How to Install Metasploit on Fedora: A Complete Step-by-Step Guide
The Metasploit Framework is an essential tool in the arsenal of any cybersecurity professional, penetration tester, or ethical hacker. It provides a powerful, open-source platform for developing, testing, and executing exploit code. For users of the Fedora Linux distribution, installing Metasploit can streamline security workflows and provide a robust environment for vulnerability research.
This guide will walk you through the complete process of installing the Metasploit Framework on a modern Fedora system. We will cover everything from system preparation and dependency installation to database configuration and the final launch.
Prerequisites
Before we begin, ensure you have the following:
- A running instance of a currently supported Fedora release.
- Sudo or root privileges to install packages and configure services.
- A stable internet connection.
It is critically important to run a currently supported version of Fedora for security updates and package compatibility. While the core steps are similar across versions, using an end-of-life release is not recommended.
Step 1: Prepare Your Fedora System
First, it’s always a best practice to ensure your system is fully up to date. Open a terminal and run the following command to update all your packages:
sudo dnf update -y
This command will download and apply the latest security patches and software updates, providing a stable base for the installation.
Step 2: Install Metasploit Dependencies
Metasploit has several dependencies that must be installed before the framework itself. These include development tools, libraries, and the PostgreSQL database, which Metasploit uses to store project data, host information, and loot.
Execute the following command to install all required dependencies in one go:
sudo dnf install -y git postgresql-server postgresql-devel ruby-devel libpcap-devel zlib-devel libffi-devel openssl-devel make gcc redhat-rpm-config
This command installs key components like:
- git: To clone the Metasploit repository.
- postgresql-server: The database backend.
- ruby-devel and other -devel packages: Required to build native Ruby gems.
Step 3: Clone the Metasploit Framework Repository
Instead of using a package manager, the recommended method for installing Metasploit is to clone it directly from the official GitHub repository. This ensures you have the very latest version.
Clone the repository into the /opt directory, a standard location for optional software:
git clone https://github.com/rapid7/metasploit-framework.git /opt/metasploit-framework
Next, change your current directory to the new Metasploit folder:
cd /opt/metasploit-framework
Step 4: Install Ruby Dependencies with Bundler
Metasploit relies on numerous Ruby libraries, known as gems. The bundler tool manages these dependencies to ensure compatibility.
First, install bundler using the gem command:
sudo gem install bundler
Now, use bundler to install all the gems specified in the project’s Gemfile. This step may take several minutes as it downloads and compiles numerous packages.
bundle install
Step 5: Configure and Initialize the PostgreSQL Database
A properly configured database is essential for managing large assessments and saving your work.
First, initialize the PostgreSQL database cluster:
sudo postgresql-setup --initdb
Next, start the PostgreSQL service and enable it to launch automatically on system boot:
sudo systemctl start postgresql
sudo systemctl enable postgresql
With the database running, you can now use Metasploit’s built-in script to create the database user and initialize the schema. This is a crucial step for linking the framework to its database.
Run the following command from within the /opt/metasploit-framework directory:
./msfdb init
This script will automate the database setup process and confirm when it’s complete.
Step 6: Launch and Verify the Metasploit Framework
With all dependencies installed and the database configured, you are ready to launch the Metasploit console.
To run Metasploit, execute the msfconsole command from the installation directory:
./msfconsole
The first launch might take a moment as the framework initializes. Once it’s ready, you will be greeted by the iconic Metasploit banner and the msf6 > command prompt.
To confirm that the database is connected correctly, run the db_status command inside the console:
msf6 > db_status
You should see a message confirming the connection, like [*] postgresql connected to msf.
Important Security & Usage Tips
- Ethical Use Only: The Metasploit Framework is a powerful tool designed for legitimate security testing. Only use it on systems and networks you have explicit, written permission to test. Unauthorized use is illegal and unethical.
- Keep Your Framework Updated: The threat landscape changes daily. Regularly update Metasploit to receive the latest exploits, payloads, and features. You can do this by running
git pullfrom the/opt/metasploit-frameworkdirectory. - Create Executable Links: For easier access, you can create symbolic links to the Metasploit executables in your
PATH. This allows you to runmsfconsolefrom any directory.
bash
sudo ln -s /opt/metasploit-framework/msfconsole /usr/local/bin/
sudo ln -s /opt/metasploit-framework/msfvenom /usr/local/bin/
By following these steps, you have successfully deployed a fully functional Metasploit Framework installation on your Fedora system, empowering you to conduct professional security research and penetration testing.
Source: https://kifarunix.com/install-metasploit-framework-on-fedora-29/
