A Metasploit Framework is an essential tool by Rapid7 to aid cybersecurity experts with penetration testing and discovering system vulnerabilities. In this article you’ll learn how to install and configure Metasploit Framework on Kali Linux.
Metasploit is a renowned open-source pen-testing tool that enables users to exploit and validate system vulnerabilities. Also, the open-source community ensures the latest release of the application to cyber security experts and professionals.
Metasploit Framework Services consists of modules that can be configured. However, during the installation, the full suite is installed consisting of tools such as privilege escalation, packet sniffing, screen capture, key-loggers, and pass the hash.
Now, let’s look at the three common modules of Metasploit.
Metasploit Framework Modules
This framework includes three common modules that are included in its database:
- Exploits: The attackers use the exploit method to access vulnerable systems by compromising payload modules. For example, a meterpreter shell.
- Payloads: the data in the victim’s system is transferred to the hacker’s system using the payload scripts.
- Auxiliaries: auxiliaries are used for more straightforward tasks like scanning the system and SQL injection tools.
Prerequisites
Metasploit Framework services require at least 4 GB RAM space and 1 GB hard disk. Before you begin, make sure to enable sudo privileges or log in from the root account.
Also, ensure that antivirus is disabled on Kali Linux before installing the Metasploit. Since Metasploit performs the same task as an antivirus software, it will interfere with the installation process of Metasploit. Hence, it is important to disable it. Alternatively, you can exclude the Metasploit directory from the antivirus list.
Furthermore, make sure to disable the local firewalls on Kali Linux. The firewall detects Metasploit as malware and will cause a hindrance to the installation process. On the other hand, if you cannot disable the local firewall, download Metasploit from a different network. Let’s learn how to install and configure Metasploit Framework on Kali Linux.
Install and Configure Metasploit Framework on Kali Linux
If you are using the Kali Linux 2.0, the tool is already preinstalled in your system. You can easily find it via the Applications bar. However, for the other versions, you will need to install the tool separately.
Since no service runs on Kali Linux by default due to its Network Services Policy, Linux administrators follow a series of commands to set up Metasploit Framework services along with network and database support. It also requires the PostgreSQL database and Ruby on Rails dependencies to work.
There are multiple ways to install Metasploit Framework. The easiest method is to download it from the Rapid7 website. However, in this tutorial, we will look at an alternative method to install Metasploit from the command line.
So, let’s get started with the installation.
1. Update the System
Before you begin with the installation, the first step is to update the packages and repositories. For this step, press “Ctrl+Alt+T” to open the terminal. Then use the following command:
sudo apt updateWait for the system to finish installing the updates.
2. Install Metasploit Framework Services on Kali Linux
Next, install the Metasploit Framework Services using the apt install command. Type the command followed by the package name as shown below:
sudo apt install metasploit-framework
3. Set up PostgreSQL Database Service
Since Metasploit Service Framework needs PostgreSQL database service to run, enable the PostgreSQL service by using the systemctl command.
Input:
sudo systemctl enable --now postgresqlThe output should look like this:
Next, start the PostgreSQL service.
Input:
sudo /etc/init.d/postgresql start This is what the output should look like:
To confirm that the service is running, type:
systemctl status postgresql@*-main.serviceAlternatively, you can use the following command:
sudo /etc/init.d/postgresql status And you should get a similar output as seen below:
The default port for PostgreSQL is 5432. Confirm that the service is active using the ss command.
For instance:
sudo ss -ant | grep 5432The output should look like this:
Now that you have enabled the PostgreSQL service, import the Rapid7 signing key using the curl command.
Input:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && chmod 755 && msfinstall && ./msfinstall4. Initialize the Metasploit PostgreSQL Database
Now that PostgreSQL is running, let’s initialize the Metasploit database. For this step, use the msfdb command.
To be specific, type:
sudo msfdb initThe output should look like this:
Alternatively, you can also use the following commands:
sudo msfdb run
sudo msfdb init && msfconsoleRunning init and msfconsole command together will not only initialize the database but also open the console.
This ensures that the Metasploit Service Framework has been created and is running.
Here is the list of commands you can use to manage the database:
msfdb init: Start and initialize the databasemsfdb reinit: Delete and re-initialize the databasemsfdb delete: Delete the databasemsfdb start: Start the databasemsfdb stop: Stop the databasemsfdb status: Show the database statusmsfdb run: Start the database and runs msfconsole
5. Configure and Use Metasploit Framework Service on Kali Linux
Lastly, launch the Metasploit Service Framework (msf) console on your system. To launch the console, first, verify the database connectivity. Use the db_status command after launching the console.
For example:
sudo msfconsole -qType the command given below and hit Enter key.
msf5 > db_status
Let’s use a sample command to see how Metasploit Framework Service works. In the prompt, type:
show payloads
To exit from the console, type the exit keyword.
msf6 > exitFinally, your Metasploit Framework Service is running successfully.
6. Update Metasploit Framework on Kali Linux
If you want to update your Metasploit Framework Service to the latest version, use the apt package manager. And since Metasploit is a part of Kali Linux OS, it uses the apt package command to update the framework, as seen below:
sudo apt updateAnd that’s about it. In this article, you learned how to install and configure Metasploit Framework Services using the terminal. You also learned how to manage the PostgreSQL database for this framework. Furthermore, to access its download manager, visit the official Rapid7 site. We hope this article was helpful to you.
If this guide helped you, please share it.
