Let's get down and dirty installing Metasploit. One of the most common complaints I receive from my students is that they cannot get Metasploit to install so revert to Windows. If you have been following along in my Pentest Workstation series you will have built your Ubuntu workstation. In my case, that is Ubuntu 20.04 LTS based on a server. No GUI.
In this short tutorial we are going to be installing metasploit from the latest source on the Rapid7 github repository.
Installing Metasploit Dependencies
Metasploit is built in ruby and there are a number of dependencies that are needed. The easiest and fastest way to install all the dependencies is with the following one liner:
apt install -y build-essential zlib1g zlib1g-dev libpq-dev libpcap-dev libsqlite3-dev ruby ruby-dev
It may take up to an hour to get these installed, depending on the speed of your internet connection.
All the dependencies are installed. Now it is time to be installing metasploit. Here we go. I suggest you install this in your home directory in apps.
mkdir ~/apps cd ~/apps
Step 1 - Clone the git repo
You want to clone the repo to make it easier to grab updates should msfupdate ever fail. Doing this is really easy using the git clone command:
git clone https://github.com/rapid7/metasploit-framework.git
This may take a while to clone as the repo is reasonable large so now if a great time for that cup of coffee.
Step 2 - Installing Metasploit
And now the part you have been waiting for. Installing Metasploit can be pain, but here is the quickest and simplest way to do it:
cd metasploit-framework/ sudo gem install bundler bundle install
Step 3 - Launching Metasploit
The best and easiest way to test your new install is to launch it. Launching is very simple. It is just a case of running the msfconsole from the command line in the metasploit-framework directoy. This is done by:
If everything went to plan, the you will be in the msf6 console and it should look something like this:
Setting up for Updates
Congratulations, you now have the latest version of metasploit running on your system. The last thing to do is to configure the system for updates. To do this we need to set up some of the GIT variables.
First set your name using the following command and replacing NAME HERE with your name:
git config --global user.name "NAME HERE"
Now set your email address replacing firstname.lastname@example.org with your email address:
git config --global user.email "email@example.com"
Now running updates is as simple as running msfupdate from within the metasploit-framework directory.
The last step
Well done, you made it to the last step. The last thing to do is to set the update on the cron, so you do not need to remember to run msfupdate all the time. Keeping it simple as always, run:
Using your preferred editor, add the following line, replace $name with your username:
0 1 * * * /home/$name/apps/metasploit-framework/msfupdate > /dev/null 2>&1
And thats it. Now metasploit will update at 1am every day and you can focus on using the tool.
Next in the series is Installing OpenVAS.
Remember, for all your Penetration Testing requirements, Hedgehog Security is here to help.