Metasploit Framework: Install and Configure on Ubuntu

Introduction

Welcome to the Metasploit Installation and Initial Setup lab. The Metasploit Framework is a powerful open-source tool used for developing, testing, and executing exploit code against a remote target machine. It is one of the most widely used tools for penetration testing and security research.

In this lab, you will walk through the entire process of getting Metasploit up and running on an Ubuntu system. You will start by updating your system's packages, then install the Metasploit Framework, configure its required PostgreSQL database, and finally launch the Metasploit console. By the end of this lab, you will have a fully functional Metasploit environment ready for use.

Update Ubuntu Packages with apt update and apt upgrade

In this step, you will update your system's package lists and upgrade any outdated packages. This is a crucial first step before installing new software to ensure you have the latest security patches and dependencies, which helps prevent potential conflicts.

First, update the package list from the repositories using the apt update command. You need sudo because this action requires administrative privileges.

sudo apt update

You will see output showing the package lists being fetched from the Ubuntu sources.

Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
...
Fetched 1,589 kB in 2s (924 kB/s)
Reading package lists... Done
Building dependency tree... Done

With your system up-to-date, you are now ready to install Metasploit.

Install Metasploit Framework using the official installation script

In this step, you will install the Metasploit Framework using the official installation script provided by Rapid7. This script will add the Metasploit repository to your system and install the latest version of the framework.

First, download the installation script to a temporary location:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > /tmp/msfinstall

Next, make the script executable:

chmod 755 /tmp/msfinstall

Now run the installation script with administrative privileges:

sudo /tmp/msfinstall

The script will add the Metasploit Framework repository to your package sources, update the package cache, and install the metasploit-framework package along with its dependencies. You will see output similar to this:

  % Total    % Received % Xferd  Average Speed   Time    Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  6144  100  6144    0     0  34855      0 --:--:-- --:--:-- --:--:-- 34909
Adding metasploit-framework to your repository list..Updating package cache..OK
Checking for and installing update..
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  metasploit-framework
...
Setting up metasploit-framework (6.4.x~...) ...
update-alternatives: using /opt/metasploit-framework/bin/msfconsole to provide /usr/bin/msfconsole (msfconsole) in auto mode
...
Run msfconsole to get started

Once the installation completes, the Metasploit Framework will be installed on your system.

Launch Metasploit Console and Complete Initial Setup

In this final step, you will launch the Metasploit console for the first time, which will trigger the initial setup process. This includes setting up the database that Metasploit uses to store information about your projects, including host data, vulnerabilities, and collected evidence.

To start the console, simply type msfconsole in your terminal and press Enter.

msfconsole

The first time you run Metasploit, it will display the initial setup wizard:

 ** Welcome to Metasploit Framework Initial Setup **
    Please answer a few questions to get started.


Would you like to use and setup a new database (recommended)?

Type yes and press Enter to proceed with the database setup.

Would you like to use and setup a new database (recommended)? yes
Running the 'init' command for the database:
Creating database at /home/labex/.msf4/db
Creating db socket file at /tmp
Starting database at /home/labex/.msf4/db...waiting for server to start.... done
server started
success
Creating database users
Writing client authentication configuration file /home/labex/.msf4/db/pg_hba.conf
Stopping database at /home/labex/.msf4/db
Starting database at /home/labex/.msf4/db...waiting for server to start.... done
server started
success
Creating initial database schema
Database initialization successful
Database initialization successful

 ** Metasploit Framework Initial Setup Complete **

After the setup completes, you'll see the familiar Metasploit banner and prompt:

Metasploit tip: Display the Framework log using the log command, learn
more with help log

Call trans opt: received. 2-19-98 13:24:18 REC:Loc

     Trace program: running

           wake up, Neo...
        the matrix has you
      follow the white rabbit.

          knock, knock, Neo.

                        (`.         ,-,
                        ` `.    ,;' /
                         `.  ,'/ .'
                          `. X /.'
                .-;--''--.._` ` (
              .'            /   `
             ,           ` '   Q '
             ,         ,   `._    \
          ,.|         '     `-.;_'
          :  . `  ;    `  ` --,.._;
           ' `    ,   )   .'
              `._ ,  '   /_
                 ; ,''-,;' ``-
                  ``-..__``--`

                             https://metasploit.com


       =[ metasploit v6.4.x-dev-                               ]
+ -- --=[ 2,564 exploits - 1,315 auxiliary - 1,680 payloads     ]
+ -- --=[ 431 post - 49 encoders - 13 nops - 9 evasion          ]

Metasploit Documentation: https://docs.metasploit.com/
The Metasploit Framework is a Rapid7 Open Source Project

msf >

To confirm that the database is connected correctly, run the db_status command inside the Metasploit console.

db_status

The expected output is:

[*] Connected to msf. Connection type: postgresql.

This confirms your Metasploit instance is successfully connected to the PostgreSQL database. To exit the Metasploit console, simply type exit.

exit

Summary

Congratulations! You have successfully completed the installation and initial setup of the Metasploit Framework on your Ubuntu system.

In this lab, you have learned how to:

Update and upgrade your system packages using apt.
Install the Metasploit Framework using the official installation script provided by Rapid7.
Launch the Metasploit console (msfconsole) for the first time, which automatically triggers the initial database setup process.
Verify the database connection within the Metasploit console.

You now have a powerful and fully functional penetration testing tool at your disposal. The Metasploit Framework is now configured with its own PostgreSQL database instance and ready for use. You are ready to move on to more advanced labs where you can explore its vast capabilities for security testing and research.