Manito Networks

View Original

Installing Metasploit Framework on Ubuntu Server

Need help with implementation or an upcoming project? We offer professional services at reasonable rates to help you with your next network rollout, security audit, architecture design, and more. Click here to find out more.

Kali Linux is a wonderful tool, but what if you just want a basic Metasploit Framework installation? It's easy to create a slimmed-down, portable Ubuntu Server installation with the bare essentials. We can then export that machine as an OVF or OVA template and take it with us, either into the lab or a customer's network.

Ubuntu Server is a great foundation for a Metasploit install, so we'll start with that.

First we need to complete a standard Ubuntu Server installation, which is very straightforward. You don't have choose any additional installation options, though I recommend installing the SSH software for secure remote access. Set a secure password, put the machine on the network, and we're ready to move on.

Next we'll upgrade the existing packages, then install the prerequisite packages to support Metasploit Framework.

apt-get update
apt-get upgrade -y

The following command is one line, though it wraps the page - copy and paste the entire thing:

apt-get install ruby ruby-dev rubygems build-essential libssl-dev libreadline-dev libpq5 libpq-dev libreadline5 libpcap-dev openjdk-8-jre git-core autoconf postgresql libsqlite3-dev pgadmin3 curl zlib1g-dev libxml2-dev curl zlib1g-dev libxslt1-dev vncviewer libyaml-dev nmap

Since the Metasploit Framework solution runs on Ruby we also need to install some gems:

gem install wirble sqlite3 bundler

With the foundation set up we'll clone the Metasploit Framework Git repository to the ./msf directory:

git clone https://github.com/rapid7/metasploit-framework.git msf/

Change to the "msf" directory and build Metasploit Framework:

cd msf
bundle install

Sometimes during an install an individual gem may fail, and I've yet to find a good answer why. If a gem fails and stops the installation re-run the bundle install command.

Assuming the bundle install command ran successfully it's time to launch the Metasploit Framework:

./msfconsole

Every now and then, and of course before pentest engagements it's a good idea to update your Metasploit Framework installation using the built-in msfupdate command:

./msfupdate

Good luck in your pentest endeavors!