How to Install and Configure Metasploit Framework on Kali Linux

A Metasploit Framework is an essential tool by Rapid7 to aid cybersecurity experts with penetration testing and discovering system vulnerabilities. In this article you’ll learn how to install and configure Metasploit Framework on Kali Linux.

Metasploit is a renowned open-source pen-testing tool that enables users to exploit and validate system vulnerabilities. Also, the open-source community ensures the latest release of the application to cyber security experts and professionals. 

Metasploit Framework Services consists of modules that can be configured. However, during the installation, the full suite is installed consisting of tools such as privilege escalation, packet sniffing, screen capture, key-loggers, and pass the hash. 

Now, let’s look at the three common modules of Metasploit.

Metasploit Framework Modules

This framework includes three common modules that are included in its database: 

  • Exploits: The attackers use the exploit method to access vulnerable systems by compromising payload modules. For example, a meterpreter shell. 
  • Payloads: the data in the victim’s system is transferred to the hacker’s system using the payload scripts. 
  • Auxiliaries: auxiliaries are used for more straightforward tasks like scanning the system and SQL injection tools.

Prerequisites

Metasploit Framework services require at least 4 GB RAM space and 1 GB hard disk. Before you begin, make sure to enable sudo privileges or log in from the root account. 

Also, ensure that antivirus is disabled on Kali Linux before installing the Metasploit. Since Metasploit performs the same task as an antivirus software, it will interfere with the installation process of Metasploit. Hence, it is important to disable it. Alternatively, you can exclude the Metasploit directory from the antivirus list. 

Furthermore, make sure to disable the local firewalls on Kali Linux. The firewall detects Metasploit as malware and will cause a hindrance to the installation process. On the other hand, if you cannot disable the local firewall, download Metasploit from a different network. Let’s learn how to install and configure Metasploit Framework on Kali Linux.

Install and Configure Metasploit Framework on Kali Linux

If you are using the Kali Linux 2.0, the tool is already preinstalled in your system. You can easily find it via the Applications bar. However, for the other versions, you will need to install the tool separately. 

install and configure metasploit on Kali

Since no service runs on Kali Linux by default due to its Network Services Policy, Linux administrators follow a series of commands to set up Metasploit Framework services along with network and database support. It also requires the PostgreSQL database and Ruby on Rails dependencies to work. 

There are multiple ways to install Metasploit Framework. The easiest method is to download it from the Rapid7 website. However, in this tutorial, we will look at an alternative method to install Metasploit from the command line. 

So, let’s get started with the installation.

1. Update the System

Before you begin with the installation, the first step is to update the packages and repositories. For this step, press “Ctrl+Alt+T” to open the terminal. Then use the following command: 

sudo apt update

Wait for the system to finish installing the updates.

install and configure metasploit on Kali

2. Install Metasploit Framework Services on Kali Linux

Next, install the Metasploit Framework Services using the apt install command. Type the command followed by the package name as shown below:

sudo apt install metasploit-framework
install and configure metasploit on Kali

3. Set up PostgreSQL Database Service

Since Metasploit Service Framework needs PostgreSQL database service to run, enable the PostgreSQL service by using the systemctl command.

Input:

sudo systemctl enable --now postgresql

The output should look like this:

install and configure metasploit on Kali

Next, start the PostgreSQL service.

Input: 

sudo /etc/init.d/postgresql start 

This is what the output should look like:

PostgreSQL service

To confirm that the service is running, type:

systemctl status postgresql@*-main.service

Alternatively, you can use the following command:

sudo /etc/init.d/postgresql status 

And you should get a similar output as seen below:

PostgreSQL Status

The default port for PostgreSQL is 5432. Confirm that the service is active using the ss command.

For instance:

sudo ss -ant | grep 5432

The output should look like this:

PostgreSQL Port

Now that you have enabled the PostgreSQL service, import the Rapid7 signing key using the curl command.

Input:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && chmod 755 && msfinstall && ./msfinstall

4. Initialize the Metasploit PostgreSQL Database

Now that PostgreSQL is running, let’s initialize the Metasploit database. For this step, use the msfdb command.

To be specific, type:

sudo msfdb init

The output should look like this:

PostgreSQL for Metasploit

Alternatively, you can also use the following commands:

sudo msfdb run
sudo msfdb init && msfconsole

Running init and msfconsole command together will not only initialize the database but also open the console. 

Metaploit Console

This ensures that the Metasploit Service Framework has been created and is running. 

Here is the list of commands you can use to manage the database:

  • msfdb init: Start and initialize the database
  • msfdb reinit: Delete and re-initialize the database
  • msfdb delete: Delete the database
  • msfdb start: Start the database
  • msfdb stop: Stop the database
  • msfdb status: Show the database status
  • msfdb run: Start the database and runs msfconsole

5. Configure and Use Metasploit Framework Service on Kali Linux

Lastly, launch the Metasploit Service Framework (msf) console on your system. To launch the console, first, verify the database connectivity. Use the db_status command after launching the console.

For example:

sudo msfconsole -q

Type the command given below and hit Enter key. 

msf5 > db_status
DB Status

Let’s use a sample command to see how Metasploit Framework Service works. In the prompt, type:

show payloads
DB Payloads

To exit from the console, type the exit keyword. 

msf6 > exit

Finally, your Metasploit Framework Service is running successfully. 

6. Update Metasploit Framework on Kali Linux

If you want to update your Metasploit Framework Service to the latest version, use the apt package manager. And since Metasploit is a part of Kali Linux OS, it uses the apt package command to update the framework, as seen below:

sudo apt update

And that’s about it. In this article, you learned how to install and configure Metasploit Framework Services using the terminal. You also learned how to manage the PostgreSQL database for this framework. Furthermore, to access its download manager, visit the official Rapid7 site. We hope this article was helpful to you. 

If this guide helped you, please share it.

Leave a Reply
Related Posts