How to use Metasploit in Kali Linux for Security Testing
Security is a big concern for an organization, So most of the companies are hiring Pentester or Ethical hacker to secure data of an organization.
You can use Penetration testing tools and different types of techniques to find out vulnerabilities in websites, applications or databases.
Metasploit is a big framework used for Penetration Testing and ethical hacking. This is managed by Rapid7. There are two editions of Metasploit, one is Metasploit Pro, which is chargeable and another is Metasploit Community is free.
In the case, if you are not using Kali Linux and want to use Metasploit on another Linux operating system.
This is very simple, Install it on any operating systems including Windows.
Are you using Ubuntu? do you want to use Metasploit? Download first:
You can download Metasploit on ubuntu you have to download from Rapid7
If you are using Kali Linux. Keep in mind Metasploit is not come with Kali Linux by default as previously. So you need to install Metasploit in Kali Linux then Learn how to use Metasploit in Kali Linux. So if you want to know how to use Metasploit in Kali Linux? I am going to describe each and everything in this article.
How to install Metasploit in Kali Linux
I don’t like to write this section on how to install Metasploit in Kali Linux. It comes by default in previous versions.
Today I am going to describe here about installation on Metasploit. You can install it directly from the repository by using apt or apt-get command.
First update the repository list by using following command.
root@kali:~#apt-get update Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB] Get:2 http://kali.download/kali kali-rolling/non-free Sources [127 kB] Get:3 http://kali.download/kali kali-rolling/main Sources [12.9 MB] Get:4 http://kali.download/kali kali-rolling/contrib Sources [60.3 kB] Get:5 http://kali.download/kali kali-rolling/main amd64 Packages [16.5 MB] Get:6 http://kali.download/kali kali-rolling/non-free amd64 Packages [200 kB] Get:7 http://kali.download/kali kali-rolling/contrib amd64 Packages [97.0 kB] Fetched 29.9 MB in 23s (1,287 kB/s) Reading package lists... Done root@kali:~#
Install the Metasploit framework on Kali Linux by running the following command:
#apt-get install metasploit-framework
root@kali:~#apt-get install metasploit-framework Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: acheck-rules libconfig-general-perl libterm-size-perl libtext-aspell-perl Use 'apt autoremove' to remove them. The following additional packages will be installed: cryptsetup cryptsetup-initramfs gcc-10-base libc-bin libc-dev-bin libc-l10n libc6 libc6-dbg libc6-dev libc6-i386 libcrypt-dev libcrypt1 libgcc-s1 locales locales-all Suggested packages: glibc-doc clamav clamav-daemon The following NEW packages will be installed: gcc-10-base libcrypt-dev libcrypt1 libgcc-s1 The following packages will be upgraded: cryptsetup cryptsetup-initramfs libc-bin libc-dev-bin libc-l10n libc6 libc6-dbg libc6-dev libc6-i386 locales locales-all metasploit-framework 12 upgraded, 4 newly installed, 0 to remove and 1554 not upgraded. Need to get 169 MB of archives. After this operation, 2,233 kB disk space will be freed. Do you want to continue? [Y/n]
You will get some configuration popups at the time of installation. Read configuration messages carefully and configure accordingly.
Upgrade glibc so Click on yes. You can change options by pressing “TAB” key, and for selecting press “ENTER” Key.
I have installed Metasploit successfully. I used command msfconsole to run the Metasploit framework but no success.
I go the following error “You may need to uninstall or upgrade bundler”
You can see in the following image:
root@kali:~#msfconsole [*] Bundler failed to load and returned this error: 'cannot load such file -- bundler/setup' [*] You may need to uninstall or upgrade bundler root@kali:~#
How to solve upgrade bundler error in Kali Linux
If you are getting an error “You may need to uninstall or upgrade bundler” after installation of Metasploit then you can use the following steps:
Step 1: Go to /usr/share/metasploit-framework/ by using cd command. As you can see in the following image.
root@kali:~#cd /usr/share/metasploit-framework/ root@kali:/usr/share/metasploit-framework#
Step 2: Install bundler: You can use the followoing command to install and upgrade bundler.
#gem install bundler
#gem update –system
root@kali:~#cd /usr/share/metasploit-framework/ root@kali:/usr/share/metasploit-framework#gem install bundler Fetching: bundler-2.1.4.gem (100%) Successfully installed bundler-2.1.4 Parsing documentation for bundler-2.1.4 Installing ri documentation for bundler-2.1.4 Done installing documentation for bundler after 24 seconds 1 gem installed root@kali:/usr/share/metasploit-framework#bundle install
Start, Restart, and Stop Metasploit services:
You have finished the installation of Metasploit, the next task on how to use Metasploit in Kali Linux. It is quite simple. You must follow the 2 steps:
- Start Services.
- Launch the Framework.
Before the launch Metasploit, it is necessary to start Metasploit service.
Sometimes, It is possible the services you are going to start, running previously. before the start, the Metasploit service first checks the status of service.
If the service is not running then you can start, restart and stop Metasploit by following commands.
#service metasploit status
#service metasploit start
#service metasploit restart
#service metasploit stop
If the User start the Metasploit service first time, He have to start postgresql service first similar metasploit postgresql service can be start, restart, and stop by following commands
#service postgresql start
#service postgresql restart
#service postgresql stop
#service postgresql status.
Launching Metasploit in Kali Linux
Metasploit has four working interface for the user, Pentester can use variety of ways to access Metasploit. For the learner who don’t have solid command over control of Metasploit, It is recommended to use graphical interface. The Graphical User Interface is accessed by selecting “Measploit Community/Pro” from the main menu:
Applications > Kali Linux > Exploitation > Metasploit > Metasploit Community/Pro
By default the user will used a web browser with URL address: https://localhost:3790/ . When the Metasploit runs in to browser, the tester will be prompt with an error message “Connection is Untrusted”. It happens because Metasploit don’t have a valid security certification. Click on “I Understand the Risks”, Click on the next option “Add Exception”. When new screen will be opened, click on the “Confirm Security Exception” to continue process.
Update the Database for Metasploit:
Metasploit is developed by Rapid7, There are limited updates for community users. It is necessary to update the Metasploit database before use every time. Metasploit database can be updated by using following command.
User can update metasploit by GUI interface. If a pentester running web interface, Select “software Update” option from the upper right-hand side of Web page of Metasploit. Next screen will be displayed select “Check for Updates”. Metasploit will start download and install updates on the system if available. It is recommended that service of Metasploit be restarted. Restart the browser then reopen the Metasploit Web Intrface.
MODULE 13:- Metasploit Framework
- 6 Metasploit Modules – You should know
- MSFvenom replacement of MSFpayload and msfencode – Full guide
- 6 Techniques to analyze the vulnerability scan report in Metasploit
- How to use Metasploit for vulnerability scanning
- How to use Metasploit pro in Kali Linux
- Creating Persistent Backdoor By Metasploit in Kali Linux
- Creating Trojan Horse (Encoded)By Using Msfpayload