Tl;dr:please stop using SVN with
SVN Co https://www.metasploit.com/svn/framework3/trunk
and start using the GitHub repo with
git clone git://github.com/rapid7/metasploit-framework
As of today, a few of notice that's attempt to update Metasploit Framework over SVN (instead of git or msfupdate) Results in an authentication request. If you try to SVN checkout on Windows, using the TortoiseSVN, you'll see a pop up much like this:
For command line people, if you try to ' svn co ' or ' svn up ' your checkout of the Metasploit Framework you'll read:
$ svn up Updating '. ':
Authentication Realm:
Or a more recent msfupdate. See Http://r-7.co/MSF-SVN for more]=
Password for ' yourname ':
Please don ' t try any passwords think you know. We ' ve locked up SVN and we ' re using the authentication realms to communicate the correct update path to humans Dable by human eyeballs. The password prompt is incidental. If you've read this far, you might wonder why we ' re doing this.
On November, we moved we have source control to GitHub, and we've been bugging people to use git instead of SVN ever Since. However, the Internet exists in an eternal present tense. there is thousands and thousands documents, blog posts, books, and articles on ' Getting Started with Metasploit ' in P Ractically every human language spread all over the world, both on and offline, some of which we control, most of which we Don ' t. If you don ' t believe me, the just search for "SVN co" Metasploit.
Because of this, we ' re isn't ready to turn off SVN completely--throwing a 404 error on an update would just generate more ( than usual) complaints on Twitter, IRC, and mailing lists about the ' SVN co ' and ' svn up ' being broken. Those complaints is still happening today, so it's clear that some people is still stuck with way-out-of-date docume Ntation. Hopefully, those folks would read the instruction in the HTTP authentication realms, since that's about the only-to-do we can Communicate with svn-only clients.
If you is still on SVN, then converting to GitHub works like this:
- Don ' t try to use a password; If by some miracle your happen to guess a correct one, your prize is so you get some messed up, out of date svn-sourced C Ode. (:
- Delete your SVN checkout of Metasploit: rm-rf $HOME/metasploit (or the real path to your checkout).
- Clone the latest from GitHub: git clone--depth=1 git://github.com/rapid7/metasploit-framework Metasploit (or the path Where you want the clone).
- Go to your new Metasploit checkout, and run Msfupdate: CD Metasploit;./msfupdate (This'llget the bundle of Rub Y gems together for you).
If you can ' t use the git://URI handler, then use https://instead. It ' s somewhat slower, but still a million times better than SVN. If Bundler complains about the Gem dependencies, then check to make sure so you have a reasonable version of Ruby--1.9.3 I S ideal. 1.8.x is out. 2.0.0 should is okay, but it's not vetted for prime time yet.
That ' s it. Everything'll work as before--your custom modules so you stashed in $HOME/.msf4/modules'll be picked up, you'll Be gleefully tracking Metasploit ' s bleeding edge source branch, and now, your checkouts won ' t take hours and crash off on You.
If You use Metasploit Community, Metasploit Express, or Metasploit Pro, then basically none of the This applies for you--MSFU Pdate is converted in Metasploit 4.5 to use use weekly updates, which means you ' re getting the benefit of both Rapid7 QA and community testing without bothering with git or SVN.
Below, you can find a smattering of documents and posts regarding msfupdate and tracking the Framework source, which would Provide more detail in various aspects of the continuous state of Metasploit development. If your setup isn't the simple case described here, you'll probably find what's need in one of the these documents:
Metasploit Development Environment (Metasploit-framework wiki)
Git while the gitting is good
Metasploit Moves from SVN to Git/github
Update to the Metasploit Updates and Msfupdate
Activating Metasploit to fix Msfupdate:start to Finish
[Go to the official] Https://community.rapid7.com/community/metasploit/blog/2013/05/20/git-clone-metasploit-dont-svn-checkout
[Kali_metasploit] When installing Metasploit in the Fast-track tool, SVN expires and installs the workaround with GitHub