Installing Metasploit Framework on Ubuntu 14.04 LTS and Debian 7


Installing Metasploit Framework on Ubuntu 14.04 LTS and Debian 7

This Guide covers the installation of Metasploit Framework OSS Project on Ubuntun Linux LTS. If you do not wish to run the Open Source version or set up a development environment and do not mind giving your email address to Rapid 7 for marketing I would recommend downloading their commercial installer from Installing Dependencie

We start by making sure that we have the latest packages by updating the system using apt-get:

sudo apt-get update
sudo apt-get upgrade

Now that we know that we are running an updated system we can install all the dependent packages that are needed by Metasploit Framework:

sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev

Installing a Proper Version of Ruby

The distribution sadly does not comes by default with a proper version of Linux for us to use with Metasploit Framework and we will have to download and compile a proper one. There 2 mains ways recommended for this are using RVM or rbenv (Do not install both choose one or the other).

Installing Ruby using RVM:

curl -L | bash -s stable
 source ~/.rvm/scripts/rvm
 echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
 source ~/.bashrc
 rvm install 2.1.5
 rvm use 2.1.5 --default
 ruby -v

Installing Ruby using rbenv:

git clone git:// .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
echo 'eval "$(rbenv init -)"' >> ~/.bash_profile
git clone git:// ~/.rbenv/plugins/ruby-build
source ~/.bash_profile
rbenv install 2.1.5
 rbenv global 2.1.5
 ruby -v

Once the packages have been install we need to install the required Ruby libraries that metasploit depends on:

sudo gem install bundler

Installing Nmap:

One of the external tools that Metasploit uses for scanning that is not included with the sources is Nmap. Here we will cover downloading the latest source code for Nmap, compiling and installing:

mkdir ~/Development
 cd ~/Development
 svn co
 cd nmap
 sudo make install
 make clean

Configuring Postgre SQL Server:

We start by switching to the postgres user so we can create the user and database that we will use for Metasploit

sudo -s
 su postgres

Now we create the user and Database, do record the database that you gave to the user since it will be used in the database.yml file that Metasploit and Armitage use to connect to the database.

createuser msf -P -S -R -D
 createdb -O msf msf

If you experience problems with the database setup this fedora guide offers a good guide for troubleshooting and setup

Installing Metasploit Framework:

We will download the latest version of Metasploit Framework via Git so we can use msfupdate to keep it updated:

cd /opt
 git clone
 cd metasploit-framework

Install using bundler the requiered gems and versions:

cd metasploit-framework
bundle install

WARNING: Currently there is a bug in Metasploit Framework with Symlinks:

Lets create the links to the commands so we can use them under any user and not being under the framework folder, for this we need to be in the metasploit-framework­ folder if not already in it:

cd metasploit-framework
 sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'

Metasploit for Development and Contribution

If you wish to develop and contribute to the product you can follow the additional steps here Metasploit Dev Environment . For this you will need a GitHub account and you will fork the project in to your own account. I personally keep my dev copy of Metasploit in ~/Development folder and after an initial run of msfconsole I keep my database.yml file in ~/.msf4/cofig folder and adjust the MSF_DATABASE_CONFIG variable for it or run msfconsole with the -y option and point it to a YAML file with the correct configuration.

Installing armitage:

curl -# -o /tmp/armitage.tgz
 sudo tar -xvzf /tmp/armitage.tgz -C /opt
 sudo ln -s /opt/armitage/armitage /usr/local/bin/armitage
 sudo ln -s /opt/armitage/teamserver /usr/local/bin/teamserver
 sudo sh -c "echo java -jar /opt/armitage/armitage.jar $\* > /opt/armitage/armitage"
 sudo perl -pi -e 's/armitage.jar/\/opt\/armitage\/armitage.jar/g' /opt/armitage/teamserver

Lets create the database.yml file that will contain the configuration parameters that will be use by framework:

sudo nano /opt/metasploit-framework/config/database.yml

Copy the YAML entries and make sure you provide the password you entered in the user creating step in the password field for the database:


 adapter: postgresql
 database: msf
 username: msf
 port: 5432
 pool: 75
 timeout: 5

Create and environment variable so it is loaded by Armitage and by msfconsole when running and load the variable in to your current shell:

sudo sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/config/database.yml; /etc/profile" source /etc/profile

First Run

Now we are ready to run Metasploit for the first time. My recommendation is to run it first under a regular user so the folders create under your home directory have the proper permissions. First time it runs it will create the entries needed by Metasploit in the database so it will take a while to load.

By Nepstor warlock AKA Zahan Ahmad

Regards = Hackerday Lucknow



Please enter your comment!
Please enter your name here