metasploit更新后msfconsole报错You must use Bundler 2 or greater with this lockfile.
在Kali上进行metasploit的更新:
apt-get update apt-get install -y metasploit-framework
执行msfconsole,报错:
You must use Bundler 2 or greater with this lockfile.
看到这里后,去搜索,按网上的方法
gem update --system gem install bundler -v 2.0.1
成功安装2.0.1版本的bundler后,可是执行msfconsole还是同样报错,这里得找Gemfile.lock的路径
cd /usr/share/metasploit-framework/ bundler update # 报错如下 Traceback (most recent call last): 2: from /usr/local/bin/bundler:23:in `<main>' 1: from /usr/local/lib/site_ruby/2.5.0/rubygems.rb:308:in `activate_bin_path' /usr/local/lib/site_ruby/2.5.0/rubygems.rb:289:in `find_spec_for_exe': can't find gem bundler (>= 0.a) with executable bundler (Gem::GemNotFoundException)
最后pcat经过一番摸索,发现最主要的是:安装的bundler版本需要大于等于Gemfile.lock中要求的版本
cd /usr/share/metasploit-framework/ cat Gemfile.lock | grep -A 1 "BUNDLED"
得到bundler的版本
BUNDLED WITH 2.1.4
重新安装这个版本
gem update --system gem install bundler -v 2.1.4
之后msfconsole就可以正常运行。
-= UPDATE 2020.05.02 =-
有好友反映按照pcat上面的方法更新后,运行msfconsole还会报错:
/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:10: warning: constant Gem::ConfigMap is deprecated /usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:10: warning: constant Gem::ConfigMap is deprecated Could not find json-2.3.0 in any of the sources Run `bundle install` to install missing gems.
pcat经过测试后发现gem的版本最近更新得很高,为3.1.2,而且还带来很多warning。
# 例如 NOTE: Gem::Specification#rubyforge_project= is deprecated with no replacement. It will be removed on or after 2019-12-01.
经搜索github上有一个做法是:
gem update --system 3.0.6
这是不可取的,这是把gem的版本降低,虽然降了后可以运行msfconsole,但是bundler、wpscan等运行也会报错。
经多番测试,发现只有把gem更新到3.2.0才可以,直接更新是不行的,必须源码安装:
# 源码安装gem 3.2.0 git clone https://github.com/rubygems/rubygems cd rubygems ruby setup.rb # 再进行修复 apt install ruby-dev -y apt install libpq-dev libpcap-dev libsqlite3-dev -y cd /usr/share/metasploit-framework/ sed -i 's#https://rubygems.org#https://gems.ruby-china.com#' Gemfile bundler install --no-deployment gem install json -v '2.3.0'
这样msfconsole就可以使用了。
不过ruby新版有不少warning:
/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:10: warning: constant Gem::ConfigMap is deprecated /usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:29: warning: constant Gem::ConfigMap is deprecated /usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:30: warning: constant Gem::ConfigMap is deprecated # 解决方法 sed -i "s#Gem::ConfigMap\[:arch\]#RbConfig::CONFIG\['arch'\]#g;s#Gem::ConfigMap\[:ruby_version\]#RbConfig::CONFIG\['ruby_version'\]#g" /usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb
/usr/share/rubygems-integration/all/gems/mime-types-3.2.2/lib/mime/types/logger.rb:30: warning: `_1' is reserved for numbered parameter; consider another name /usr/share/rubygems-integration/all/gems/mime-types-3.2.2/lib/mime/types/logger.rb:30: warning: `_2' is reserved for numbered parameter; consider another name /usr/share/rubygems-integration/all/gems/mime-types-3.2.2/lib/mime/types/logger.rb:30: warning: `_3' is reserved for numbered parameter; consider another name # 暂时没好的解决方法 # 如果不想显示warning export RUBYOPT='-W0'
rubygems最近修改得不少,要想等到一个相对稳定的版本,还需要一段时间。