Installing Metasploit on Ubuntu 18.04 LTS

This guide is about how installing Metasploit on Ubuntu 18.04 LTS. Metasploit Framework provides a platform and tools for performing deep system security auditing as well as penetration testing to unearth, exploit and validate every other would-be vulnerability. Metasploit is available in both the commercial and opensource version (thanks to Rapid 7 for teaming up with OSS community). We are going to install the later in this guide.

Install Metasploit on Ubuntu 18.04 LTS

Since Metasploit is available in both the commercial and open source version, it is upon you to choose which version to go with. This guide presents installation of the Metasploit using the Metasploit community / Pro Combined Installers. These installers include the Metasploit community, Pro UI as well as Metasploit Framework. However, if you do not want to take this route, you can use the Nightly build version. This NIghtly versions ship with all the dependencies required for a successful installation and all you need to do the installation is just a simple script.

Update and upgrade your system.

sudo apt update

sudo apt upgrade

Hold on, before you can proceed with the installation of Metasploit, you can check these more information.

Download Metasploit Combined Installer

The combined installers are available on Metasploit framework wiki page. Navigate to the page and grab the latest version of Linux installer.

wget https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run

Once the download completes, make the installer executable by running the command below;

chmod +x metasploit-latest-linux-x64-installer.run

Next, launch the Metasploit installer.

./metasploit-latest-linux-x64-installer.run

When the installer runs, press Enter and scroll through the License. For the installation to proceed, you need to accept the License.

----------------------------------------------------------------------------
Welcome to the Metasploit Setup Wizard.

----------------------------------------------------------------------------
Please read the following License Agreement. You must accept the terms of this 
agreement before continuing with the installation.

Press [Enter] to continue: Enter
RAPID7 END USER LICENSE AGREEMENT
...
Last Modified April 2018

Press [Enter] to continue:

Do you accept this license? [y/n]: y   Accept the License

Next, choose the installation folder. Press Enter to accept the default, /opt/metasploit.

----------------------------------------------------------------------------
Installation folder

Please, choose a folder to install Metasploit

Select a folder [/opt/metasploit]: 

----------------------------------------------------------------------------

Install Metasploit as a service to make it easy to start started on system reboot.

----------------------------------------------------------------------------
Install as a service

You can optionally register Metasploit as a service. This way it will 
automatically be started every time the machine is started.

Install Metasploit as a service? [Y/n]: y
...

Next, you are asked to disable the anti-virus and firewall solutions if any is installed on the server.

Since Metasploit will be running as a service, define a port in which it is listening on. Press Enter to accept TCP port 3790 as the default port.

----------------------------------------------------------------------------
Metasploit Service

Please enter the port that the Metasploit service will use.

SSL Port [3790]: Enter

Set the server FQDN of your server for the purpose of SSL certificate that is generated. Set the validity of the SSL of the certificate. You can press Enter to accept the default period.

Generate an SSL Certificate

Please provide the fully qualified domain name of this system below (e.g. 
metasploit.example.com). A certificate is generated for a specific server name 
and web browsers will alert users if the name does not match.

Server Name [localhost]: msf.example.com

Days of validity [3650]: Enter

Add the SSL certificated to the OS trusted certificate store.

Yes, trust certificate [Y/n]: y

After that, proceed with installing Metasploit. Once the installation is done, you will be given a URL to access the Metasploit UI.

----------------------------------------------------------------------------
Please wait while Setup installs Metasploit on your computer.

 Installing
 0% ______________ 50% ______________ 100%
 #########################################

----------------------------------------------------------------------------
Setup has finished installing Metasploit on your computer.

Info: To access Metasploit, go to
        https://localhost:3790 from your browser.

The Metasploit is now ready to carry on its Magics. To access Metasploit UI, navigate to https://<msf-server-IP>:3790, if you are not accessing it from the locally.

To login to Metasploit UI, you need to create Metasploit initial user account by running the script below. The script will prompt you for the username and auto-generate the password. You are required to reset this password upon login.

/opt/metasploit/createuser

[*] Please enter a username: amos

[*] Creating user 'amos' with password '{K>y2BYr' ...

[*] User amos has been created, please change your password on login.

Note that if UFW is running, you need to open access to port 3790.

ufw allow 3790/tcp
ufw reload

Add the SSL error on the browser to exception and proceed to Metasploit UI.

Enter the activation key. You can obtain the key by submitting a request.

Your Metasploit is now ready.

The Metasploit Framework is also available on command line. To launch it, just execute the command below;

msfconsole

Great. You can now run you Pentests projects.

Happy pentesting…

Other Tutorials

Install Nikto Web Scanner on Rocky Linux 8

Install and Setup Nessus Scanner on Ubuntu 20.04

Install WPScan on Ubuntu 20.04