Last updated at Tue, 16 Jan 2024 16:37:20 GMT
As part of the last release, the Metasploit Engineering team here at Rapid7 has been on a path of refactoring in the Metasploit open source code in order to make it more performant and to get toward a larger goal of eventually breaking up the framework into a multitude of libraries that can be used and tested in a standalone way.
This effort will make it easier to deliver features and respond to issues more quickly, as well as ensure that regressions and bugs can get diagnosed, triaged, and fixed up more effectively.
Over the next year or so, we will be making drastic improvements in the loading, speed, and content reasoning capabilities of the framework, driving huge improvements to the features that our community members love and use every day.
Of course, we have several years worth of often uncharted territory in the code to convert, and this process of modernizing the way Metasploit does things ended up causing a mysterious and frustrating bug for new and occasional users of the Metasploit Framework.
Specifically, if you tried to start 'msfconsole,' which is the terminal-based UI for Metasploit, and you didn't already have a database configured to store the fruits of your exploitation adventures, the console would crash out.
We landed a fix to this crashy behavior yesterday in Pull Request #3666, which was reported as bug #8840 on late Friday afternoon, and this fix should hit the Kali distributions any time now.
Now, this bug doesn't manifest in the usual Metasploit installed environment -- after all, most penetration testers like to keep a record of what they did -- and anyone who has followed the Kali documentation on configuring a database, as well as any Metasploit contributor who has followed the MSF-DEV documentation on database config, wouldn't have noticed this problem.
At any rate, if bug #8840 is still affecting you, right now, you can work around the bad behavior simply by starting Metasploit with 'msfconsole -n', which is the explicit way to start without database backing. In the mean time, Rapid7 should have a fix out that restores the normal, non-explicit behavior with the impending weekly release.
tl;dr: Please pardon our dust while we remodel Casa de Metasploit.