Comprehensive Metasploit Setup and Usage Guide
Installing Metasploit on Windows
The installation process on Windows is straightforward. Obtain the latest Metasploit Framework installer from the official website. The installer includes the console and all necessary dependencies. Disable any antivirus software during installation, as it may flag certain components as malicious. After installation, add Metasploit to the antivirus whitelist.
Installing Metasploit on Linux and macOS
For supported Linux distributions and macOS, use the following script to import the Rapid7 signing key and set up the package:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
chmod 755 msfinstall && \
./msfinstall
This integrates the package into your system's package manager. Updates can be performed using msfupdate or the package manager directly.
On macOS, you can also download the installer package directly from the Metasploit website. After installation, launch msfconsole from /opt/metasploit-framework/bin/msfconsole.
Using Metasploit on Kali Linux
Kali Linux comes with Metasploit pre-installed. To set up a development environment, run:
sudo apt update
sudo apt -y install autoconf bison build-essential curl git-core libapr1 libaprutil1 libcurl4-openssl-dev libgmp3-dev libpcap-dev libpq-dev libreadline6-dev libsqlite3-dev libssl-dev libsvn1 libtool libxml2 libxml2-dev libxslt-dev libyaml-dev locate ncurses-dev openssl postgresql postgresql-contrib wget xsel zlib1g zlib1g-dev
curl -sSL https://rvm.io/mpapis.asc | gpg --import -
curl -L https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
cd /opt
sudo git clone https://github.com/rapid7/metasploit-framework.git
sudo chown -R `whoami` /opt/metasploit-framework
cd metasploit-framework
rvm --install $(cat .ruby-version)
gem install bundler
bundle install
Download the Kali Linux ISO from the official website and install it on a virtual machine or physical hardware. After logging in, start Metasploit from the application menu. This automatically configures the PostgreSQL database and launches msfconsole.
Upgrading Kali Linux
Regular upgrades ensure you have the latest security patches. Use apt update followed by apt upgrade to update packages without removing any. For major version upgrades, use apt full-upgrade.
Building a Penetration Testing Lab
Set up a lab using virtualization software like VMware Workstation, VirtualBox, or Hyper-V. A typical lab includes:
- Kali Linux: Download from the official website.
- Linux Server: Use Metasploitable2 from SourceForge.
- Windows 10 Client: Download a 90-day evaluation from Microsoft.
- Windows Server: Build using Metasploitable 3 by running
build_win2008.sh.
Configuring SSH Connnections
Change the default root password and generate new SSH keys:
passwd
rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
Edit /etc/ssh/sshd_config and set PermitRootLogin yes to allow root login. Enable SSH to start on boot with:
systemctl enable ssh
Consider using SSH key authentication for improved security.
Connecting to Kali via SSH
Find the Kali IP address with ip a. Use any SSH client (e.g., PuTTY on Windows) to connect:
ssh root@<kali-ip>
Configuring PostgreSQL Database
Start the PostgreSQL service and initialize the Metasploit database:
systemctl start postgresql
msfdb init
The msfdb command also supports reinit, delete, start, stop, status, and run. The database configuration file is at /usr/share/metasploit-framework/config/database.yml. Verify the connection in msfconsole with db_status.
Creating Workspaces
Workspaces isolate different penetration testing tasks. List workspaces with:
msf > workspace
Add a new workspace:
msf > workspace -a <name>
Delete, switch, and rename workspaces with workspace -d, workspace <name>, and workspace -r <old> <new> respectively.
Using the Database
Import external tool results with db_import, which supports various formats like Nmap XML. For example:
nmap -Pn -A -oX report <target>
Then in msfconsole:
msf > db_import /path/to/report
Alternatively, scan directly from msfconsole using db_nmap.
Managing Hosts
The hosts command displays all hosts in the current workspace:
msf > hosts
Use hosts -h for options like adding, deleting, filtering, and exporting host data.
Understanding Services
The services command lists services on target hosts:
msf > services
Filter by service name, port, or search string:
msf > services -s http
msf > services -p 22
msf > services -S Apache
Combine filters with -c to specify columns. More database commands like loot, cred, vulns, and notes will be covered in later sections.
