Have you ever wanted to run an exploit but found yourself away from your desk? Wouldn't it be awesome if you could launch a full version of the Metasploit Framework from your phone or tablet? As you might have guessed, now you can. With an adventurous spirit and a few commands, you can be running the Metasploit Framework on your iPad or iPhone in just a few short minutes.


Warning: To install Metasploit, you’ll need root access to your device – which is accomplished by following your favorite jailbreaking procedure. I used Absinthe (http://absinthejailbreak.com/). Jailbreaking can potentially cause problems for you and your device, and will void the warranty. You assume all risk when altering your device(s). However, if you are installing Metasploit, you probably already enjoy breaking things. :-)


Once you have root, you will need the following:

  • OpenSSH server (via Cydia)
  • apt [APT 0.7+ Strict] (via Cydia)
  • SSH client (I use iSSH; via App Store)


First, make sure everything is updated and that you have subversion installed:

apt-get update

apt-get dist-upgrade

apt-get install wget subversion




Once that’s done, we’ll need to grab Ruby and iOS dependencies for Metasploit Framework to run. As of this writing, the files needed were kindly hosted over at iNinjas:


wget http://ininjas.com/repo/debs/ruby_1.9.2-p180-1-1_iphoneos-arm.deb

wget http://ininjas.com/repo/debs/iconv_1.14-1_iphoneos-arm.deb

wget http://ininjas.com/repo/debs/zlib_1.2.3-1_iphoneos-arm.deb



Install the packages:

dpkg -i iconv_1.14-1_iphoneos-arm.deb

dpkg -i zlib_1.2.3-1_iphoneos-arm.deb

dpkg -i ruby_1.9.2-p180-1-1_iphoneos-arm.deb


Once the dependencies have finished installing, you can safely delete those files to save space on your iDevice. Presuming these are the only .deb files you have downloaded, you can run rm -rf *.deb. If you’ve been tinkering around with other files, just replace the * with the file names you want to remove.


If you want to double-check everything installed correctly, you should be able to see Ruby version 1.9.2 by running the ruby –v command.



Now the good part! I installed Metasploit Framework to /private/var/msf3. In case you are unfamiliar, /private/var is the partition where your apps, media and settings are all stored by default, so it’s easily the larger of the two default partitions on your iDevice.


We’re going to use svn to grab the Metasploit Framework trunk for the sake of simplicity and compatibility issues:


cd /private/var

svn co https://www.metasploit.com/svn/framework3/trunk/ msf3




Once that’s done, cd to msf/ and launch the Metasploit Framework!


ruby msfconsole


Happy exploiting!





Co-written/Developed by Andrew Spangler and James Kirk