White hat or Black hat, hacking demands good grasp of all sysadmin works. The usage style we show on this website are intended for testing security of own servers – that is white hat way. We have a list of essential security tools for GNU/Linux servers. Metasploit framework needs Ruby, Postgre SQL, Java etc. Here is how to install Metasploit on Ubuntu 16.04 LTS to test security of servers.
Off Topic Warning : I am not teaching you moral science. Guides on this website are not designed to confer security a real black hat hacker needs in real situation. For black hat hacking you really need custom hardware and someone’s internet connection as long you are not working as Governmental agent for developing spyware, data theft etc. Goverment black hat can go up to sending some army and pushing few bullets inside your head upon suspicion, anger etc. Not funny.
How To Install Metasploit on Ubuntu 16.04 LTS To Test Security
We need to update, upgrade and install the dependencies :
---
1 2 3 | apt update apt upgrade apt install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev |
We will install Oracle Java :
1 2 3 | sudo add-apt-repository -y ppa:webupd8team/java apt update apt install oracle-java8-installer |
We need to install nmap, we can run :
1 | apt install nmap |
Or can build from source :
1 2 3 4 5 6 7 | cd /opt git clone https://github.com/nmap/nmap.git cd nmap ./configure make sudo make install make clean |
We will install Ruby (using RVM; if you are new to Ruby, you can perform a search on how to install Ruby), I install in this way on server (I used same steps for Nikto & WPScan). Make sure all dependencies are installed :
1 | apt install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev |
We can install with RVM, this is unsafe method, not really for production website for other purpose but unlikely to give any warning or issue, you’ll run as root :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | cd ~ curl -sSL https://rvm.io/mpapis.asc | gpg --import - gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 \curl -sSL https://get.rvm.io | bash -s stable --rails source /usr/local/rvm/scripts/rvm echo "source /usr/local/rvm/scripts/rvm" >> ~/.bashrc source ~/.bashrc rvm install 2.4.0 rvm use 2.4.0 --default echo "gem: --no-ri --no-rdoc" > ~/.gemrc git clone https://github.com/wpscanteam/wpscan.git cd wpscan gem install bundler bundle install --without test |
Next step is preparing PosgreSQL, a detailed guide here :
1 | https://fedoraproject.org/wiki/Metasploit_Postgres_Setup |
In short, you need to run these commands, where msf is database name, username :
1 2 3 4 5 6 | sudo -s su postgres createuser msf -P -S -R -D createdb -O msf msf exit exit |
As final step, install Metaexploit framework :
1 2 3 4 5 6 7 8 | cd /opt sudo git clone https://github.com/rapid7/metasploit-framework.git sudo chown -R `whoami` /opt/metasploit-framework cd metasploit-framework rvm --default use ruby-${RUByVERSION}@metasploit-framework gem install bundler bundle install sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done' |
Armitage is a Java tool for management from Desktop with GUI or VNC :
1 | http://www.fastandeasyhacking.com |
Of course there is official guide :
1 | https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment |
If you run :
1 | msfconsole |
Metaexploit framework will start and you’ll get a command prompt like this:
1 | msf > |
