如何在Debian 10/9上安装Metasploit框架
时间:2020-02-23 14:33:00 来源:igfitidea点击:
在本文中,我们将讨论如何在Debian 10/Debian 9上安装Metasploit框架。
Metasploit框架是世界上最受欢迎的安全专业人士和研究人员的开源渗透测试框架。
它提供了执行广泛的安全审计和穿透测试的基础架构,内容和工具。
Metasploit框架运行以下Services.PostGRESQL数据库服务器 - Metasploit使用以将数据存储在Project.Ruby上railsmetasploit服务
Metasploit框架要求
在Debian 10/Debian 9上运行Metasploit框架的最低硬件要求是:
CPU - 2 GHz + Processor
内存 - 4 GB RAM可用(推荐8 GB)
磁盘空间 - 1 GB可用磁盘空间(推荐50 GB)
在Debian 10/Debian 9上安装Metasploit框架
通过提供Metasploit安装程序脚本,已经简单地安装了Debian 10/9的Metasploit框架。
我们只需下载安装程序并运行它。
使用wget或者curl命令下载Metasploit安装程序。
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
下载脚本后,使其可执行。
chmod +x msfinstall
然后执行安装程序以在Debian 10/9上安装Metasploit框架。
$./msfinstall Switching to root user to update the package Adding metasploit-framework to your repository list..OK Updating package cache..OK Checking for and installing update.. Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: metasploit-framework 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 212 MB of archives. After this operation, 476 MB of additional disk space will be used. Get:1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 metasploit-framework amd64 5.0.27+20190604165801~1rapid7-1 [212 MB] Fetched 212 MB in 3min 32s (1,001 kB/s) Selecting previously unselected package metasploit-framework. (Reading database ... 140536 files and directories currently installed.) Preparing to unpack .../metasploit-framework_5.0.27+20190604165801~1rapid7-1_amd64.deb ... Unpacking metasploit-framework (5.0.27+20190604165801~1rapid7-1) ... Setting up metasploit-framework (5.0.27+20190604165801~1rapid7-1) ... update-alternatives: using /opt/metasploit-framework/bin/msfbinscan to provide /usr/bin/msfbinscan (msfbinscan) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfconsole to provide /usr/bin/msfconsole (msfconsole) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfd to provide /usr/bin/msfd (msfd) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfdb to provide /usr/bin/msfdb (msfdb) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfelfscan to provide /usr/bin/msfelfscan (msfelfscan) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfmachscan to provide /usr/bin/msfmachscan (msfmachscan) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfpescan to provide /usr/bin/msfpescan (msfpescan) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfrop to provide /usr/bin/msfrop (msfrop) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfrpc to provide /usr/bin/msfrpc (msfrpc) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfrpcd to provide /usr/bin/msfrpcd (msfrpcd) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfupdate to provide /usr/bin/msfupdate (msfupdate) in auto mode update-alternatives: using /opt/metasploit-framework/bin/msfvenom to provide /usr/bin/msfvenom (msfvenom) in auto mode Run msfconsole to get started
安装程序脚本将为存储库列表添加Metasploit框架存储库,并安装所需的所有工具。
如果互联网速度较慢,下载可能需要一段时间。
使用以下内容检查框架版本
$msfconsole --version Framework Version: 5.0.27-dev
完成安装后,创建和初始化MSF数据库。
$msfdb init
Creating database at /home/jmutai/.msf4/db
Starting database at /home/jmutai/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/jmutai/.msf4/db/pg_hba.conf
Stopping database at /home/jmutai/.msf4/db
Starting database at /home/jmutai/.msf4/db...success
Creating initial database schema
[?] Initial MSF web service account username? [jmutai]:
[?] Initial MSF web service account password? (Leave blank for random password):
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
MSF web service started and online
Creating MSF web service user jmutai
############################################################
## MSF Web Service Credentials ##
## ##
## Please store these credentials securely. ##
## You will need them to connect to the webservice. ##
############################################################
MSF web service username: jmutai
MSF web service password: password
MSF web service user API token: 1852b337c09cf94b7ea9a467d3cab4c2dc78ae19e3e8620df21cf743a36ecf68308de0fdaae02eb4
MSF web service configuration complete
The web service has been configured as your default data service in msfconsole with the name "local-https-data-service"
If needed, manually reconnect to the data service in msfconsole using the command:
db_connect --token 1852b337c09cf94b7ea9a467d3cab4c2dc78ae19e3e8620df21cf743a36ecf68308de0fdaae02eb4 --cert /home/jmutai/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443
The username and password are credentials for the API account:
https://localhost:5443/api/v1/auth/account
这将创建初始数据库架构,设置服务帐户和启动服务。
应打印类似于下面的输出。
使用打印凭据访问MSF Web服务和API。
发射MSFconsole.
现在数据库是初始化的,我们可以启动MSFconsole
$msfconsole
_---------.
.' ####### ;."
.---,. ;@ @@`; .---,..
." <@@'.,'@@ <@@',.'<@ ".
'Hyman@theitroad<<<< <<<<@ @;
`Hyman@theitroad<<<@@ <<<<@@ .'
"--'Hyman@theitroad@@ Hyman@theitroad @ ,'- .'--"
"Hyman@theitroad' ; @ @ `. ;'
|<@ < @ .
' < @@ @@ ,
`Hyman@theitroad< @@ .
',@@ @ ; _____________
( 3 C ) /|___/Metasploit! \
;@'. __*__,." \|--- _____________/
'(.,...."/
=[ metasploit v5.0.27-dev- ]
+ -- --=[ 1895 exploits - 1067 auxiliary - 329 post ]
+ -- --=[ 547 payloads - 44 encoders - 10 nops ]
+ -- --=[ 2 evasion ]
msf5 >
验证数据库连接 db_status命令如下所示。
msf5 > db_status --token 1852b337c09cf94b7ea9a467d3cab4c2dc78ae19e3e8620df21cf743a36ecf68308de0fdaae02eb4 --cert /home/jmutai/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443 [*] Connected to remote_data_service: (https://localhost:5443). Connection type: http. Connection name: local-https-data-service.
更新Metasploit框架
要在Debian 10/Debian 9上更新Metasploit框架9.运行命令:
$msfupdate Switching to root user to update the package Updating package cache..OK Checking for and installing update.. Reading package lists... Done Building dependency tree Reading state information... Done metasploit-framework is already the newest version (5.0.27+20190604165801~1rapid7-1). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
