在CentOS 8/CentOS 7上安装Metasploit框架
时间:2020-02-23 14:31:13 来源:igfitidea点击:
在本文中,我们将讨论如何在CentOS 8/CentOS 7 Linux发行版上安装Metasploit Framework。如果我们是渗透测试领域的新手,Metasploit Framework是Rapid7创建的工具,用于渗透测试并发现IT环境和资产中的安全漏洞。它为我们提供基础结构,内容和工具,以执行广泛的安全审核和渗透测试。
Metasploit框架要求
这些是在任何Linux机器上运行Metasploit Framework的最低硬件要求.CPU 2 GHz +处理器RAM可用4 GB RAM(建议8 GB)磁盘空间1 GB可用磁盘空间(建议50 GB)
以下是Metasploit框架的核心服务。
Metasploit用于存储项目数据的PostgreSQL数据库服务器.Ruby on RailsMetasploit服务
在CentOS 8/CentOS 7上安装Metasploit框架
请按照以下步骤在CentOS 8/CentOS 7 Linux发行版上安装Metasploit Framework。
使用wget或者curl命令下载Metasploit安装程序。
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
提供安装程序脚本执行位。
chmod +x msfinstall
然后执行安装程序以在CentOS 8/CentOS 7上安装Metasploit Framework。
$./msfinstall
示例安装输出:
$./msfinstall Switching to root user to update the package Checking for and installing update.. Adding metasploit-framework to your repository list..Metasploit [=== Metasploit 153 kB/s | 246 kB 00:01 Dependencies resolved. ======================================================================================================================================================== Package Arch Version Repository Size ======================================================================================================================================================== Installing: metasploit-framework x86_64 5.0.77+20170224112600~1rapid7-1.el6 metasploit 206 M Transaction Summary ======================================================================================================================================================== Install 1 Package Total download size: 206 M Installed size: 462 M Downloading Packages:
安装程序脚本会将Metasploit Framework存储库添加到存储库列表中,并安装所需的所有工具。如果互联网速度较慢,则下载可能需要一段时间。
运行命令以开始初始设置。
$msfdb init
** Welcome to Metasploit Framework Initial Setup **
Please answer a few questions to get started.
Would you like to use and setup a new database (recommended)? yes
Creating database at /home/cloud-user/.msf4/db
Starting database at /home/cloud-user/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/cloud-user/.msf4/db/pg_hba.conf
Stopping database at /home/cloud-user/.msf4/db
Starting database at /home/cloud-user/.msf4/db...success
Creating initial database schema
[?] Initial MSF web service account username? [cloud-user]: admin
[?] Initial MSF web service account password? (Leave blank for random password):
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
MSF web service started and online
Creating MSF web service user admin
....
存储配置输出中显示的MSF Web服务凭据:
Creating MSF web service user admin
############################################################
## MSF Web Service Credentials ##
## ##
## Please store these credentials securely. ##
## You will need them to connect to the webservice. ##
############################################################
MSF web service username: admin
MSF web service password: password
MSF web service user API token: eee4cda702f0bdc0625c828cf56817dfd07a13c23e55000230f23fe33340ab0ef9e28f483e11312f
MSF web service configuration complete
The web service has been configured as your default data service in msfconsole with the name "local-https-data-service"
If needed, manually reconnect to the data service in msfconsole using the command:
db_connect --token eee4cda702f0bdc0625c828cf56817dfd07a13c23e55000230f23fe33340ab0ef9e28f483e11312f --cert /home/cloud-user/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443
The username and password are credentials for the API account:
https://localhost:5443/api/v1/auth/account
** Metasploit Framework Initial Setup Complete **
Metasploit Framework的安装应完成:
使用以下方法检查Framework版本:
$msfconsole --version Framework Version: 5.0.77-dev
启动msfconsole
现在数据库已初始化,我们可以启动msfconsole
$msfconsole
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMM MMMMMMMMMM
MMMN$ vMMMM
MMMNl MMMMM MMMMM JMMMM
MMMNl MMMMMMMN NMMMMMMM JMMMM
MMMNl MMMMMMMMMNmmmNMMMMMMMMM JMMMM
MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
MMMNI MMMMM MMMMMMM MMMMM jMMMM
MMMNI MMMMM MMMMMMM MMMMM jMMMM
MMMNI MMMNM MMMMMMM MMMMM jMMMM
MMMNI WMMMM MMMMMMM MMMM# JMMMM
MMMMR ?MMNM MMMMM .dMMMM
MMMMNm `?MMM MMMM` dMMMMM
MMMMMMN ?MM MM? NMMMMMN
MMMMMMMMNe JMMMMMNMMM
MMMMMMMMMMNm, eMMMMMNMMNMM
MMMMNNMNMMMMMNx MMMMMMNMMNMMNM
MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM
https://metasploit.com
=[ metasploit v5.0.77-dev- ]
+ -- --=[ 1973 exploits - 1087 auxiliary - 339 post ]
+ -- --=[ 559 payloads - 45 encoders - 10 nops ]
+ -- --=[ 7 evasion ]
msf5 >
如下所示,使用db_status命令验证数据库的连接性。
$db_status [*] Connected to remote_data_service: (https://localhost:5443). Connection type: http. Connection name: local-https-data-service.
更新Metasploit框架
要在Debian 10/Debian 9上更新Metasploit框架,请运行以下命令:
$msfupdate Switching to root user to update the package Checking for and installing update.. Adding metasploit-framework to your repository list..Metasploit [=== Metasploit 3.0 kB/s | 3.0 kB 00:01 Package metasploit-framework-5.0.77+20170224112600~1rapid7-1.el6.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete!
