The world of Linux is full of surprises and opportunities. If you are interested in pen testing or ethical hacking, you surely need to use Metasploit. Metaspoilt is a free-to-use open-source platform that came into existence in 2003 by H.D.Moore. It is now known as one of the best pen testing tools out there. With it, you can find system vulnerabilities and exploits.
Metaspoilt comes with its own PRO version, which provides access to the Metasploit framework through a web interface. However, it is limited in its approach, and you will not find all the features you should get if you use the Metasploit framework.
In this tutorial, we are going to take a look at how to install Metasploit on Ubuntu. For this purpose, we are going to use the Ubuntu 20.04 version. You are free to use an older version of Ubuntu as well. If you are using the LTS version, you should follow the tutorial with no or minimal changes.
Before we get started, let's quickly examine the minimum hardware requirements for installing Metasploit.
- Processor: 2 Ghz+
- RAM: 4 GB RAM. 8 GB or more recommended
- Disk space: 1 GB required to get started. However, 50 GB is recommended.
You also need access to modern browsers, including Google Chrome, Mozilla Firefox, and Microsoft Edge.
How to install Metasploit on Ubuntu
There are two ways you can install Metasploit on your Ubuntu. The first way is using the wizard method. You can also choose any way you want. However, there might be instances where you are installing on a headless Linux distribution such as Ubuntu. In that case, you need to use the command-line approach for installing Metasploit.
Let's get started with the command-line approach first. You will see that you have been prompted a lot of times before the actual installation starts. This is done to ensure that you have complete control over the settings of your installation. These prompts include choosing the Metasploit location time and ensure that set the port right before using it. There are also many dependencies and services that you need to get installed before you can use Metasploit.
- The first step is to open up the Ubuntu console. Once done, you need to download the installer and save it to your machine. To do so, you need to use the following command.
$ wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
2. Once done, you now need to change the installer to an executable file. This can be done using the following command.
chmod +x ./metasploit-latest-linux-x64-installer.run
In case you get the file not found error, then try to move to the directory where the file is saved and then run the above command.
3. Next, we need to run the installer. We can do it by running the following command.
sudo ./metasploit-latest-linux-x64-installer.run
This will start the installer. If you have a headless version, it will show you the license agreement right on the terminal.
In both cases, you need to agree to the license agreement for the installer to proceed.
4. Now click on “Forward” to move forward with the installation process.
Once the forward button is clicked, you will be greeted with the license agreement. Here, you need to accept the agreement before you can move forward.
5. It will then ask you about the installation folder to choose from. You can choose any installation folder based on the preference, but you can definitely choose it if you have another directory in mind. However, it is recommended that you know the reasons behind the change in the default directory - as it can lead to complications later on.
6. To successfully use Metasploit, it is recommended that you install it as a service. The InstallerBuilder will ask you if you want to register it as a service. Select “Yes” and then proceed to click on “Forward.”
7. Next, it will ask you to disable anti-virus and firewall. Metasploit is not compatible with both anti-virus and firewall. It is highly recommended that you disable any anti-virus and firewall on your system before proceeding with the installation. Failure to do so can lead to system malfunction and improper installation.
8. It will now ask you to select the SSL port for the Metasploit service. By default, it will pick the 3790 port. If you are not sure if that port is free or not, you can use the netstat command to know which ports are being accessed by the system. Once you are sure that the port is free, proceed to click “Foward.”
9. One of the steps that you also need to do is generate an SSL certificate. You need to enter the name of the webserver that you are going to use for the SSL certificate. You also need to mention the number of days for which the certificate will be valid. In case you are not sure about the validity time, it is okay to leave the field as it is.
In this step, you also need to check the box for “Yes, trust certificate.”
10. In the last step, you will be asked to start the installation process as it will clearly say, “Ready to Install.”
Click on Forward to begin the installation process.
With all the steps completed, you can launch the Metasploit Web UI directly from the install wizard.
If you open it, you should be able to get the following page.
What are you have a headless Ubuntu?
In case you do have a headless version, then you would not have access to UI. In that case, all the above steps are valid. You need to work through the terminal steps, and it will be the same steps as with the UI.
Conclusion
Metaspoilt is the best tool for pen testers. It gives them the ability to work with tons of tools that can help them find vulnerabilities. The tutorial gives you a way to try your hands with the best tool. After installation, you need to use your license key to get started. You will also get access to the community edition and grab its license key from the official site.
In case you feel stuck, then do not forget to comment below, and we will help you!