In this section, we are going to look about Metasploit Community. It is a web GUI that uses Metasploit, but it has some features other than exploiting vulnerabilities. Metasploit community can be used to discover open ports, just like Zenmap, and install service, but it doesn't stop there. It is also used to map these ports and services to existing exploits in Metasploit and existing modules. From there we can literally exploit a vulnerability straight away using Metasploit. Let's see how we can use it.
The tool is not included in Kali. We have to download it. To download it, we need to use our email address because we will need the product activation key, which they will send to our email address. Use the following link to download it:
Once we download this, we are going to navigate to our Desktop using the cd command to change the directory. If we do ls to list the current files, we will be able to see that we have the installer metasploit-latest-linux-x64-installer.run file downloaded. The first thing we are going to do is change the permissions to an executable so that we can execute this file. In Linux, to change the permission we use the chmod command, and then we will put the permission that we want to set, which is executable +x, and we are going to put the filename, which is metasploit-latest-linux-x64-installer.run. Now we will launch the command which is as follows:
If we do ls, we will see that there is text that will be highlighted in green, which means that it is executable:
To run any executable in Linux, we are going to type in ./ and enter the filename which is metasploit-latest-linux-x64-installer.run. The command is as follows:
The installation is very simple. There are various steps for installation:
Step 1: We click on I accept the agreement, and then we click Forward:
Step 2: It will ask us whether we want to start Metasploit as a service every time the machine starts. We can pick either Yes or No, but we are going to pick No. That's why the Metasploit UI will start every time our computer starts. Click on Forwards:
Step 3: Then it is going to ask us for the SSL PORT that will be used. Because the service runs as a web GUI, we can set that to anything we want, but we are going to leave it as 3790:
Step 4: It is asking us for the Server Name, and we are going to keep it as localhost because it is being installed on our localhost:
Step 5: Then it will ask us for Database Server port. We are going to keep this the same. These are all configurations for the program to run:
Step 6: Now, it is ready to install. Once we press Forward, it will install it for us, and it will ask us for a username and a password for the web interface. Set that as well, pick a username and a password, and the process will finish up smoothly.
Now, once we finish the installer, we want to run the Metasploit service, because it is going to be installed as a service, as a web server. When we want to use Metasploit Community, we will have to run it using the service command in the same way we run any service in Linux. The command is as follows:
Once the service has started, all we have to go to a browser and navigate to https. Make sure to put https not http://localhot/, and then we enter the port that Metasploit runs on, which is 3790. Press Enter. Now it is asking us to log in, then we have to enter the username and password that we picked while we installed the program, and then we will be able to use it. We will be talking about logging in and using the tool in the next section.