For anyone learning about cybersecurity and wanting to pursue a career within this field, knowledge of Metasploit is almost a given. Metasploit is a widely utilized framework among cybersecurity professionals for system testing and vulnerability auditing to perform ethical hacking. With Kali Linux being a distribution focused on the field of hacking and testing, Metasploit is an essential tool for almost every user of Kali Linux, whether a beginner or an expert.
In this tutorial, you will learn how to get Metasploit installed on Kali Linux. You will learn every step to keep it basic, practical, and easy to understand.
While following the steps in this tutorial, it is immensely important to note that Metasploit is meant strictly for legal ethical use only. It may be used only on machines in your personal possession, in your personal controlled environment laboratory, or on systems for which you possess documented explicit authorization to perform use. Under no circumstances may you use Metasploit on any system, domain, wireless network, or personal electronic computing device that is not your own.
Overview of Metasploit
Descriptively speaking, Metasploit is a penetration testing framework. It serves to assist security researchers in ascertaining the presence of system vulnerabilities that are known. It possesses a plethora of modules that can be utilized for security testing, the development of exploits, the testing of payloads, and the learning of the post-exploitation phase within a controlled lab environment.
Metasploit may seem quite sophisticated for novices, but like everything, it has a learning curve. The dominant interface of Metasploit is msfconsole. This is the command line where you can search for the myriad of modules, set configurable options, execute various penetration tests, and control the different sessions.
Metasploit is an integral part of many penetration testing, capture-the-flag and bug bounty hunting/training labs, as well as many internal security testing frameworks. Metasploit helps to organize and simplify the process of penetration testing because it comes pre-packed with a large majority of the testing modules.
What makes Metasploit Pro a better option on the Kali Linux Distribution?
Kali Linux is a distribution of Linux that is based on Debian and is used for testing and evaluating the security of systems. It is packed with a large array of tools that can be utilized for a range of activities that include security testing, hacking, forensics, analysis, etc.
Integration of Metasploit Pro with Kali Linux is superior to other systems due to the pre-requisite packages, libraries and repositories that Kali comes with by default. For a majority of the versions of Kali Linux, Metasploit Pro is installed by default. If you are using a custom installation of Kali, or an older version, or if you are using Windows Linux Subsystem (WSL) then it may be necessary to install it yourself.
For that reason, this guide will be helpful to you. This guide will show you how to check if Metasploit is already installed on your system, how to install it on your system, how to start it, and how to troubleshoot and solve the reported issues with Metasploit.
Prerequisites for Installing Metasploit
Ensure that the following conditions are satisfied before installing Metasploit on Kali Linux.
- Kali Linux installed and operational
- A reliable internet connection
- A user account that has sudo access
- Sufficient storage to accommodate the package
- Kali Linux repositories should be updated
If you’re using Kali Linux on VirtualBox/VMware, ensure that your virtual machine has internet access. You can verify this by running the subsequent command in the terminal.
ping google.comYou should see the replies. If you do not, resolve the issues with your network before proceeding.
Step 1: Access the Terminal
The first step is easy.
Access your Kali Linux terminal.
Either click on the terminal icon on the Kali menu or use this key combination:
Ctrl + Alt + T
A majority of the installation steps will utilize commands on the terminal. This is the typical operation mode for Kali Linux, as the bulk of the penetration testing tools are controlled via the command line interface.
Step 2: Refresh the Package List
Before any package installation, it is best practice to refresh the lists of the available packages. This ensures that the system fetches the most recent version of the package.
Use the command as shown.
sudo apt updateYou will be prompted to enter your password. Type it in and hit the enter key. It is normal to not see any character representation of what you are typing.
This command doesn’t install a new package. It refreshes the lists of the available packages.
When there are no issues resulting from the update, proceed to the next step.
Step 3: Upgrade Existing Packages
Packages that are already on your system can be upgraded. This is relevant in that Metasploit relies on other packages, and it is possible that older packages can create issues.
Run:
sudo apt full-upgrade -yThis command is one of the lengthier commands, as it relies on the speed of your internet and the number of system updates. It is possible there can be a greater number of system updates if this is the first time using Kali.
This command will upgrade your packages and when this is complete, it is best to reboot the system using:
sudo rebootThis will start the system of your device afresh. After it is complete, open the terminal and proceed.
Step 4: Check If Metasploit is Already Installed
It is equally relevant to check if Metasploit is installed prior to installing it.
Run:
msfconsoleIf the system starts Metasploit and you can see the prompt of the system as msf6, it is an indication that the system has Metasploit installed.
The prompt will appear as below:
msf6 >If you see this prompt, there is no need to install Metasploit again. This will exit the console:
exitIf you see the console, but receive the error message below, indicating it has not been installed:
msfconsole: command not found
It indicates that Metasploit has not been installed and you will need to install it as described below.
Step 5: Install Metasploit in Kali Linux
This is the relevant part of the command that describes how to install Metasploit in Kali Linux.
Run the command below:
sudo apt install metasploit-framework -yThe command will install Metasploit Framework from the repository in Kali Linux.
The -y option will accept the license agreement and confirm the installation. If this option is not used, run:
sudo apt install metasploit-frameworkand respond Y when prompted by Kali.
This will take a few minutes since Metasploit will download and install additional files and dependencies.
Step 6: Verify the Installation
It is important to confirm the successful installation of Metasploit.
Run:
msfconsoleIf successful, Metasploit will launch after a brief loading period.
A loaded session will display a banner with the Metasploit prompt:
msf6 >Once this is displayed, Metasploit is confirmed successfully installed on Kali Linux.
Metasploit can also be queried for its current installed version with the command:
versionThis can also be used to confirm the successful installation of Metasploit. Respond:
exitto return to the terminal.
Step 7: Start the Metasploit Database
The Metasploit Framework functions without a database, however, the scans and results will persist for a limited time without one. Therefore, a database is strongly recommended. Metasploit stores results of scans and other information using workspace databases, services, and credentials.
Metasploit uses PostgreSQL on Kali Linux. The Metasploit Framework can be started along with the database using:
sudo msfdb startThis starts the PostgreSQL service used by Metasploit.
If this is the first time the database is being used, it will also need to be initialized:
sudo msfdb initAfter this is done, launch Metasploit again with:
msfconsoleThen, within Metasploit, check the status of the database with:
db_statusMetasploit will respond with a confirmation message that it is connected to PostgreSQL if the database is operational.
Step 8: Essential Beginner Commands for Metasploit
Following successful installation of Metasploit, understanding Metasploit commands is essential for interacting with the framework. Below is how to start navigating Metasploit framework:
Commands:
To start Metasploit,
msfconsole- To search for the desired module,
- search apache
- To select the desired module,
- use module_name
- To see the options,
- show options
- To set the option,
- set OPTION_NAME value
- To go to the previous menu,
- back
- To leave Metasploit,
- exit
- To see if the database is connected,
db_statusPractice in a legal lab.
Do not be in a hurry to run modules on real systems. Labs that legally permit the use of Metasploit include Metasploitable, TryHackMe, Hack The Box, DVWA, or your own virtual machines.
Steps to update Metasploit in Kali Linux
If Metasploit was installed from the Kali repository, it can be updated using the normal commands. Metasploit will be updated with the other Kali packages. Use the commands,
sudo apt updatesudo apt full-upgrade -yTo see if Metasploit was installed,
dpkg -l | grep metasploit-frameworkwill tell if the Metasploit package is on your machine.
Steps to Reinstall Metasploit in Kali Linux
In case your Metasploit installation stops working, it may be a sign that Metasploit needs to be updated, or the packages were not installed correctly, or some files are broken. In those cases, it is better to reinstall Metasploit.
Your command to reinstall is:
sudo apt install -y --reinstall metasploit-frameworkAfter reinstalling, start it again using:
msfconsoleIf you encounter issues with the Metasploit database, try:
sudo msfdb reinitThen, start Metasploit using:
msfconsoleNote that commands that reset workspaces will delete existing workspaces, use with caution.
Common Installation Problems & Solutions
1. Package is Not Found
A package not found error appears as follows:
Unable to locate package metasploit-framework
It means that your repositories are either unsynchronized, or the Kali sources are incorrectly configured.
First, update your repositories:
sudo apt updateAnd try again to install:
sudo apt install metasploit-framework -yIf you still have the same issue, verify the repositories for Kali:
cat /etc/apt/sources.listOn most Kali systems, they should be directed to the official Kali rolling repository.
2. Internet is Not Functioning
Installation will fail without a functioning Internet. Test the Internet:
ping google.comIf there is no response, check your network adapter, WiFi, and Virtual Machine networking.
For VirtualBox, NAT mode works well for Internet. Check it inside the VirtualBox settings under networking.
3. Metasploit is Slow to Start
Metasploit can be slow to start on low RAM Virtual Machines. If your Virtual Machine and system can be made to run faster, close unnecessary applications and increase the RAM on the Virtual Machine to give it more.
For best performance, run the system with 4 GB of RAM. If your computer supports it, it is better than having the system run with only 2 GB.
4. Database Not Connected
Check if db_status indicates a lack of connection to the database. If so, start the database with the command:
sudo msfdb startTo start Metasploit, use:
msfconsoleOnce inside Metasploit, use the command:
db_statusIf that doesn’t work either, you can try:
sudo msfdb reinitAnd then start Metasploit once more.
5. Broken Package Error
If broken package errors display, use the command:
sudo apt --fix-broken installAnd then try to update again with:
sudo apt updatesudo apt full-upgrade -yLastly, try to install Metasploit Framework with the following command:
sudo apt install metasploit-framework -yBest Practice: Use Metasploit in a Lab
Metasploit is incredibly powerful so it’s important to practice safely and responsibly. The best way to learn is to build your own lab.
For your lab, you can use:
- Kali Linux as your attacker machine
- Metasploitable as your vulnerable target machine
- VirtualBox or VMware as your VM software
- A private host-only network that you can test safely on
This safe practice lab helps you test your learning in a responsible way without endangering other systems.
When learning Metasploit, never attempt to run tests on any public IP addresses, or any private addresses, websites, company servers, school networks, or devices you do not own without obtaining written permission.
Is Metasploit Free?
Metasploit Framework is free and open source, however there are commercial products associated with Metasploit. The version that runs on Kali Linux is free and is sufficient for most students, learners, and ethical hack practice.
If you want to learn the basics without paying, the free Metasploit Framework is the perfect choice for beginners. There are tutorials on many different aspects of security, including vulnerability testing, module usage, and payloads.
Is Metasploit Safe to Install?
You should only install Metasploit from the official repositories for Kali Linux to avoid malware. You will have to avoid sites and repositories that aren’t official and download random Metasploit files from them.
The safest way to get Metasploit on Kali Linux is:
sudo apt updatesudo apt install metasploit-framework -yWho Should Learn Metasploit?
While Metasploit is a useful tool to have, to truly contribute to the field of cybersecurity from a professional stance, you should understand the following:
- How networking works
- The basics of securing a network
- The importance of Linux command line
- The fundamentals of web security
- Programming basics
A few suggested professionals that Metasploit would suit are:
- Students of Cybersecurity
- System Administrators
- Penetration Testers
- Bug Bounty Beginners
- Security Researchers
- Those with an interest in Network Security
- Beginners in Ethical Hacking
Important Safety Reminder
If you use the Metasploit Framework to perform security testing without permission, you can get into legal trouble. It’s important to remember that Metasploit Framework is a professional tool and should not be used as a toy.
You must only do the following:
- Test systems that you own.
- Test systems with permission.
- Use machines designed for testing.
- Do not attack targets for the general public.
- Do not use payloads on general users.
- Keep a record of your tests.
- Follow the rules of ethical hacking.
When learning cybersecurity, the focus should always be on the safe and ethical side of protecting systems as opposed to compromising them.
Conclusion
By learning how to install Metasploit on Kali Linux, we take our first steps in understanding the fundamentals of ethical hacking. Provided your Kali Linux system is up to date and connected to the internet, the installation process is seamless.
The steps you need to follow are:
- Update Kali Linux
- Automatic installation of the Metasploit Framework
- Starting Metasploit with msfconsole
- Starting the database with sudo msfdb start
- Checking the database with db_status
- Always practice in a legal lab environment
Metasploit is an extensive framework, and it is only useful to the user after they possess knowledge on Linux, networking, vulnerabilities, and ethical hacking. Do not copy and paste commands. Understand what each command is, and practice in a controlled lab and slowly and steadily build your skills.
If you have a genuine interest in the field of cybersecurity, Metasploit is the tool to know. Learn how to install it, familiarize yourself with the layout, understand basic commands, and progress to penetration testing within an authorized setting.
With practice and a gradual approach, both Metasploit and Kali Linux can be of great value to your journey into the world of Cybersecurity.
