This post may contain affiliate links/ads and I may earn a small commission when you click on the links/ads at no additional cost to you. As an Amazon Affiliate, I earn from qualifying purchases. Techsphinx also participates in the StationX Affiliate program. You can read my full disclaimer here.
In this tutorial, I will guide you through the process of installing Metasploit on Ubuntu.
Metasploit is a powerful penetration testing framework that is widely used by security researchers and ethical hackers to test security vulnerabilities in software, networks and web applications.
It can be installed on Windows, MacOS and Linux. Metasploit is available in two editions – a community edition called Metasploit Framework and a commercial edition called Metasploit Pro.
Here, I am going to install the Metasploit Framework on Ubuntu and also provide you with a basic overview of using msfconsole to exploit a Windows machine.
Disclaimer
This tutorial is for educational purposes. All the machines that are shown in this tutorial belong to me or I have permission to do pentesting on them.
Using Metasploit to hack into a machine that doesn’t belong to you or you don’t have permission for is an unlawful activity. I/Techsphinx shall not be held responsible for your actions.
Pre-Requisites to Install Metasploit on Ubuntu
- Ubuntu installed and running. (I am using Ubuntu 22.04)
- An account with sudo privileges is required.
- Internet connection to download Metasploit.
Install Metasploit on Ubuntu
In this post, I am going to show you three ways in which you can install Metasploit on Ubuntu.
1. Install Metasploit on Ubuntu using the Installer File
The first method to install Metasploit is using the Installer file.
1. To download the Metasploit installer file, run the following command in the terminal. This will download the latest available version of the Metasploit installer on your Ubuntu system.
wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
2. After downloading, you need to make the installer file executable using the “chmod” command.
chmod +x ./metasploit-latest-linux-x64-installer.run
3. To check if the script has executable permission, run the following command.
ls -la metasploit-latest-linux-x64-installer.run
4. Now, run the Metasploit installer file.
sudo ./metasploit-latest-linux-x64-installer.run
5. The setup wizard will open. Click on “Forward” to continue.
6. Accept the License agreement and click on the “Forward” button.
7. Choose an installation folder for Metasploit and click “Forward”. I am leaving it as default.
8. To make sure antivirus and firewall don’t interfere with the working of Metasploit, it is recommended to disable them. Click on “Forward” to continue.
9. If you want Metasploit to automatically start at system boot, you can install it as a service by choosing “Yes”. If you don’t want that you can choose “No”. I am choosing “Yes” here.
10. Provide a Metasploit service port. I am using the default port number “3790”.
11. On the next screen, it will prompt to generate an SSL certificate. Provide a server name (I am leaving it as localhost) and choose “Yes, trust certificate” to add the certificate to the operating system’s trusted store.
By default, the generated SSL certificate will be valid for 3650 days.
12. If you want to change anything, you can go back and change it now. If not, then click on “Forward” to start the Metasploit installation on Ubuntu.
13. Once the setup is completed you can click on “Finish” to close the installation wizard.
Now to access the web interface of Metasploit, open web browser and navigate to:
https://localhost:3790
You can also use the console to interact with the Metasploit framework. See the “Using Metasploit on Ubuntu” section of this article.
2. Install Metasploit on Ubuntu using the msfinstall Script
The second method I am mentioning here is to install the Metasploit framework using the msfinstall script.
1. Update the Ubuntu system repositories and install curl.
sudo apt update && sudo apt install curl
2. Now, use the following command to download the installation script:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
3. Provide executable permission to the “msfinstall” file using the “chmod” command.
chmod +x msfinstall
4. To check the permissions of the file use the “ls” command.
ls -la msfinstall
5. Finally, run the installer file to begin the Metasploit framework installation.
./msfinstall
The script will add the build repository and install the Metasploit Framework package.
3. Install Metasploit on Ubuntu using the Deb package
This last method will show you how to install Metasploit using the “.deb” package.
1. Download the latest Metasploit framework deb package from the Metasploit official website.
Note: The following “wget” command downloads the Metasploit version 6.3.13. It is the latest version available as of writing this post. Visit the Metasploit Releases page to download the latest deb package.
wget https://apt.metasploit.com/pool/main/m/metasploit-framework/metasploit-framework_6.3.13+20230420102933~1rapid7-1_amd64.deb
2. Once downloaded, you can check the information of the downloaded deb package using the following command.
Note: Change the “metasploit-framework_6.3.13+20230420102933~1rapid7-1_amd64.deb” with the name of your downloaded package file from here on.
dpkg -I metasploit-framework_6.3.13+20230420102933~1rapid7-1_amd64.deb
3. After that, you can install the Metasploit deb package using the “dpkg” command.
sudo dpkg -i metasploit-framework_6.3.13+20230420102933~1rapid7-1_amd64.deb
Using Metasploit on Ubuntu
After you have installed Metasploit on Ubuntu using any of the above-mentioned methods, you can launch the Metasploit framework console using:
msfconsole
Since you are starting Metasploit for the first time, it will ask you a few questions to complete the initial setup.
Would you like to use and setup a new database (recommended)? : Type “Yes” and click enter.
Would you like to init the web service? (Not Required) [no]: You can choose “yes” if you want to use the Metasploit web interface. I am going to choose “no” here.
After that, the Metasploit framework will start. If you are new to Metasploit, then use the “help” command to show available options offered by Metasploit.
help
Here’s one example of using Metasploit to test the EternalBlue exploit on a Windows machine. If you don’t know about it, then you can read about the EternalBlue exploit here.
1. Type the following command to search for the “ms17010eternalblue” module:
search ms17_010_eternalblue
2. The “use” option will allow you to select an exploit/module. Here, I am selecting the ms17_010_eternalblue.
use exploit/windows/smb/ms17_010_eternalblue
3. Once you have selected a module, you can view its options using the following command:
show options
4. Type the following command to set the target IP address:
set RHOST <target_ip_address>
5. Once everything is set, type the following command to launch the exploit:
exploit
This is just one of the many available Metasploit modules. There are many exploits/modules that you can use for penetration testing in various scenarios.
Conclusion
That’s it for this tutorial. As you can see, installing Metasploit on Ubuntu is not a difficult feat. Using any of the methods mentioned above you can easily install the Metasploit framework on your Ubuntu system.
Now you have successfully installed Metasploit, you can explore its various features and start penetration testing in your virtual hacking lab or on machines that you have permission to test.
If you like this post, then follow Techsphinx on Facebook and Twitter for more reviews, tricks, tips and tutorials.
This article needs update or correction? Report the issue here so I can update it.
