Automating the Initialisation of the Metasploit Framework Database
I've been working on a project which calls for the automated deployment of a virtual machine, with Metasploit Framework installed and ready to use. The installation of Metasploit Framework on Linux via CLI commands is well documented, and currently looks like this:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
./msfinstall
After the above commands are executed, the user types msfconsole and goes through a one-time process to initialise the metasploit database:
** Welcome to Metasploit Framework Initial Setup **
Please answer a few questions to get started.
Would you like to use and setup a new database (recommended)? yes
Creating database at /home/jholland/.msf4/db
Starting database at /home/jholland/.msf4/db...success
Creating database users
Creating initial database schema
** Metasploit Framework Initial Setup Complete **
...and after being shown a list of statistics for the numbers of exploits and paylods available, the user is presented with the console's prompt:
msf >
I wanted to automate this database initialisation so the user goes straight to the console prompt on first use. I didn't see anything in the project documentation to achieve this, so I created an "expect" script to do the job.
#!/usr/bin/expect -f
set force_conservative 0 ;
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}
set timeout -1
spawn msfconsole
match_max 100000
expect -exact "Would you like to use and setup a new database (recommended)? "
send -- "yes\r"
expect ">"
send -- "exit\r"
expect eof
You can find the latest version of the script here: https://github.com/jamesholland-uk/scripts/blob/master/metasploit-initialise-db.sh
11 Jan 2019 - EDIT: Metasploit Framework 5.0 was released yesterday. An updated script can be found here: https://github.com/jamesholland-uk/scripts/blob/master/metasploit-v5-initialise-db.sh
Executing the installation commands and the "expect" script as part of the build of the Linux virtual machine means the user will go straight into the console without having to do the initialisation steps.
Note that for multi-user systems, the expect script should be run under the context of the target user, for example:
su -c "./metasploit-initialise-db.sh" -s /bin/sh johnsmith
--- home --- twitter --- linkedin ---