How to Install Metasploit Framework on Ubuntu Linux

Learn penetration testing with Metasploit.

Install Metasploit Linux 00 Featured Image

Metasploit is a collection of exploits, payloads and virtual environments for the Linux operating system. Among other things, it allows you to create your own toolkit for security auditing and penetration testing.

This tutorial shows how to install it in Ubuntu Linux, how it works, and what you can do with this powerful security auditing tool.

What Is Metasploit?

Metasploit is a free open-source tool for developing and executing exploit code. It comes with a large database of exploits for a variety of platforms and can be used to test the security of systems and look for vulnerabilities.

It is a framework rather than a single tool and includes a wide range of tools for conducting penetration tests and security research.

Features of Metasploit:

  • Develops exploit code
  • Automated security testing
  • Reverse engineering
  • Password cracking
  • Social engineering

Note: you can’t just learn penetration testing without knowing what Kali Linux is. Learn all about Kali Linux and its full suite of penetration tools.

Why Use the Metasploit Framework

One of the biggest advantages of Metasploit is that it is a single, cohesive software suite. Similar to an integrated development environment, the Metasploit Framework links together different tools and allows you to use them through a common interface.

Install Metasploit Linux 02 Sample Console

Metasploit also categorizes each tool depending on its use case, making it useful not only to security experts but also to novice users.

Install Metasploit Linux 03 Exploit List

The developers of the Metasploit Framework designed the software suite to be completely modular and extensible. You can create and design a highly custom toolkit for any specific target.

Requirements

Before you can install Metasploit, make sure that you have the following resources:

  • Good amount of hard disk space. For the most part, you should allot between 10 to 20 GB of disk space for Metasploit, as the framework will create its own environment, along with its dependencies.
  • 4 to 8 GB of system memory
  • Machine that is capable of virtualization, allowing you to create isolated environments to test Metasploit.

Installing the Metasploit Framework in Linux

  1. Make sure that you have the necessary dependencies, such as curl by running the following command:
sudo apt install curl unzip nmap
Install Metasploit Linux 04 Install Dependencies
  1. Create a temporary directory where you can download Metasploit’s installation script.
mkdir msf-temp && cd ./msf-temp
  1. Download the installation script by running the following command:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
Install Metasploit Linux 05 Curl Install Script
  1. Make sure that your installation script has the right execution bits by running the following command:
sudo chmod 755 ./msfinstall
  1. Run the installation script to install metasploit:
./msfinstall
Install Metasploit Linux 06 Run Installer Script

For the most part, the script does three things in your machine. First, it imports the signing key from the Metasploit Frameworks developers.

Install Metasploit Linux 07 Install Script Contents

The script, then, copies the repository address for Metasploit to your “/etc/apt.d/sources.list” directory. Lastly, it downloads the Metasploit package through apt and corrects the PATH variable for the package.

  1. Configure your Metasploit environment by running msfconsole.
Install Metasploit Linux 08 Initial Run Console

The Metasploit console will ask a couple of questions about your setup. First, it will ask if you want to set up a database for your installation by pressing Y, then Enter.

Install Metasploit Linux 09 Setup Database

You will also be asked if you want to create a remote web service. This is useful if you want to create a headless instance for Metasploit. Press Enter here if you only want the program to run locally.

Install Metasploit Linux 10 Setup Webserver

The console will create and configure the necessary files to run Metasploit. This process should take one to two minutes, and then the console will reload itself and load the Metasploit prompt.

Install Metasploit Linux 11 First Run Msfconsole

Installing the Metasploitable Virtual Machine

Once the Metasploit Framework is up and running, start installing the Metasploitable virtual machine, a basic Linux distribution designed to be as insecure as possible.

  1. Install VirtualBox: a virtual machine client that can be used to run the virtual machine.
sudo apt install virtualbox
Install Metasploit Linux 12 Install Virtualbox
  1. Download the Metasploitable distribution from the developer’s sourceforge webpage.
Install Metasploit Linux 13 Download Metasploitable 2
  1. Extract the distribution’s files to your home directory and convert the distribution’s hard disk format for it to work with VirtualBox. Metasploitable is a pre-built bundle that works similarly to importing an Open Virtual Appliance.

Accomplish this by running the following commands:

unzip ~/Downloads/metasploitable-linux-2.0.0.zip && cd ./Metasploitable2-Linux
vboxmanage clonehd Metasploitable.vmdk ms2-linux.vdi -format VDI
Install Metasploit Linux 14 Convert Vmware Disk
  1. Open VirtualBox by pressing Win, then typing “virtualbox.”
Install Metasploit Linux 15 Open Virtualbox
  1. Press the “New” button to open a dialog box where you provide the details of your virtual machine. Add the name and set the Type to “Linux” and the Version to “Other Linux (64-bit).”
Install Metasploit Linux 16 Vm Setup Details
  1. Specify the amount of memory for the Metasploitable virtual machine. In most cases, a memory size between 512MB and 1G is enough.
Install Metasploit Linux 17 Setup Memory Size
  1. Select the hard disk file for your virtual machine. For this, select the “Use an existing virtual hard disk file” option.
Install Metasploit Linux 18 Use Existing Hard Disk

Using Metasploit and Metasploitable in Linux

With the virtual machine in your system, you can now open Metasploitable 2 to test the Metasploit Framework. To do this, double-click the “metasploitable” entry in VirtualBox.

Install Metasploit Linux 19 Open Virtual Machine

This will load the virtual machine and expose it to a local internal network.

Install Metasploit Linux 20 Loading Metasploitable

Once it is done loading, log in to Metasploitable by typing msfadmin on both the username and the password prompts.

Install Metasploit Linux 21 Logging In

Learning the Basics of Metasploit

While the Metasploit Framework is a brilliant security auditing toolkit, it is also a great learning tool for beginners, as the framework provides a good amount of documentation for every function.

To access this, run msfconsole again on your terminal window.

Install Metasploit Linux 27 Msfconsole Load

This will load a console prompt that can access both your system programs and the Metasploit toolkit. Run the help command to print a short guide on the various commands for the Metasploit Framework.

Install Metasploit Linux 28 Help Command

As discussed above, you can use the framework at every step of a penetration test. It gives you tools to conduct both information gathering through network scripts, machine access through exploits and system breach through payloads.

These tools also vary widely depending on the architecture that you are targeting, which makes Metasploit incredibly flexible and adaptable.

You can use the show -h command to create a brief list of every tool that is available to Metasploit. For example, you can run the following command to list all of the available exploits in the framework:

show exploits
Install Metasploit Linux 29 List Exploits Available

Further, Metasploit also provides tool-specific documentation through the info command. Running info exploit/android/adb/adb_server_exec will print a short write-up on how this particular Android ADB exploit works.

Install Metasploit Linux 30 Exploit Info Screen

Scanning Open Network Ports with Metasploit

One of the most basic actions that you can immediately do in Metasploit is to determine whether there are any insecure open ports in a target system.

  1. Reload Metasploit by running msfconsole on a new terminal.
Install Metasploit Linux 22 Reload Metasploit
  1. Check whether the Metasploit Framework detects the virtual machine. But first, determine the IP address of the Metasploitable installation:
ip addr
Install Metasploit Linux 23 Check Ip Address Vm
  1. Use the nmap utility in your host machine to create a network-wide scan for active hosts:
nmap -sn 192.168.68.0/24
Install Metasploit Linux 24 Host Nmap Scan
  1. Once you see the virtual machine in the nmap result, you can use the tcp module in Metasploit. It’s a simple utility that checks for every open port from either a single IP address or a range of them.

To use the tcp module, run the following command:

auxiliary/scanner/portscan/tcp
Install Metasploit Linux 25 Load Portscan Module
  1. Provide the IP address that you want the module to scan by running the following command:
set RHOSTS 192.168.68.105
  1. Run the tcp module by entering run in the console, which will print every open port in the Metasploitable system.
Install Metasploit Linux 26 Run Portscan Module

Frequently Asked Questions

Is it possible to check if an exploit is present in Metasploit Framework?

Yes! You can check all of the available exploits by using the “search” command in the Metasploit console. For example, you can run search android to load every available exploit for the Android platform in Linux.

My Metasploitable virtual machine does not boot. Is my installation broken?

No! This issue is most likely due to a missing VirtualBox configuration. By default, VirtualBox automatically sets the necessary processor flags to boot a virtual machine. However, there can be instances where it does not enable these flags properly.

To fix this, go to the Settings menu for Metasploitable. Click on “System -> Processor,” then click the “Enable PAE/NX” checkbox and reload VirtualBox.

My host machine cannot detect Metasploitable. Is my virtual machine broken?

No! This issue happens whenever VirtualBox uses a different network adapter with your host machine. You can easily fix this issue by going to the Settings menu and selecting the Network category, then changing the Network Adapter from NAT to Bridged Adapter.

Image credit: Unsplash. All alterations and screenshots by Ramces Red.

Ramces Red
Ramces Red

Ramces is a technology writer that lived with computers all his life. A prolific reader and a student of Anthropology, he is an eccentric character that writes articles about Linux and anything *nix.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox