How to use Metasploit in Kali Linux Step by Step Tutorial for Beginners

How to use Metasploit in Kali Linux for Security Testing

Security is a big concern for an organization, So most of the companies are hiring Pentester or Ethical hacker to secure data of an organization.

You can use Penetration testing tools and different types of techniques to find out vulnerabilities in websites, applications or databases.

Metasploit is a big framework used for Penetration Testing and ethical hacking. This is managed by Rapid7. There are two editions of Metasploit, one is Metasploit Pro, which is chargeable and another is Metasploit Community is free. 

In the case, if you are not using Kali Linux and want to use Metasploit on another Linux operating system.

This is very simple, Install it on any operating systems including Windows.

Are you using Ubuntu? do you want to use Metasploit? Download first:

You can download Metasploit on ubuntu you have to download from Rapid7 

If you are using Kali Linux. Keep in mind Metasploit is not come with Kali Linux by default as previously. So you need to install Metasploit in Kali Linux then Learn how to use Metasploit in Kali Linux. So if you want to know how to use Metasploit in Kali Linux? I am going to describe each and everything in this article.

How to install Metasploit in Kali Linux

I don’t like to write this section on how to install Metasploit in Kali Linux. It comes by default in previous versions.

Today I am going to describe here about installation on Metasploit. You can install it directly from the repository by using apt or apt-get command.

First update the repository list by using following command.

#apt-get update

root@kali:~#apt-get update
Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB]
Get:2 http://kali.download/kali kali-rolling/non-free Sources [127 kB]
Get:3 http://kali.download/kali kali-rolling/main Sources [12.9 MB]
Get:4 http://kali.download/kali kali-rolling/contrib Sources [60.3 kB]         
Get:5 http://kali.download/kali kali-rolling/main amd64 Packages [16.5 MB]     
Get:6 http://kali.download/kali kali-rolling/non-free amd64 Packages [200 kB]  
Get:7 http://kali.download/kali kali-rolling/contrib amd64 Packages [97.0 kB]  
Fetched 29.9 MB in 23s (1,287 kB/s)                                            
Reading package lists... Done 
root@kali:~#

Install the Metasploit framework on Kali Linux by running the following command:

#apt-get install metasploit-framework

root@kali:~#apt-get install metasploit-framework
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  acheck-rules libconfig-general-perl libterm-size-perl libtext-aspell-perl
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  cryptsetup cryptsetup-initramfs gcc-10-base libc-bin libc-dev-bin libc-l10n
  libc6 libc6-dbg libc6-dev libc6-i386 libcrypt-dev libcrypt1 libgcc-s1
  locales locales-all
Suggested packages:
  glibc-doc clamav clamav-daemon
The following NEW packages will be installed:
  gcc-10-base libcrypt-dev libcrypt1 libgcc-s1
The following packages will be upgraded:
  cryptsetup cryptsetup-initramfs libc-bin libc-dev-bin libc-l10n libc6
  libc6-dbg libc6-dev libc6-i386 locales locales-all metasploit-framework
12 upgraded, 4 newly installed, 0 to remove and 1554 not upgraded.
Need to get 169 MB of archives.
After this operation, 2,233 kB disk space will be freed.
Do you want to continue? [Y/n] 

You will get some configuration popups at the time of installation. Read configuration messages carefully and configure accordingly.

Upgrade glibc so Click on yes. You can change options by pressing “TAB” key, and for selecting press “ENTER” Key.

I have installed Metasploit successfully. I used command msfconsole to run the Metasploit framework but no success.

I go the following error “You may need to uninstall or upgrade bundler”

You can see in the following image:

root@kali:~#msfconsole 
[*] Bundler failed to load and returned this error:

   'cannot load such file -- bundler/setup'

[*] You may need to uninstall or upgrade bundler
root@kali:~#

How to solve upgrade bundler error in Kali Linux

If you are getting an error “You may need to uninstall or upgrade bundler” after installation of Metasploit then you can use the following steps:

Step 1: Go to /usr/share/metasploit-framework/ by using cd command. As you can see in the following image.

root@kali:~#cd /usr/share/metasploit-framework/
root@kali:/usr/share/metasploit-framework#

Step 2: Install bundler: You can use the followoing command to install and upgrade bundler.

#gem install bundler

#bundle install

#gem update –system

root@kali:~#cd /usr/share/metasploit-framework/
root@kali:/usr/share/metasploit-framework#gem install bundler 
Fetching: bundler-2.1.4.gem (100%)
Successfully installed bundler-2.1.4
Parsing documentation for bundler-2.1.4
Installing ri documentation for bundler-2.1.4
Done installing documentation for bundler after 24 seconds
1 gem installed
root@kali:/usr/share/metasploit-framework#bundle install

Start, Restart, and Stop Metasploit services:

You have finished the installation of Metasploit, the next task on how to use Metasploit in Kali Linux. It is quite simple. You must follow the 2 steps:

  • Start Services.
  • Launch the Framework.

Before the launch Metasploit, it is necessary to start Metasploit service.

Sometimes, It is possible the services you are going to start, running previously. before the start, the Metasploit service first checks the status of service.

If the service is not running then you can start, restart and stop Metasploit by following commands.

#service metasploit status

#service metasploit start

#service metasploit restart

#service metasploit stop

service metasploit start

If the User start the Metasploit service first time, He have to start postgresql service first similar metasploit postgresql service can be start, restart, and stop by following commands

#service postgresql start

#service postgresql restart

#service postgresql stop

#service postgresql status.

service posgresql start in Kali Linux

Launching Metasploit in Kali Linux

Metasploit has four working interface for the user, Pentester can use variety of ways to access Metasploit. For the learner who don’t have solid command over control of Metasploit, It is recommended to use graphical interface. The Graphical User Interface is accessed by selecting “Measploit Community/Pro” from the main menu:

Applications > Kali Linux > Exploitation > Metasploit > Metasploit Community/Pro

By default the user will used a web browser with URL address: https://localhost:3790/ . When the Metasploit runs in to browser, the tester will be prompt with an error message “Connection is Untrusted”. It happens because Metasploit don’t have a valid security certification. Click on “I Understand the Risks”, Click on the next option “Add Exception”. When new screen will be opened, click on the “Confirm Security Exception” to continue process.

Update the Database for Metasploit:

Metasploit is developed by Rapid7, There are limited updates for community users. It is necessary to update the Metasploit database before use every time. Metasploit database can be updated by using following command.

#msfupdate

update metasploit by using command line

User can update metasploit by GUI interface. If a pentester running web interface, Select “software Update” option from the upper right-hand side of Web page of Metasploit. Next screen will be displayed select “Check for Updates”. Metasploit will start download and install updates on the system if available. It is recommended that service of Metasploit be restarted. Restart the browser then reopen the Metasploit Web Intrface.

Update metasploit Framwork

metasploit check for update in Web Interface

MODULE 13:- Metasploit Framework

  1. 6 Metasploit Modules – You should know 
  2. MSFvenom replacement of MSFpayload and msfencode – Full guide
  3. 6 Techniques to analyze the vulnerability scan report in Metasploit
  4. How to use Metasploit for vulnerability scanning
  5. How to use Metasploit pro in Kali Linux
  6. Creating Persistent Backdoor By Metasploit in Kali Linux
  7. Creating Trojan Horse (Encoded)By Using Msfpayload

Learn Hacking

If Appreciate My Work, You should consider:

Vijay Kumar

Ethical Hacking & Penetration Testing Trainer, For more detail view My Profile

One thought on “How to use Metasploit in Kali Linux Step by Step Tutorial for Beginners

  • August 19, 2014 at 11:55 pm
    Permalink

    Spot on with this write-up, I really believe this amazing site needs a great deal more attention. I’ll probably be returning to read more, thanks for the information!

    Reply

Leave a Reply to 101 video games you must play Cancel reply

Your email address will not be published. Required fields are marked *