Kali Linux is the most popular operating system for security professionals for two reasons. First, it has all the popular penetration-testing tools preinstalled in it, so it reduces the cost of a separate installation. Secondly, it is a Linux-based operating system, which makes it less prone to virus attacks and provides more stability during penetration testing. It saves you time as you don't have to install the relevant components and tools, and who knows when you may encounter an unknown error during the installation process.
Either you can have a separate installation of Kali Linux on your hard disk, or you can also use it over a host on a virtual machine. The installation process is simple and the same as installing any Linux-based operating system.
To set up a Metasploit development environment on Kali Linux or any Debian-based Linux environment, you can use the following commands:
sudo apt update sudo apt -y install autoconf bison build-essential curl git-core libapr1 libaprutil1 libcurl4-openssl-dev libgmp3-dev libpcap-dev libpq-dev libreadline6-dev libsqlite3-dev libssl-dev libsvn1 libtool libxml2 libxml2-dev libxslt-dev libyaml-dev locate ncurses-dev openssl postgresql postgresql-contrib wget xsel zlib1g zlib1g-dev curl -sSL https://rvm.io/mpapis.asc | gpg --import - curl -L https://get.rvm.io | bash -s stable source ~/.rvm/scripts/rvm cd /opt sudo git clone https://github.com/rapid7/metasploit-framework.git sudo chown -R `whoami` /opt/metasploit-framework cd metasploit-framework rvm --install $(cat .ruby-version) gem install bundler bundle install
You can download Kali Linux ISO images from the official site, https://www.kali.org/downloads/, create a bootable USB drive, or burn the ISO image to a DVD-ROM and use it to install Kali Linux as a separate OS on your hard disk or simply boot the Kali ISO image in Live Mode. Another way is to run Kali Linux inside a virtual machine; for that, you can either use the ISO image to install Kali Linux from scratch or just download a Kali Linux VMware, VirtualBox, or ARM image from the official site.
For this book, we will use a Kali Linux VMware virtual machine:
- When booting the Kali Linux virtual machine, you will be asked to enter the username and password. The default username for the root user is
root
and the password istoor
. - Upon successful login, the easiest way to get the Metasploit Framework up and running is to start Metasploit from the
Applications
menu.
- To launch Metasploit from the
Applications
menu, go toApplications
|Exploitation Tools
|metasploit framework
, as shown in the following screenshot:
Note
Starting Metasploit Framework from the Applications
menu will automatically set up the PostgreSQL database. It will create the database user, the msf
and msf_test
databases, configure Metasploit to use the database, create the database schema, and start msfconsole
by running the following command: service postgresql start && msfdb init && msfconsole
.
Creating database user 'msf' Enter password for new role: Enter it again: Creating databases 'msf' and 'msf_test' Creating configuration file in /usr/share/metasploit-framework/config/database.yml Creating initial database schema # cowsay++ ____________ < metasploit > ------------ \ ,__, \ (oo)____ (__) )\ ||--|| * =[ metasploit v4.16.8-dev- ] + -- --=[ 1683 exploits - 964 auxiliary - 299 post ] + -- --=[ 498 payloads - 40 encoders - 10 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf >
Alternatively, you can start the Metasploit Framework by typing msfconsole
from a Terminal window.
As a rolling distribution, upgrading Kali Linux is simple. It's recommended to upgrade Kali Linux regularly, to ensure that you will get the latest security updates. To upgrade, use apt update
followed by apt upgrade
; apt
will look for installed packages that can be upgraded without removing any packages, this way being the least intrusive.
For major version upgrades and important upgrades, use apt full-upgrade
; this will do a complete upgrade and, if necessary, remove obsolete packages or install new dependencies.