Как установить metasploit на ubuntu

Обновлено: 30.06.2024

This is a guide for setting up a developer environment to contribute modules, documentation, and fixes to the Metasploit Framework. If you just want to use Metasploit for legal, authorized hacking, we recommend instead you:

Install the open-source Omnibus installer, or
Use the pre-installed Metasploit on Kali Linux or Parrot Linux.

If you want to contribute to Metasploit, start by reading our CONTRIBUTING.md, then follow the rest of this guide.

You have installed an apt-based Linux environment, such as Ubuntu or Kali.
You have created a GitHub account and associated an public ssh key with it.
You have familiarity with Git and Github, or have completed the Github bootcamp.
For optional database and REST API functionality, you will need regular user account that is not root .

Open a terminal on your Linux host and set up Git, build tools, and Ruby dependencies:

Set up your local copy of the repository

You will need to use Github to create a fork for your contributions and receive the latest updates from our repository.

Create a git directory in your home folder and clone your fork to your local machine:

If you encounter a "permission denied" error on the above command, research the error message. If there isn't an explicit reason given, confirm that your Github SSH key is configured correctly. You will need to associate your public SSH key with your GitHub account, otherwise if you set up a SSH key and don't associate it with your GitHub account, you will receive this "permission denied" error.

To receive updates, you will create an upstream-master branch to track the Rapid7 remote repository, alongside your master branch which will point to your personal repository's fork:

Configure your Github username, email address, and username. Ensure your user.email matches the email address you registered with your Github account.

Set up msftidy to run before each git commit and after each git merge to quickly identify potential issues with your contributions:

Linux distributions do not ship with the latest Ruby, nor are package managers routinely updated. Additionally, if you are working with multiple Ruby projects, each one has dependencies and Ruby versions which can start to conflict. For these reasons, it is advisable to use a Ruby manager.

You could just install Ruby directly (eg. sudo apt install ruby-dev ), but you may likely end up with the incorrect version and no way to update. Instead, consider using one of the many different Ruby environment managers available. The Metasploit team prefers rbenv and rvm (note that rvm does require a re-login to complete).

Regardless of your choice, you'll want to make sure that, when inside the

/git/metasploit-framework directory, you are running the correct version of Ruby:

If the two versions don't match, restart your terminal. If that does not work, consult the troubleshooting documentation for your Ruby environment manager. Unfortunately, troubleshooting the Ruby environment is beyond the scope of this document, but feel free to reach out for community support using the links at the bottom of this document.

Before you run Metasploit, you will need to update the gems (Ruby libraries) that Metasploit depends on:

If you encounter an error with the above command, refer to the bundle output and search for the error message along with the name of the gem that failed. Likely, you'll need to apt get install a dependency that is required by that particular gem.

Congratulations! You have now set up a development environment and the latest version of the Metasploit Framework. If you followed this guide step-by-step, and you ran into any problems, it would be super great if you could open a new issue so we can either help you, or, more likely, update the docs.

Optional: Set up the REST API and PostgreSQL database

The following optional section describes how to manually install PostgreSQL and set up the Metasploit database. Alternatively, use our Omnibus installer which handles this more reliably.

Confirm that the PostgreSQL server and client are installed:

Ensure that you are not running as the root user.

Initialize the Metasploit database:

If you receive an error about a component not being installed, confirm that the binaries shown are in your path using the which and find commands, then modifying your $PATH environment variable. If it was something else, open a new issue to let us know what happened.

If the msfdb init command succeeds, then confirm that the database is accessible to Metasploit:

Congratulations! You have now set up the Metasploit Web Service (REST API) and the backend database.

Optional: Tips to speed up common workflows

The following section is optional but may improve your efficiency.

Making sure you're in the right directory to run msfconsole can become tedious, so consider using the following Bash alias:

Consider generating a GPG key to sign your commits. Read about why and how. Once you have done this, consider enabling automatic signing of all your commits with the following command:

Developers tend to customize their own git aliases to speed up common commands, but here are a few common ones:

If you plan on working with other contributor's pull requests, you may run the following script which makes it easier to do so:

After running the above script, you can checkout other pull requests more easily:

If you're writing test cases (which you should), then make sure rspec works:

You should see over 9000 tests run, mostly resulting in green dots, a few in yellow stars, and no red errors.

We're excited to see your upcoming contributions of new modules, documentation, and fixes! Check out our wiki documentation and, if you're looking for inspiration, keep an eye out for newbie-friendly pull requests and issues. Please submit your new pull requests and reach out to us on Slack for community help.

Finally, we welcome your feedback on this guide, so feel free to reach out to us on Slack or open a new issue. For their significant contributions to this guide, we would like to thank @kernelsmith, @corelanc0d3r, and @ffmike.

The newest major Metasploit release has moved its core to an all Ruby programming base. Metasploit-framework uses Ruby as its core programming language because Ruby is a powerful interpreted language. The Metasploit Project is very famous because of its anti-forensic and detection evasion features.

Metasploit generally offers a community and open source version of Metasploit Framework but it also has commercial versions like Metasploit Pro and Metasploit Express. It also has a shellcode database, these shellcodes can be used to perform reverse shell to the the attacker’s machine.

Like other similar products like Canvas or Core Impact and other commercial security products, Metasploit-Framework can be used to check the security of computer systems or to break into network and systems. Similar to many other security tools, Metasploit Framework can be used for both authorized and unauthorized activities.

Follow below steps to install Metasploit Framework in your Ubuntu OS

Metasploit Frame is easy to install and and has a few dependencies. Before installing, make sure to update your Ubuntu

Installing dependencies

Before installing you need to install following dependencies using apt command

$ sudo apt-get install -y curl gpgv2 autoconf bison build-essential
git-corelibapr1 postgresql libaprutil1 libcurl4openssl-dev libgmp3-dev libpcap-dev
openssl libpq-dev libreadline6-dev libsqlite3-dev libssl-dev locate libsvn1 libtool
libxml2 libxml2-dev libxslt-dev wget libyaml-dev ncurses-dev postgresql-contrib xsel
zlib1g zlib1g-dev

Installing

curl is used to transfer files from remote computers and supports a lot of protocols, we will use it to download metasploit framework code.

Then change permissions of the executable code using chmod command then run it

Ownership:
owner = root
group = shadow

$ chmod 755 msfinstall

Metasploit Interfaces

Metasploit Framework has a web interface, GUI interface (Armitage and Cobal Strike) and Command Line interfaces (msfcli, msfconsole). It also offers APIs like msgrpc to control Metasploit remotely or to use it along with some some scripting language for automation purposes.

It also has some other tools and features that can generate shell codes and payloads and combine them with other legitimate executables.

Msfconsole is a powerful Command line interface of Metasploit. To run it, first start postgresql service, Type

Metasploit Manual

Common commands for Metasploit from the Manual

show exploits – shows the exploits you can run (in our case here, the ms05_039_pnp exploit)

show payloads – shows the various payload options you can execute on the exploited system such as spawn a command shell, uploading programs to run, etc. (in our case here, the win32_reverse exploit)

info exploit [exploit name] – shows a description of a specific exploit name along with its various options and requirements (ex. info exploit ms05_039_pnp shows information on that specific attack)

info payload [payload name] – shows a description of a specific payload name along with its various options and requirements (ex. info payload win32_reverse shows information on spawning a command shell)

set PAYLOAD – allows you to set the specific payload for your exploit (in this example, set PAYLOAD win32_reverse)

show targets – shows the available target OSs and applications that can be exploited

Conclusion

Metasploit is a very useful framework that is used by Penetration testers and vulnerability researchers. Some other commercial tools offer similar functionality but Metasploit is popular due to its cross-platform support and easy-to-use GUI and CLI interfaces. This is particularly make for Penetration testers and Red Teamers but anyone can use this to secure their home or company’s network. If you are interested in learning Metasploit, here is a great free resource.

About the author

Usama Azad

A security enthusiast who loves Terminal and Open Source. My area of expertise is Python, Linux (Debian), Bash, Penetration testing, and Firewalls. I’m born and raised in Wazirabad, Pakistan and currently doing Undergraduation from National University of Science and Technology (NUST). On Twitter i go by @UsamaAzad14

The Metasploit Framework is an integral component to every penetration testers tool-kit. This guide will teach you how to install Metasploit Framework in Ubuntu 18.04. You will also install and configure RVM and Postgres.
For additional information and troubleshooting tips please checkout some of the links in the related content section at the bottom of this tutorial.

Install Metasploit Dependencies

The following is a list of dependencies can also be found on the Rapid7 Github page Setting Up a Metasploit Development Environment

Configure The Postgres Database

In order to get the most functionality after you install Metasploit Framework you will want to have the Postgres database properly configured. This allows for faster searching as well as a ton of great features for reporting and organizing your penetration testing results. Here is how to setup your Postgres database afre you install Metasploit Framework.

Switch to the postgres user account

Create a postgres role for Metasploit

Create the database

Exit from the postgres user account

Enable Postgres to start automatically

Install & Configure RVM

RVM is recommended by Rapid7 for manually installing Metasploit Framework. The following steps should be all you need to get up and running. Checkout the official RVM documentation for additional information and troubleshooting help.

Install the public keys

Source The RVM Scripts

Download & Install Metasploit Framework

Checkout the latest source repository from Github.

Change into the new directory.

Install the necessary version of Ruby.

Install The Bundler Gem

Install the necessary Ruby Gems.

Configuring Metasploit & Postgres

Hopefully everything went smoothly for you and you should now be up and running with Metasploit Framework in Ubuntu 18.04. If you ran into any trouble following this guide please check out some of the additional references below. If all else fails, feel free to ask a question in the comment section.

Installers are built nightly for macOS, Windows (64-bit) and Linux. These installers include dependencies (like Ruby and PostgreSQL) and integrate with your package manager, so they're easy to update.

Installing Metasploit on Linux / macOS

The following script invocation will import the Rapid7 signing key and setup the package for supported Linux and macOS systems:

Once installed, you can launch msfconsole as /opt/metasploit-framework/bin/msfconsole from a terminal window, or depending on your environment, it may already be in your path and you can just run it directly. On first run, a series of prompts will help you setup a database and add Metasploit to your local PATH if it is not already.

These packages integrate into your package manager and can be updated with the msfupdate command, or with your package manager. On first start, these packages will automatically setup the database or use your existing database.

Linux manual installation

macOS manual installation

Installing Metasploit on Windows

Download the latest Windows installer or view older builds. To install, simply download the .msi package, adjust your Antivirus as-needed to ignore c:\metasploit-framework, double-click and enjoy. The msfconsole command and all related tools will be added to the system %PATH% environment variable.

Windows Anti-virus software flags the contents of these packages!

If you downloaded Metasploit from us, there is no cause for alarm. We pride ourselves on offering the ability for our customers and followers to have the same toolset that the hackers have so that they can test systems more accurately. Because these (and the other exploits and tools in Metasploit) are identical or very similar to existing malicious toolsets, they can be used for nefarious purposes, and they are often flagged and automatically removed by antivirus programs, just like the malware they mimic.

Читайте также: