Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 19 Sep 2021 13:22:59 +0200 (CEST)
From:      Marco Beishuizen <mbeis.bsd@xs4all.nl>
To:        freebsd-ports@freebsd.org
Subject:   security/metasploit: package ... is not in GOROOT
Message-ID:  <123eeb3e-e6cc-e9ec-c31-99e0386e108c@xs4all.nl>

next in thread | raw e-mail | index | archive | help
Hi,

I'm trying to create an portupdate for metasploit. The created patch is 
working fine and the new metasploit works, but when starting metasploit I 
get some warnings:

[...]
[!] The following modules could not be loaded!..|
[!] 
/usr/local/share/metasploit/modules/auxiliary/scanner/msmail/exchange_enum.go
[!] 
/usr/local/share/metasploit/modules/auxiliary/scanner/msmail/onprem_enum.go
[!] 
/usr/local/share/metasploit/modules/auxiliary/scanner/msmail/host_id.go
[!] Please see /home/marco/.msf4/logs/framework.log for details.
[...]

Checking framework.log reveals that:

[...]
/usr/local/share/metasploit/modules/auxiliary/scanner/msmail/exchange_enum.go:8:2: 
package metasploit/module is not in GOROOT 
(/usr/local/go/src/metasploit/module)
/usr/local/share/metasploit/modules/auxiliary/scanner/msmail/exchange_enum.go:9:2: 
package msmail is not in GOROOT
(/usr/local/go/src/msmail)
[...]

So metasploit is searching in /usr/local/go while the go modules are 
installed in /usr/local/share/metasploit/modules.

I added "USES=go", "SHEBANG_LANG=go" and the relative paths to 
"SHEBANG_FILES", but it keeps giving the warnings. The Makefile so 
far is:

[...]
# Created by: Yonatan <onatan@gmail.com>

PORTNAME=	metasploit
PORTVERSION=	6.1.6
CATEGORIES=	security

MAINTAINER=	tanawts@gmail.com
COMMENT=	Exploit-Framework for Penetration-Testing

LICENSE=	BSD3CLAUSE
LICENSE_FILE=	${WRKSRC}/COPYING

RUN_DEPENDS=	nmap:security/nmap \
 		${PYTHON_PKGNAMEPREFIX}requests>=0:www/py-requests@${PY_FLAVOR} \
 		rubygem-activerecord52>=5.2.2:databases/rubygem-activerecord52 \
 		rubygem-activesupport52>=5.2.2:devel/rubygem-activesupport52 \
 		rubygem-actionpack52>=5.2.2:www/rubygem-actionpack52 \
 		rubygem-bcrypt>=0:security/rubygem-bcrypt \
 		rubygem-bson>=0:devel/rubygem-bson \
 		rubygem-bundler>=0:sysutils/rubygem-bundler \
 		rubygem-jsobfu>=0:www/rubygem-jsobfu \
 		rubygem-json>=0:devel/rubygem-json \
 		rubygem-metasm>=0:devel/rubygem-metasm \
 		rubygem-metasploit-aggregator>=0:security/rubygem-metasploit-aggregator \
 		rubygem-metasploit-concern>=0:security/rubygem-metasploit-concern \
 		rubygem-metasploit-credential>=0:security/rubygem-metasploit-credential \
 		rubygem-metasploit_data_models>=0:security/rubygem-metasploit_data_models \
 		rubygem-metasploit-model>=0:security/rubygem-metasploit-model \
 		rubygem-metasploit-payloads>=2.0.24:security/rubygem-metasploit-payloads \
 		rubygem-metasploit_payloads-mettle>=1.0.2:security/rubygem-metasploit_payloads-mettle \
 		rubygem-msgpack>=0:devel/rubygem-msgpack \
 		rubygem-network_interface>=0:net/rubygem-network_interface \
 		rubygem-rubyntlm>=0:net/rubygem-rubyntlm \
 		rubygem-nokogiri>=0:textproc/rubygem-nokogiri \
 		rubygem-packetfu>=0:net/rubygem-packetfu \
 		rubygem-pcaprub>=0:net/rubygem-pcaprub \
 		rubygem-pg>=0:databases/rubygem-pg \
 		rubygem-railties52>=5.2.2:www/rubygem-railties52 \
 		rubygem-recog>=0:security/rubygem-recog \
 		rubygem-openssl-ccm>=0:security/rubygem-openssl-ccm \
 		rubygem-octokit>=0:net/rubygem-octokit \
 		rubygem-redcarpet>=0:textproc/rubygem-redcarpet \
 		rubygem-patch_finder>=0:devel/rubygem-patch_finder \
 		rubygem-puma>=0:www/rubygem-puma \
 		rubygem-thin>=0:www/rubygem-thin \
 		rubygem-sinatra>=0:www/rubygem-sinatra \
 		rubygem-warden>=0:devel/rubygem-warden \
 		rubygem-em-http-request>=0:www/rubygem-em-http-request \
 		rubygem-tzinfo-data>=0:devel/rubygem-tzinfo-data \
 		rubygem-sshkey>=0:security/rubygem-sshkey \
 		rubygem-bit-struct>=0:devel/rubygem-bit-struct \
 		rubygem-windows_error>=0:devel/rubygem-windows_error \
 		rubygem-xmlrpc>=0:net/rubygem-xmlrpc \
 		rubygem-pdf-reader>=0:print/rubygem-pdf-reader \
 		rubygem-ruby-macho>=0:devel/rubygem-ruby-macho \
 		rubygem-dnsruby>=0:dns/rubygem-dnsruby \
 		rubygem-mqtt>=0:net/rubygem-mqtt \
 		rubygem-net-ldap>=0:net/rubygem-net-ldap \
 		rubygem-net-ssh>=0:security/rubygem-net-ssh \
 		rubygem-ed25519>=0:security/rubygem-ed25519 \
 		rubygem-bcrypt_pbkdf>=0:security/rubygem-bcrypt_pbkdf \
 		rubygem-ruby_smb>=0:net/rubygem-ruby_smb \
 		rubygem-rex-arch>=0:security/rubygem-rex-arch \
 		rubygem-rex-bin_tools>=0:security/rubygem-rex-bin_tools \
 		rubygem-rex-core>=0:security/rubygem-rex-core \
 		rubygem-rex-encoder>=0:security/rubygem-rex-encoder \
 		rubygem-rex-exploitation>=0:security/rubygem-rex-exploitation \
 		rubygem-rex-java>=0:security/rubygem-rex-java \
 		rubygem-rex-mime>=0:security/rubygem-rex-mime \
 		rubygem-rex-nop>=0:security/rubygem-rex-nop \
 		rubygem-rex-ole>=0:security/rubygem-rex-ole \
 		rubygem-rex-powershell>=0:security/rubygem-rex-powershell \
 		rubygem-rex-random_identifier>=0:security/rubygem-rex-random_identifier \
 		rubygem-rex-registry>=0:security/rubygem-rex-registry \
 		rubygem-rex-rop_builder>=0:security/rubygem-rex-rop_builder \
 		rubygem-rex-socket>=0:security/rubygem-rex-socket \
 		rubygem-rex-sslscan>=0:security/rubygem-rex-sslscan \
 		rubygem-rex-struct2>=0:security/rubygem-rex-struct2 \
 		rubygem-rex-text>=0:security/rubygem-rex-text \
 		rubygem-rex-zip>=0:security/rubygem-rex-zip \
 		rubygem-rubyzip>=0:archivers/rubygem-rubyzip \
 		rubygem-sqlite3>=0:databases/rubygem-sqlite3 \
 		rubygem-tzinfo>=0:devel/rubygem-tzinfo \
 		rubygem-filesize>=0:devel/rubygem-filesize \
 		rubygem-openvas-omp>=0:security/rubygem-openvas-omp \
 		rubygem-nessus_rest>=0:security/rubygem-nessus_rest \
 		rubygem-nexpose>=0:security/rubygem-nexpose \
 		rubygem-xdr>=0:converters/rubygem-xdr \
 		rubygem-faker>=0:devel/rubygem-faker \
 		rubygem-concurrent-ruby>=0:devel/rubygem-concurrent-ruby \
 		rubygem-hrr_rb_ssh>=0:security/rubygem-hrr_rb_ssh \
 		rubygem-irb>=0:devel/rubygem-irb \
 		rubygem-aws-sdk-s3>=0:devel/rubygem-aws-sdk-s3 \
 		rubygem-aws-sdk-ec2>=0:devel/rubygem-aws-sdk-ec2 \
 		rubygem-aws-sdk-iam>=0:devel/rubygem-aws-sdk-iam \
 		rubygem-faye-websocket>=0:www/rubygem-faye-websocket \
 		rubygem-eventmachine>=0:devel/rubygem-eventmachine \
 		rubygem-zeitwerk>=0:devel/rubygem-zeitwerk

USES=		cpe go python shebangfix
USE_RUBY=	yes
SHEBANG_LANG=	go
SHEBANG_FILES=	data/exploits/CVE-2017-17562/build.sh \
 		data/exploits/CVE-2017-17562/install-deps.sh \
 		data/exploits/CVE-2017-7494/build.sh \
 		data/exploits/CVE-2017-7494/install-deps.sh \
 		data/exploits/CVE-2021-3156/nss_generic2.py \
 		data/exploits/CVE-2021-3156/nss_u14.py \
 		data/exploits/CVE-2021-3156/nss_u16.py \
 		data/exploits/CVE-2021-3156/userspec_c7.py \
 		data/exploits/CVE-2021-3156/userspec_generic.py \
 		docker/entrypoint.sh \
 		external/source/exploits/CVE-2020-9850/payload/loader/make.py \
 		external/source/exploits/CVE-2020-9850/payload/sbx/build-threadexec.sh \
 		external/source/exploits/CVE-2020-9850/payload/sbx/build-webkit.sh \
 		external/source/exploits/CVE-2020-9850/payload/sbx/embed.py \
 		external/source/shellcode/windows/build.sh \
 		external/source/shellcode/windows/x64/build.py \
 		external/source/shellcode/windows/x86/build.py \
 		external/source/shellcode/windows/x86/src/hash.py \
 		external/source/msfJavaToolkit/compile.sh \
 		external/source/msfJavaToolkit/testKeytool.rb \
 		external/source/msfJavaToolkit/testCompilation.rb \
 		external/source/metsvc/test.rb \
 		docker/bin/msfvenom \
 		docker/bin/msfconsole \
 		modules/auxiliary/example.py \
 		modules/auxiliary/admin/http/cisco_7937g_ssh_privesc.py \
 		modules/auxiliary/admin/http/grafana_auth_bypass.py \
 		modules/auxiliary/admin/teradata/teradata_odbc_sql.py \
 		modules/auxiliary/dos/cisco/cisco_7937g_dos.py \
 		modules/auxiliary/dos/cisco/cisco_7937g_dos_reboot.py \
 		modules/auxiliary/dos/http/slowloris.py \
 		modules/auxiliary/dos/tcp/claymore_dos.py \
 		modules/auxiliary/gather/get_user_spns.py \
 		modules/auxiliary/gather/mikrotik_winbox_fileread.py \
 		modules/auxiliary/gather/office365userenum.py \
 		modules/auxiliary/scanner/http/onion_omega2_login.py \
 		modules/auxiliary/scanner/http/rdp_web_login.py \
 		modules/auxiliary/scanner/msmail/exchange_enum.go \
 		modules/auxiliary/scanner/msmail/host_id.go \
 		modules/auxiliary/scanner/msmail/onprem_enum.go \
 		modules/auxiliary/scanner/smb/impacket/dcomexec.py \
 		modules/auxiliary/scanner/smb/impacket/secretsdump.py \
 		modules/auxiliary/scanner/smb/impacket/wmiexec.py \
 		modules/auxiliary/scanner/ssl/bleichenbacher_oracle.py \
 		modules/auxiliary/scanner/teradata/teradata_odbc_login.py \
 		modules/auxiliary/scanner/wproxy/att_open_proxy.py \
 		modules/exploits/example.py \
 		modules/exploits/linux/smtp/haraka.py \
 		tools/dev/import-dev-keys.sh \
 		tools/dev/update_joomla_components.py \
 		tools/dev/sign-dev-keys.sh \
 		tools/hardware/killerbee_msfrelay.py \
 		tools/modules/aws-aggregator-userdata.sh

USE_GITHUB=	yes
GH_ACCOUNT=	rapid7
GH_PROJECT=	metasploit-framework

CPE_VENDOR=	rapid7

NO_ARCH=	yes
NO_ARCH_IGNORE=	template_x64_bsd.bin template_x86_bsd.bin CVE-2013-2171.bin
STRIP=

post-patch:
 	${REINPLACE_CMD} 's,git ls-files,find . ! -type d | sed "s|^./||", ; \
 		/rb-readline/d' \
 		${WRKSRC}/metasploit-framework.gemspec
 	${REINPLACE_CMD} "/concurrent-ruby/s|,'1.0.5'||" ${WRKSRC}/metasploit-framework.gemspec

do-build:
 	${RM} ${WRKSRC}/Gemfile.lock
 	${TOUCH} ${WRKSRC}/Gemfile.lock
 	${REINPLACE_CMD} "/^group :coverage/,/^end/d ; /^group :development/,/^end/d ; /^group :test/,/^end/d ; /git:/d ; /sqlite3/s|, '~>1.3.0'||" \
 		${WRKSRC}/Gemfile

do-install:
 	@${MKDIR} ${STAGEDIR}${DATADIR}
 	cd ${WRKSRC} && ${PAX} -rw . ${STAGEDIR}${DATADIR}
.for f in msfconsole msfd msfdb msfrpc msfrpcd msfvenom
 	${RLN} ${STAGEDIR}${DATADIR}/${f} ${STAGEDIR}${PREFIX}/bin/${f}
.endfor

post-install:
 	@${FIND} ${STAGEDIR} ! -type d | \
 		${SED} 's,${STAGEDIR}${PREFIX}/,, ; /Gemfile.lock/s|^|@(,,0666) |' >> ${TMPPLIST}
 	@${FIND} -ds ${STAGEDIR}${DATADIR} -type d -empty | \
 		${SED} 's,${STAGEDIR}${PREFIX}/,, ; s,^,@dir ,' >> ${TMPPLIST}

.include <bsd.port.mk>
[...]

So does anyone here has an idea what's wrong?

Thanks in advance,

Regards,
Marco

-- 
This week only, all our fiber-fill jackets are marked down!



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?123eeb3e-e6cc-e9ec-c31-99e0386e108c>