Metasploit is made up of a data store and modules that you can adjust in the
framework. The modules are small pieces of code that give Metasploit its
functions. When you install Metasploit on your computer, it comes with a set
of tools for actions after a security breach.
These tools include: gaining higher access, accessing passwords, capturing
network data, recording screens, recording keystrokes, and accessing other
machines on the network. You can also create a backdoor that stays active
even if your computer restarts.
Don't Miss: How to Install Kali Linux on an Android Device
Modules of Metasploit
Metasploit modules are key parts of Metasploit, and they are snippets of code
stored in the database. There are three main types of Metasploit modules, each
serving different purposes, these are; Exploits, Payloads
and Auxiliaries.
Exploits
Attackers use codes to get into a system wich is vulnerable. They try to
exploit a weakness on the target system, like the meterpreter shell, to gain
control.
Payloads
Hackers use payloads, which are like simple scripts, to communicate with the
system they've hacked. This lets them send information into a victim's system.
Auxiliaries
These modules are like tools for scanning in Metasploit. Unlike exploit
modules, they don't need a payload to work. They contain useful programs such
as scanners, fuzzers, and SQL injection tools.
Don't Miss: How to Install and Use Armitage on Kali Linux
How to install Metasploit on Kali Linux
Metasploit is a popular tool for testing computer systems. It's already
included in Kali Linux, a common operating system used for security testing.
If you're using Kali Linux 2.0, Metasploit is already installed and gets
updated regularly.
However, antivirus software might see Metasploit as harmful, which can cause
issues during installation and use. The antivirus might interrupt the
installation process and warn you about security risks because Metasploit
works by exploiting vulnerabilities, which the antivirus software detects.
If you can't turn off the antivirus, you should exclude the Metasploit
directory from the antivirus scan to avoid these problems.
Metasploit installation on Kali Linux using Rapid7
Rapid7 offers a free installer for the Metasploit framework on Linux. This
installer includes everything you need (like ruby and PostgreSQL) and can be
easily updated through your package manager.
To get Metasploit, go to
Rapid7's website
and download the installer for your operating system. The installer sets up
everything you need in one go.
Once you launch the installer, it will ask you where you want to install
Metasploit on your computer. After that, you're all set to use and update
Metasploit.
Install Metasploit on Kali Linux using Terminal
To install Metasploit on Kali Linux, run this command:
sudo apt install metasploit-framework
Starting the Kali PostgreSQL service
If PostgreSQL isn't running, you can start it using the following command:
sudo /etc/init.d/postgresql start
To see if PostgreSQL is running, type this command:
sudo /etc/init.d/postgresql status
Rapid7 provides a tool called msfconsole and installs other tools like Nmap
and John the Ripper. To install Metasploit, you need administrator
privileges on your computer.
Note: Rapid7 no longer supports the pre-installed Metasploit
Community edition on Kali Linux 1.0.
To install Metasploit on supported Linux systems, use the following script.
This script will import the Rapid7 signing key and set up the package:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && chmod 755 && msfinstall && ./msfinstall
After you finish installing, open a terminal window and type this command to
start using Metasploit:
msfconsole -q
Note: If you don't have a database, you'll be asked to create a new one. Type 'Y' or 'Yes' to run the initial setup script and create the new database.
It might already be set up for you, and you can run it directly based on your
computer setup. You'll be guided with questions to set up a database and add
Metasploit to your computer's settings if it's not there yet. These packages
will work with your software manager and update when you use the
'msfupdate' command or your software manager. They'll also create the
database for you or use the one you already have if it's your first time using
it.
To check if the database was set up correctly, use this command in the
terminal:
db_status
If Metasploit is connected to the database, it will show this status:
[*] Connected to msf. Connection type: postgresql.
Managing the database
In case you didn't create a database when msfconsole loaded for the first
time, you can use the msfdb script to set up PostgreSQL to run as your local
user and store the database locally.
To enable and start the database, use this command:
sudo msfdb init
You can use any of the following commands to manage the database:
msfdb reinit – Deletes and re-initializes the database
msfdb delete – Deletes the database
msfdb start – Starts the database
msfdb stop – Stops the database
msfdb status – Shows the database status
msfdb run – Starts the database and runs msfconsole
Conclusion
Metasploit is a powerful tool for penetration testing and security auditing,
offering a range of modules and functionalities. It provides a user-friendly
interface and supports various platforms, making it a versatile choice for
cybersecurity professionals. By understanding how to set up and use Metasploit
effectively, individuals can enhance their ability to assess and strengthen
the security of systems and networks.
