Results 1 to 4 of 4

Thread: Why Kali installs both metasploit and metasploit-framework packages by default?

  1. #1
    Join Date
    2015-Mar
    Posts
    3

    Why Kali installs both metasploit and metasploit-framework packages by default?

    Vanilla installation of Kali Linux comes with both metasploit and metasploit-framework packages installed.

    metasploit-framework package includes the free open-source framework only and keeps all its msf* binaries in /usr/share/metasploit-framework/

    metasploit package includes both framework and Rapid7 commercial Metasploit Pro add-ons and keeps its msf* binaries in /opt/metasploit/apps/pro/msf3

    All calls to msf* binaries, e.g. msfconsole, or msfvenom are currently resolved to those in /opt/metasploit/apps/pro/msf3/ directory of metasploit package.

    Binaries in /usr/share/metasploit-framework/ don't even work out of the box: /usr/share/metasploit-framework/msfconsole doesn't start showing "Could not find rake-10.4.2 in any of the sources. Run `bundle install` to install missing gems." error.

    So what is the purpose of keeping the metasploit-framework package installed on the system anyway? In what cases is it actually used?

  2. #2
    Join Date
    2013-Feb
    Posts
    13
    In short, the metasploit-framework package contains all the exploits, auxiliary modules, payloads, etc. i.e. The open source stuff.

  3. #3
    Join Date
    2015-Mar
    Posts
    3
    metasploit package includes the open-source framework and the commercial Rapid7 part. While metasploit-framework package only includes the open-source part.
    Compare the size of corresponding directories, the size is same, they don't differ:

    Code:
    # metasploit-framework package
    rookt@kali:/# cd /usr/share/metasploit-framework
    rookt@kali:/usr/share/metasploit-framework# du -s
    151044
    
    # metasploit package, that incorporates the framework
    rookt@kali:/# cd /opt/metasploit/apps/pro/msf3
    rookt@kali:/opt/metasploit/apps/pro/msf3# du -s
    151044
    The only thing that comes to my mind is that some external tools may be dependant on the metasploit framework location at /usr/share/metasploit-framework.

  4. #4
    Join Date
    2015-Mar
    Posts
    3
    Quote Originally Posted by rufe View Post
    The only thing that comes to my mind is that some external tools may be dependant on the metasploit framework location at /usr/share/metasploit-framework.
    But then ln -s would probably do the job.

    Another thing I see is that all m-f package created links in /usr/bin/ directory are replaced by the m package links pointing to its copy of binaries. That is m-f package installs /usr/bin/msfvenom link pointing to /usr/share/metasploit-framework/msfvenom, and the m package replaces it with the one pointing to /opt/metasploit/apps/pro/msf3/msfvenom, while renaming the original one to /usr/bin/msfvenom.framework.

Similar Threads

  1. Starting up Metasploit Framework in Kali Linux 2.0
    By pamamolf in forum TroubleShooting Archive
    Replies: 10
    Last Post: 2017-12-17, 18:07
  2. Replies: 0
    Last Post: 2016-12-23, 17:30
  3. cannot download "metasploit-framework" and "exploitdb" packages
    By fsasse in forum TroubleShooting Archive
    Replies: 4
    Last Post: 2016-08-01, 11:24
  4. Metasploit Framework won't update!
    By murdoc in forum General Archive
    Replies: 1
    Last Post: 2014-11-03, 09:39

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •