ metasploit v4.11.4-dev-c1b6de90 ]
+ -- --=[ 1494 exploits - 861 auxiliary - 251 post ]
+ -- --=[ 432 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf >

If I have missed anything or this does not work for you, feel free to leave a comment.

Thanks Jeremy Hofman for your notes around rbenv instead of trying to purge ruby from the system! I have personally not fully verified the use of rbenv, it may or may not work, let me know.

References

https://community.rapid7.com/community/metasploit/blog/2013/05/20/git-clone-metasploit-dont-svn-checkout
http://thegreyhats.blogspot.com.au/2012/08/metasploit-on-raspbian-raspberry-pi.html