Today, our friends at Offensive Security announced Kali Linux, which is based on the philosophy of an offensive approach to security. While defensive solutions are important to protect your network, it is critical to step into the shoes of an attacker to see if they're working. Kali Linux is a security auditing toolkit that enables you just that: test the security of your network defenses before others do.
Kali is a free, open source, and robust Linux Distribution that makes security auditing ready for the enterprise. It is the natural evolution of the BackTrack platform, which has been hugely popular among Metasploit users. This is why the Metasploit team here at Rapid7 was more than happy to join the Kali Linux project as an official contributor. We re-engineered Metasploit to fully integrate into the Kali Linux repositories and resolved some of the issues that may have caused some of you headaches with updates, databases, and general stability on BackTrack in the past.
To hear more about this topic, tune in to our free webcast with HD Moore (Metasploit Chief Architect), Mati Aharoni, and Devon Kearns (both from the BackTrack & Kali Linux team) on March 21 at 3pm Eastern.
If you can't wait that long, here's my short video to get an overview of Kali Linux:
If you'd like to start using Metasploit on Kali Linux, you may benefit from these tips:
- Download the Kali Linux Virtual Machine from www.kali.org, or install your own using instructions at http://docs.kali.org/general-use/install-vmware-tools-kali-guest
- Kali Linux doesn't start any application services by default to shorten the boot up time and reduce the attack surface to a minimum.
To start Metasploit's services immediately, open a terminal window and enter service postgresql start && service metasploit start
To start Metasploit's services on each boot time (but not immediately), open a terminal window and **update-rc.d postgresql enable && update-rc.d metasploit enable
- To start Metasploit Framework, open the Applications menu > Kali Linux > Top 10 Security Tools -> Metasploit Framework
- To start the web ui for Metasploit Community or Metasploit Pro, you have two options:
Type the new go_pro on the Metasploit Framework console (only available in Kali Linux for now), which starts all services and then launches the browser with http://localhost:3790, the URL of the Metasploit Community / Pro web-based user interface
Open the menu Applications -> Kali Linux -> Exploitation Tools -> Metasploit -> metasploit community / pro
In case you have more questions, we have prepared an FAQ about Kali Linux and Metasploit.
I hope you'll enjoy using Metasploit Framework, Metasploit Community, and Metasploit Pro on Kali Linux. If you'd like to learn more about Kali Linux and Metasploit, attend our free webcast with HD Moore (Metasploit Chief Architect), Mati Aharoni, and Devon Kearns (both from the BackTrack & Kali Linux team) on March 21 at 3pm Eastern.