Armitage is a graphical user interface (GUI) for Metasploit, the command line pentesting framework. This is a good alternative for users who refuse to interact with the command line and want to execute pentesting actions.
After reading this tutorial, you will be able to install and get started with Armitage by following a few instructions.
This content is optimized both for Metasploit experienced users and inexperienced users. Also, it is valid for all Debian-based Linux distributions with Metasploit already installed. If your system has not installed Metasploit yet, follow the instructions described here to install Metasploit before continuing with Armitage.
All steps explained in this article include screenshots, making it easy for every Linux user to understand and follow them.
Installing Armitage on Kali Linux (And Debian-Based Distributions)
To begin, install Armitage using the apt packages manager, as shown in the following screenshot.
–
After the installation ends, start the Metasploit database by running the following command.
Once the database is initialized, start Armitage with privileges, as shown in the figure below.
You will be requested to fill in the database host, port, user, and password. You can leave them as default.
You will be asked if you want Armitage to initialize the RPC server. The Metasploit RPC server is not mandatory, you can run it if you want Metasploit to interact with external applications, or you can leave it disabled.
Wait until the database connects.
After connecting, the Armitage GUI will show up, as shown in the following figure.
You can start by adding a host (Target) to scan.
To add a host, press the Hosts option on the top menu bar and then press Add Hosts, as shown in the image below. Optionally, if you have a file with hosts to import, you can press the first option.
Type the IP address or hostname of your target (In the screenshot, it was blurred). Then press the Add button.
If the host was added successfully, a dialog box would show up; press OK. A computer representing the host will show up in the hosts’ section.
Once you add a host, you can start a scan. To do it, press Hosts, again, and then press Nmap Scan. Press the scan type you want. For this example, I selected an intense scan on all TCP ports.
You will be asked to accept the shown target or type the correct one. If you add only a host, by default, it will show up. Then press OK.
The scan process will begin; wait until it ends. If you selected an intense scan, it might take hours.
A dialog box, as shown below, will notify you the scan has been completed. It also will instruct you to press the Attacks menu and Find Attacks.
Press Attacks and Find Attacks, as shown in the following figure.
Armitage will start finding exploits in accordance with the previous scan results.
A new dialog box will inform you the attack analysis was completed.
After the analysis ends, right-click the host and press on Attack to display exploits compatible with the scan results. Choose any exploit you want to try.
Troubleshooting: Attack Menu Doesn’t Show Up in Armitage
Many users complain that after the exploits analysis, the Attack menu doesn’t show up. That’s because Armitage, by default, only shows exploits with excellent possibilities to work.
You can instruct Armitage not to be 100% exact and keep an error margin to show exploits with medium to low success possibilities. That’s what I did in this tutorial.
To do it, just press Armitage on the top menu, then press Set Exploit Rank and select the rank you want to test.
If you select the Poor option, a lot of exploits will show up, many of them useless. If you choose the Excellent option, only functional exploits against the specified target will show up.
Conclusion
Armitage is a great option for users who are not familiar with the Linux console. The graphical interface is very intuitive and easy to use, contrary to Metasploit, which requires the user to learn specific commands.
As you can see, installing Armitage on Kali Linux and Debian-based Linux distributions is pretty easy and can be done by any Linux user independently of their knowledge level. This allows even inexperienced users to test their system or network security. Yet, it is recommended for users to learn the command line version since not all systems include a graphical interface (X Window Manager).
Thank you for reading this tutorial explaining how to install Armitage on Kali Linux and how to get started with it. Keep following us for additional high-quality Linux content.
