Как установить metasploit framework на windows

Installers are built nightly for macOS, Windows (64-bit) and Linux. These installers include dependencies (like Ruby and PostgreSQL) and integrate with your package manager, so they’re easy to update.

The following script invocation will import the Rapid7 signing key and setup the package for supported Linux and macOS systems:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
  chmod 755 msfinstall && \
  ./msfinstall

Once installed, you can launch msfconsole as /opt/metasploit-framework/bin/msfconsole from a terminal window, or depending on your environment, it may already be in your path and you can just run it directly. On first run, a series of prompts will help you setup a database and add Metasploit to your local PATH if it is not already.

These packages integrate into your package manager and can be updated with the msfupdate command, or with your package manager. On first start, these packages will automatically setup the database or use your existing database.

Linux manual installation

Linux packages are built nightly for .deb (i386, amd64, armhf, arm64) and .rpm (64-bit x86) systems. Debian/Ubuntu packages are available at https://apt.metasploit.com and CentOS/Redhat/Fedora packages are located at https://rpm.metasploit.com.

macOS manual installation

The latest OS X installer package can also be downloaded directly here: https://osx.metasploit.com/metasploitframework-latest.pkg, with the last 8 builds archived at https://osx.metasploit.com/. Simply download and launch the installer to install Metasploit Framework with all of its dependencies.

Download the latest Windows installer or view older builds. To install, simply download the .msi package, adjust your Antivirus as-needed to ignore c:\metasploit-framework, double-click and enjoy. The msfconsole command and all related tools will be added to the system %PATH% environment variable.

Windows Anti-virus software flags the contents of these packages!

If you downloaded Metasploit from us, there is no cause for alarm. We pride ourselves on offering the ability for our customers and followers to have the same toolset that the hackers have so that they can test systems more accurately. Because these (and the other exploits and tools in Metasploit) are identical or very similar to existing malicious toolsets, they can be used for nefarious purposes, and they are often flagged and automatically removed by antivirus programs, just like the malware they mimic.

Windows silent installation

The PowerShell below will download and install the framework, and is suitable for automated Windows deployments. Note that, the installer will be downloaded to $DownloadLocation and won’t be deleted after the script has run.

[CmdletBinding()]
Param(
    $DownloadURL = "https://windows.metasploit.com/metasploitframework-latest.msi",
    $DownloadLocation = "$env:APPDATA/Metasploit",
    $InstallLocation = "C:\Tools",
    $LogLocation = "$DownloadLocation/install.log"
)

If(! (Test-Path $DownloadLocation) ){
    New-Item -Path $DownloadLocation -ItemType Directory
}

If(! (Test-Path $InstallLocation) ){
    New-Item -Path $InstallLocation -ItemType Directory
}

$Installer = "$DownloadLocation/metasploit.msi"

Invoke-WebRequest -UseBasicParsing -Uri $DownloadURL -OutFile $Installer

& $Installer /q /log $LogLocation INSTALLLOCATION="$InstallLocation"

Improving these installers

Feel free to review and help improve the source code for our installers.

Время на прочтение
2 мин

Количество просмотров 53K

Всем привет! После выхода Metasploit Community, которая мне очень не понравилась, я задался вопросом как же вернуть привычную для меня структуру этого инструмента. И решил я этот вопрос для себя, скачав и настроив dev версию. И всё было хорошо, пока недавно мне не пришлось настраивать тоже самое на Windows. Кого интересует данная проблема прошу под кат.

На самом деле пишу эти строки больше для себя, чтобы при повторном появлении проблемы не наступать на те же самые грабли, но если данная информация будет востребована сообществом, то будет очень хорошо.
Как ни странно, но скачивание ветки metasploit будет практически последним этапом, а в начале приготовления к этому.

1. Установка Git for Windows
   Т.к. metasploit полностью переехал на git, то без него никуда, поэтому качаем Git for Windows и устанавливаем его. Установка у него банальная, поэтому заострять внимание на ней я не буду.
2. Установка Ruby 1.9.3
   Все знают, что при использовании metasploit без Ruby никуда, поэтому следующим шагом нам нужно установить Ruby.
   Для этого качаем установщик Ruby 1.9.3 для Windows отсюда и запускаем его. Установка Ruby тоже не должна вызвать у вас проблем, но обратите, пожалуйста, внимание на один момент — не забудьте поставить галочку напротив пункта «Add Ruby executables to your PATH», чтобы впоследствии не возиться с путями к Ruby.
   
3. Установка Development Kit для Ruby и настройка WinPcap
   Так же для правильной работы Metasploit нам потребуется DevKit для Ruby, который можно скачать по той же ссылке, что и сам Ruby. После того как вы его скачали, скопируйте его в папку, в которую вы его хотите распаковать(у меня это c:\rubydk) и распакуйте. Так же нам в дальнейшем понадобиться пакет pcaprub, а для него нужно скачать и установить WinPcap и WinPcap Developer’s Pack.
   С установкой WinPcap, я думаю, ни у кого проблем не возникнет. В DevPack’е нас интересует две папки — /lib и /include. Содержимое папки lib нужно скопировать в папку lib, которая находится в папке с установленным Ruby, а содержимое папки Include в папку Include/ruby-1.9.1, которая также находится в папке Ruby.
   Ну и для завершения установки DevKit нам осталось вызвать командную строку, перейти в папку с DevKit’ом и выполнить две команды:

   ruby dk.rb init
   ruby dk.rb install
   

   
   И если никаких ошибок не высветиться, то с этим этапом покончено

4. Клонирование ветки Metasploit Framework и подготовка к запуску
   Вот мы и подошли к самому Metasploit Framework. Итак для начала скланируем его, выполнив следующую комманду:

   git clone git://github.com/rapid7/metasploit-framework.git c:\git
   

   Так же для корректной работы Metasploit Framework нам нужно установит необходимые gem’сы и выполнить msfupdate. Для этого выполним следующие комманды:

   gem install bundler
   ruby c:\git\metasploit-framework\msfupdate
   

   И если всё выполнилось удачно, то вы получили последнюю рабочую версию Metasploit Framework Dev. Теперь вы можете выполнить:

   ruby c:\git\metasploit-framework\msfconsole
   

   и начать работать
   

А можете дополнительно поставить Msfgui как я. Для этого скачайте архив его ветки с github’а, из архива скопируйте файл msfgui.exe и папку dist в папку metasploit-framework и запустите msfgui.

На этом всё! Получилась такая маленькая и скромненькая инструкция. Некоторые части которой искались на множестве форумов, но я их не указал, т.к. не помню уже, да и использовались из них только команды. Все пожелания, ошибки и недочёты прошу в комментарии. Так же если кому будет интересно могу помочь сделать тоже самое на Linux’е.

Rapid7 provides open source installers for the Metasploit Framework on Linux, Windows, and OS X operating systems. The Metasploit installer ships with all the necessary dependencies to run the Metasploit Framework. It includes msfconsole and installs associated tools like John the Ripper and Nmap.

The following sections provide information on the prerequisites and requirements that the system must meet before you can install the Metasploit Framework.

Supported Operating Systems and Minimum System Requirements

Please visit https://www.rapid7.com/products/metasploit/system-requirements to see the operating systems that are currently supported and the minimum system requirements.

Disable Anti-virus Software

Anti-virus software detects the Metasploit Framework as malicious and may cause problems with the installation and runtime of Metasploit Framework. The Metasploit Framework exploits the same vulnerabilities that the anti-virus software detects. Therefore, when you install the Metasploit Framework, the anti-virus software interrupts the installation process and alerts you of the security risks that may infect the system.

If you intend to use the Metasploit Framework, you should disable any anti-virus software before you install Metasploit Framework. If you cannot disable the anti-virus software, you must exclude the Metasploit directory from the scan.

Disable Firewalls

Local firewalls, including Windows Firewall, interfere with the operation of exploits and payloads. If you install the Metasploit Framework from behind a firewall, the firewall may detect the Metasploit Framework as malware and interrupt the download.

Please disable the local firewalls before you install or run Metasploit Framework. If you must operate from behind a firewall, you should download the Metasploit Framework from outside the network.

Obtain Administrator Privileges

To install the Metasploit Framework, you must have administrator privileges on the system that you want to use to run the framework.

The easiest way to get the Metasploit Framework is to download the installer from the Rapid7 site. Visit https://www.rapid7.com/products/metasploit/download.jsp to find and download the installer for your operating system.

The installer provides a self-contained environment for you to run and update the Metasploit Framework. This means that all the necessary dependencies are installed and configured for you during the installation process. If you prefer to install the dependencies manually, and configure the Metasploit Framework to use those dependencies, read https://kb.help.rapid7.com/docs/installing-the-metasploit-framework-on-ubuntu-linux

When you launch the installer file, the installer prompts you to enter the following configuration options:

• The destination folder on the hard drive or external disk where you want to install the Metasploit Framework.

If you are a Kali Linux 2.0 user, Metasploit Framework is already pre-installed and updated monthly. You can use this installer if you want to receive updates more frequently.

Rapid7 no longer supports the pre-installed Metasploit Community edition on Kali Linux 1.0.

1. Visit http://windows.metasploit.com/metasploitframework-latest.msi to download the Windows installer.
2. After you download the installer, locate the file and double-click the installer icon to start the installation process.
3. When the Setup screen appears, click Next to continue.

1. Read the license agreement and select the I accept the license agreement option. Click Next to continue.

1. Browse to the location where you want to install the Metasploit Framework. By default, the framework is installed on the C:\ Metasploit-framework directory. Click Next to continue.

1. Click Install.

The installation process can take 5-10 minutes to complete. When the installation completes, click the Finish button.

To launch msfconsole after the installation completes, run the following from the command line:

1



  


                       
  



$ msfconsole.bat

1. Open the terminal.
2. Enter the following command to add the build repository and install the Metasploit Framework package:

1
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall

After the installation completes, open a terminal window and type the following to start msfconsole:

1
$ ./msfconsole

The prompt asks you if you want to use and set up a new database. Type y or yes to run the initial configuration script to create the initial database.

If all goes well, the console starts and displays the following:

1



  


                       
  



Creating database at /Users/joesmith/.msf4/db
2
Starting Postgresql
3
Creating database users
4
Creating initial database schema
5
6
** Metasploit Framework Initial Setup Complete **



  


                       
  



7
8
[*] Starting the Metasploit Framework console...-[*] The initial module cache will be built in the background, this can take 2-5 minutes...
9
/
10
11
Metasploit Park, System Security Interface
12
Version 4.0.5, Alpha E



  


                       
  



13
Ready...
14
> access security
15
access: PERMISSION DENIED.
16
> access main security grid
17
access: PERMISSION DENIED....and...



  


                       
  



18
YOU DIDN'T SAY THE MAGIC WORD!
19
YOU DIDN'T SAY THE MAGIC WORD!
20
=[ metasploit v4.11.0-dev [core:4.11.0.pre.dev api:1.0.0]]
21
+ -- --=[ 1454 exploits - 827 auxiliary - 229 post ]
22
+ -- --=[ 376 payloads - 37 encoders - 8 nops ]



  


                       
  



23
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
24
msf >

To check to see if the database was set up, run the following command:

1
$ db_status

If the Metasploit Framework successfully connected to the database, the following status displays:

1
[*] postgresql connected to msf



  


                       
  

1. Visit http://osx.metasploit.com/metasploitframework-latest.pkg to download the OSX package.
2. After you download the package, locate the file and double-click the installer icon to start the installation process.
3. When the Welcome screen appears, click Continue.

1. Read the license agreement and click Continue.

1. Agree to the license agreement to continue with the installation process.

1. Browse to the location where you want to install the Metasploit Framework if you want to change the default installation location.

1. Click Install when you are ready to install the Metasploit Framework.

1. The installation process can take 5-10 minutes to complete.

1. When the installation completes, click the Close button.

If you did not opt to create a database when msfconsole loaded for the first time, you can use the msfdb script to configure postgresql to run as your local user and store the database in ~/.msf4/db/.

To enable and start the database, run the following command:

1



  


                       
  



$ msfdb init

After the database starts, you can use any of the following commands to manage the database:

• msfdb reinit — Deletes and reinitializes the database.
• msfdb delete — Deletes the database.
• msfdb start — Starts the database.
• msfdb stop — Stops the database.
• msfdb status — Shows the database status.

This is a blog, that will show you the step by step installation of the Metasploit framework in both Windows and Linux operating system. I have also created and shared a video on the installation of Virtual Box in Window.

Apart from installations this blog also contains how you can set up a Metasploitable machine so that you can perform practicals of the pen-test. If you are interested to know how to start your career in ethical hacking you can check my blog on How to Become an Ethical Hacker | Techofide

If you don’t know what is Metasploit framework and how to use it, Metasploit tutorial, then you can check my blog on What is Metasploit Framework in which I have discussed Metasploit framework, its usage, commands, penetration testing and a practical demonstration of hacking.

You can also check other Cyber Security blogs related to tools in crackcodes

So let’s get started with our Installations.

• How to Install Metasploit in Linux
• How to Install Metasploit in Windows
• How to Install Virtual Box in Windows
• How to Install Metasploitable Machine 

How to Install Metasploit in Ubuntu

Metasploit is a framework that is used for penetration testing, it offers various module exploits, payloads, auxiliary, post and programs that make work easier to access systems and found vulnerabilities for security professionals, testers, analyst and hackers.

It is open-source and free software. It is very easy to install Metasploit in your Linux system. If you are using Kali then you already know there are lots of tools present and this tool is also pre-installed on it, but if you are using any other Linux like Ubuntu, Redhat, CentOS, Mint etc. then you may follow the below-mentioned installation steps.

Note: The commands which will I showed you below are also applicable to other versions of  Linux operating systems

Step 1: First we need to do basic things like update and upgrade our system with the below-given cmds (commands).

sudo apt update
sudo apt upgrade

Now our system is updated and ready to install Metasploit Framework, but before that, we need to install some dependencies, libraries and other packages that are the basic requirements to run Metasploit on your system.

Step 2: Let’s install important libraries, repositories and exchange signatures with git-core that are required. So just copy the below-mentioned cmd as it is to your terminal and execute it.

sudo apt-get install -y curl gpgv2 autoconf bison build-essential git-core

Step 3: After libraries, we need to install some important dependencies and utilities for Metasploit Framework. Just copy the same below cmd as it is to your terminal and execute it.

sudo apt install libapr1 libaprutil1 libcurl4-openssl-dev libgmp3-dev libpcap-dev libpq-dev libreadline-dev libsqlite3-dev libssl-dev libsvn1 libtool libxml2 libxml2-dev libxslt-dev

Step 4:Now again we have to install some other utilities like database, openssl, and download some libraries like zlib1g, xsel etc. So just run the below cmd 

sudo apt install locate ncurses-dev openssl postgresql postgresql-contrib wget xsel zlib1g zlib1g-dev

Now we have installed all the ruby package utilities and repositories. Let’s download and install Metasploit Framework.

Step 5:We will use the curl command to download our Metasploit directly from the official rapid7 Github repository. Just follow the below cmd, (curl is used to transfer files from remote computers and supports a lot of protocols, we will use it to download Metasploit Framework.)

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

Step 6: Now we have successfully downloaded, but before running we need to change the permission of msfinstall file to executable. So use changemode cmd to change the permissions. Follow the below-mentioned cmd.

sudo chmod 755 msfinstall

Step 7: Now let’s start Metasploit but first run the Postgresql database by following the below command.

sudo service postgresql start

After starting your database you can also check the status of that by replacing status with start on the above command.

Step 8: Now run the msfconsole command and enter the Metasploit Framework interface.

sudo msfconsole

Installing Metasploit on Windows 10

Installing Metasploit on Window is similar to other software installation that we do on Window i.e, you just need to run a setup and install by clicking on the Next button serval times

 Note: Installation steps are the same for other versions of Window like 7 and 8.

Step 1: To install Metasploit on Window is simple like other Softwares. So first download it by clicking on Download Metasploit Framework for Window

Step 2: Now after downloading just go to your Downloads directory and double click on downloaded installer «metasploit-lates-windows-x64-installer» to start the installation process.

 Step 3: Now just click on Next to proceed with the installation.

Step 4: Now it will ask you to accept the license. So just accept it by clicking on «I accept the agreement» and proceed by clicking on Next

Step 5: In this step, you have to choose the path where you want to install Metasploit. In the below image I am going with the default location you can choose any other if you want and just proceed with the installation by clicking on the Next

Step 6: Now it’s showing a warning that you need to disable the firewall and Anti-Virus before proceeding next step. So just disable both and then proceed with Next (Don’t worry after installation you can again enable that again)

Step 7: Now you need to choose a port where your application will work. I suggest you for now just go with the default port that is 3790 and click on Next to proceed.

Step 8: Now you need to give your server address if you have otherwise you can proceed with the local so just type localhost to create a trusted hosts SSL certificate.

Step 9: Now we are done with our configuration and ready to install so just proceed with it by clicking on Next

Step 10: Here you need to wait for a time until the process completes.

Step 11: We have successfully installed Metasploit Framework in our Window System. So just click on Finish to close the window

Step 12: Now go to your Search Menu and search for Metasploit Console, then click on Open to launch the Metasploit Console.

Step 13: It will launch and take time for the first time to run but after a while, it will take you to the msfconsole. You can See the below image same on your screen where it showing banner, exploit, encoders, nops, msf etc.

How to Install Virtual Box on Windows 10

Installing Virtual Box is easy, you can watch the below video to know how to install a Virtual Box on Window 10 and don’t worry you can follow the same steps if you want to install it in your Window 7 or 8.

You can download the Virtual Box latest version by clicking on Download Virtual Box

How to Install Metasploitable 2

Metasploitable is a very helpful and useful machine when your goal is penetration testing. If you don’t know what is Metasploitable machine and how to use it, then you can click on What is Metasploitable to know more about Metasploitable Machine and its usage.

So you can easily set up this machine by following the few steps that are below:

Step 1: First you need to download the Metasploitable machine file. So to download just click on Download Metasploitable. In this guide, I have installed my machine on Virtual Box.

Step 2: Launch your Virtual Box and click on the New button, check the image for reference.

Step 3: You need to fill the below fields to start creating your Metasploitable machine.

• Name: Enter any name you want to give to your machine
• Machine Folder: Select the folder where you want to install your machine.
• Type:  Here you have to choose Linux
• Version: In this, you have to choose Other Linux (64bit) or (32bit)

Now just click on Next to proceed with your creation.

Step 4: Here is the step where you will assign RAM for your Metasploitable machine. So just go with at least 1 GB of RAM i.e, 1024 MB

Step 5: Let’s select our downloaded Metasploit file to install that and create a Hard Disk space. See the below image for reference. Click on the directory icon to select your Metasploitable file.

Step 6: Now click on Add and browse your downloaded file

Step 7: Here I am choosing the Metasploitable file. Make sure to choose the same file.

Step 8: Now just select Metasploitable.vmdk file and then click on Choose. After that, you will be back to Step 4 where you have to click on Create to continue (Check the image of Step 4 for more reference)

Step 9: Now we are done with the set-up, but before starting our Metasploitable machine we just need to change one setting. So just click on the Settings icon (See picture for more reference)

Step 10: From «Settings» Just click on Network and then choose Bridged Adapter instead of NAT under «Attached to:» drop down menu, then click on OK to save the settings.

Step 11: Now just click on «Start» to run your Metasploitable machine.

Step 12: Now as you can see our Metasploitable machine is booting up. So wait for few minutes it will take you to the console soon.

Step 13: Now we are in the Loing prompt where you have to enter your credentials before going inside your machine. So check the highlighted area of the below picture where you can see the default id and password.

ID: msfadmin

Password: msfadmin

Step 14: After entering credentials you can see the below picture we are in our Metasploitable machine.

I hope you like this blog, I have tried to cover all important installations for Metasploit and also tried to show you how you can install Metasploit on different platforms.

Eager to explore more about the Metasploit framework? Are you ready to know how to hack the system and other practical stuff? Just click on How to use Metasploit

Apart from this if you want to know which is the best Linux OS for you, then you can click on «How To Install Arch Linux 2021«

Related Blogs

• How to Become an Ethical Hacker | Techofide
• What is Metasploit Framework | What is Penetration Testing | How to use Metasploit
• How To Install Arch Linux 2023 [Installation Guide] | Techofide
• Metasploit Unleashed | Offensive Security

Other Recommended Blogs

• What is Keyword | What is Keyword Research | Techofide
• What is Graph in Data Structures?