Metasploit Framework es un proyecto de código abierto que proporciona la infraestructura, el contenido y las herramientas para realizar auditorías de seguridad y pruebas de penetración exhaustivas.
Las ediciones comerciales de Metasploit están disponibles para los usuarios que prefieren utilizar una interfaz web para pentest. El Framework Metasploit ejecuta los siguientes servicios.
- PostgreSQL Database server – utilizado por Metasploit para almacenar datos de un proyecto.
- Ruby on Rails
- Metasploit service
Requerimientos Metasploit Framework
A continuación se encuentran los requisitos mínimos de hardware para ejecutar Metasploit Framework en Ubuntu 18.04 / Debian 9.
- 2 GHz+ processor
- 4 GB RAM available (8 GB recomendado)
- 1 GB available disk space (50 GB recomendado)
- 64-bit version of Ubuntu 18.04 / Debian 9 (o más)
La forma más sencilla de instalar Metasploit Framework en Ubuntu / Debian es desde el instalador de Metasploit. Este instalador se entrega con todas las dependencias y herramientas necesarias para ejecutar Metasploit Framework.
Descargue el instalador de Metasploit ejecutando los siguientes comandos en su terminal.
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
Una vez descargado el script, hazlo ejecutable.
chmod 755 msfinstall
Luego ejecuta:
# ./msfinstall Adding metasploit-framework to your repository list..OK Updating package cache..OK Checking for and installing update.. Reading package lists… Done Building dependency tree Reading state information… Done The following NEW packages will be installed: metasploit-framework 0 upgraded, 1 newly installed, 0 to remove and 122 not upgraded. Need to get 169 MB of archives. After this operation, 397 MB of additional disk space will be used. Get:1 https://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 metasploit-framework amd64 4.17.35+20190105104028~1rapid7-1 [169 MB] Fetched 169 MB in 4s (42.3 MB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package metasploit-framework. (Reading database … 34892 files and directories currently installed.) Preparing to unpack …/metasploit-framework_4.17.35+20190105104028~1rapid7-1_amd64.deb … Unpacking metasploit-framework (4.17.35+20190105104028~1rapid7-1) … Setting up metasploit-framework (4.17.35+20190105104028~1rapid7-1) … update-alternatives: using /opt/metasploit-framework/bin/msfbinscan to provide /usr/bin/msfbinscan (msfbinscan) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfconsole to provide /usr/bin/msfconsole (msfconsole) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfd to provide /usr/bin/msfd (msfd) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfdb to provide /usr/bin/msfdb (msfdb) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfelfscan to provide /usr/bin/msfelfscan (msfelfscan) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfmachscan to provide /usr/bin/msfmachscan (msfmachscan) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfpescan to provide /usr/bin/msfpescan (msfpescan) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfrop to provide /usr/bin/msfrop (msfrop) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfrpc to provide /usr/bin/msfrpc (msfrpc) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfrpcd to provide /usr/bin/msfrpcd (msfrpcd) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfupdate to provide /usr/bin/msfupdate (msfupdate) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfvenom to provide /usr/bin/msfvenom (msfvenom) in auto mode update-alternatives: using /opt/metasploit-framework/bin/metasploit-aggregator to provide /usr/bin/metasploit-aggregator (metasploit-aggregator) in auto mode Run msfconsole to get started
Crea e inicializa la base de datos msf.
$ msfdb init Creating database at /home/jmutai/.msf4/db Starting database at /home/jmutai/.msf4/db…success Creating database users Creating initial database schema
Inicia msfconsole
Ahora que la base de datos está inicializada, puedes iniciar msfconsole.
$ msfconsole
Ejemplo del output:
db_status como se muestra:.msf > db_status [*] postgresql connected to msf msf >
Actualizando Metasploit Framework
Para actualizar su Metasploit Framework en Ubuntu / Debian. Ejecute el comando:
# msfupdate Updating package cache..OK Checking for and installing update.. Reading package lists… Done Building dependency tree Reading state information… Done metasploit-framework is already the newest version (4.17.35+20190105104028~1rapid7-1). 0 upgraded, 0 newly installed, 0 to remove and 123 not upgraded.
Puedes checar la versión del Framework con el siguiente comando:
# msfconsole --version Framework Version: 4.17.35-dev-
Felicidades. Ya tienes instalado el Metasploit Framework en tu sistema 🙂
