Installing Metasploit

Let’s get down and dirty installing Metasploit. One of the most common complaints I receive from my students is that they cannot get Metasploit to install so revert to Windows. If you have been following along in my Pentest Workstation series you will have built your Ubuntu workstation. In my case, that is Ubuntu 20.04 LTS based on a server. No GUI.

In this short tutorial we are going to be installing metasploit from the latest source on the Rapid7 github repository.

Installing Metasploit Dependencies

Metasploit is built in ruby and there are a number of dependencies that are needed. The easiest and fastest way to install all the dependencies is with the following one liner:

apt install -y build-essential zlib1g zlib1g-dev libpq-dev libpcap-dev libsqlite3-dev ruby ruby-dev

It may take up to an hour to get these installed, depending on the speed of your internet connection.

Installing Metasploit

All the dependencies are installed. Now it is time to be installing metasploit. Here we go. I suggest you install this in your home directory in apps.

mkdir ~/apps
cd ~/apps

Step 1 – Clone the git repo

You want to clone the repo to make it easier to grab updates should msfupdate ever fail. Doing this is really easy using the git clone command:

git clone https://github.com/rapid7/metasploit-framework.git

This may take a while to clone as the repo is reasonable large so now if a great time for that cup of coffee.

Step 2 – Installing Metasploit

And now the part you have been waiting for. Installing Metasploit can be pain, but here is the quickest and simplest way to do it:

cd metasploit-framework/
sudo gem install bundler
bundle install

Step 3 – Launching Metasploit

The best and easiest way to test your new install is to launch it. Launching is very simple. It is just a case of running the msfconsole from the command line in the metasploit-framework directoy. This is done by:

./msfconsole

If everything went to plan, the you will be in the msf6 console and it should look something like this:

Installing Metasploit
Installing Metasploit

Setting up for Updates

Congratulations, you now have the latest version of metasploit running on your system. The last thing to do is to configure the system for updates. To do this we need to set up some of the GIT variables.

First set your name using the following command and replacing NAME HERE with your name:

git config --global user.name "NAME HERE"

Now set your email address replacing email@example.com with your email address:

git config --global user.email "email@example.com"

Now running updates is as simple as running msfupdate from within the metasploit-framework directory.

Updating Metasploit
Updating Metasploit

The last step

Well done, you made it to the last step. The last thing to do is to set the update on the cron, so you do not need to remember to run msfupdate all the time. Keeping it simple as always, run:

crontab -e

Using your preferred editor, add the following line, replace $name with your username:

0 1 * * * /home/$name/apps/metasploit-framework/msfupdate > /dev/null 2>&1

And thats it. Now metasploit will update at 1am every day and you can focus on using the tool.

Next in the series is Installing OpenVAS.

Remember, for all your Penetration Testing requirements, Hedgehog Security is here to help.