metasploit更新后msfconsole報錯You must use Bundler 2 or greater with this lockfile.

在Kali上進行metasploit的更新：

apt-get update
apt-get install -y metasploit-framework

執行msfconsole，報錯：

You must use Bundler 2 or greater with this lockfile.

看到這里后，去搜索，按網上的方法

gem update --system
gem install bundler -v 2.0.1

成功安裝2.0.1版本的bundler后，可是執行msfconsole還是同樣報錯，這里得找Gemfile.lock的路徑

cd /usr/share/metasploit-framework/
bundler update
# 報錯如下
Traceback (most recent call last):
    2: from /usr/local/bin/bundler:23:in `<main>'
    1: from /usr/local/lib/site_ruby/2.5.0/rubygems.rb:308:in `activate_bin_path'
/usr/local/lib/site_ruby/2.5.0/rubygems.rb:289:in `find_spec_for_exe': can't find gem bundler (>= 0.a) with executable bundler (Gem::GemNotFoundException)

最后pcat經過一番摸索，發現最主要的是：安裝的bundler版本需要大於等於Gemfile.lock中要求的版本

cd /usr/share/metasploit-framework/
cat Gemfile.lock | grep -A 1 "BUNDLED"

得到bundler的版本

BUNDLED WITH
   2.1.4

重新安裝這個版本

gem update --system
gem install bundler -v 2.1.4

之后msfconsole就可以正常運行。

 

-= UPDATE 2020.05.02 =-

有好友反映按照pcat上面的方法更新后，運行msfconsole還會報錯：

/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:10: warning: constant Gem::ConfigMap is deprecated
/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:10: warning: constant Gem::ConfigMap is deprecated
Could not find json-2.3.0 in any of the sources
Run `bundle install` to install missing gems.

pcat經過測試后發現gem的版本最近更新得很高，為3.1.2，而且還帶來很多warning。

# 例如
NOTE: Gem::Specification#rubyforge_project= is deprecated with no replacement. It will be removed on or after 2019-12-01.

經搜索github上有一個做法是：

gem update --system 3.0.6

這是不可取的，這是把gem的版本降低，雖然降了后可以運行msfconsole，但是bundler、wpscan等運行也會報錯。

經多番測試，發現只有把gem更新到3.2.0才可以，直接更新是不行的，必須源碼安裝：

# 源碼安裝gem 3.2.0
git clone https://github.com/rubygems/rubygems
cd rubygems
ruby setup.rb

# 再進行修復
apt install ruby-dev -y
apt install libpq-dev libpcap-dev libsqlite3-dev -y
cd /usr/share/metasploit-framework/
sed -i 's#https://rubygems.org#https://gems.ruby-china.com#' Gemfile
bundler install --no-deployment
gem install json -v '2.3.0'

這樣msfconsole就可以使用了。

不過ruby新版有不少warning：

/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:10: warning: constant Gem::ConfigMap is deprecated
/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:29: warning: constant Gem::ConfigMap is deprecated
/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb:30: warning: constant Gem::ConfigMap is deprecated

# 解決方法
sed -i "s#Gem::ConfigMap\[:arch\]#RbConfig::CONFIG\['arch'\]#g;s#Gem::ConfigMap\[:ruby_version\]#RbConfig::CONFIG\['ruby_version'\]#g" /usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb

/usr/share/rubygems-integration/all/gems/mime-types-3.2.2/lib/mime/types/logger.rb:30: warning: `_1' is reserved for numbered parameter; consider another name
/usr/share/rubygems-integration/all/gems/mime-types-3.2.2/lib/mime/types/logger.rb:30: warning: `_2' is reserved for numbered parameter; consider another name
/usr/share/rubygems-integration/all/gems/mime-types-3.2.2/lib/mime/types/logger.rb:30: warning: `_3' is reserved for numbered parameter; consider another name

# 暫時沒好的解決方法
# 如果不想顯示warning
export RUBYOPT='-W0'

rubygems最近修改得不少，要想等到一個相對穩定的版本，還需要一段時間。