Activating Metasploit to fix msfupdate: Start to Finish

Document created by todb Employee on Jan 16, 2013
Version 1Show Document
  • View in full screen mode

Have you run into this?


    root@ubuntu:~/Downloads# msfupdate


    [*] Attempting to update the Metasploit Framework...



    [*] No updates available


If so, it's time to register Metasploit (for some background on why this is, see the blog post). Here's the HOWTO, from start to end. These screens are from Ubuntu 12.04 Desktop using Chrome, but since it's pretty much all web pages, the procedure is the same for any installed version of Metasploit. Click on them to seem at a readable size, or just read along.


Your local install


First off, you're going to want to go to https://localhost:3790 and accept the self-signed certificate.




Then, generate yourself a new local user.




Once you do that, you'll be thrown to the local activation page for the Metasploit service. So, click on the the "Get Product Key" button, and head over to Rapid7's site. You'll need to be on the Internet for this, of course.




If you were trying to msfupdate, and failed, chances are you are looking for a Community Edition key. It's free, in both free-as-in-beer and free-as-in-speech; there's no encumbrance of a restrictive terms of service or anything like that. So, you will select it here.




Fill out the form, be sure to give an e-mail address that you can read (it can be from any e-mail provider), and hit the trusty Submit button.




Wait a tick, and you'll have a new key sitting in your e-mail. If it's not there in a minute or two, check your spam filter for something from Rapid7 with the subject of Rapid7 - Metasploit Community License Activated. In the meantime, you'll be redirected back to your local installation, where you're all set to fill it in.




Assuming your copypasta skills are up to snuff, you should then get the happy green alert message that you've successfully activated your copy of Metasploit Community Edition.




Now, you can head back to your beloved command prompt, and msfupdate like a player.




As you can see, you're now able to track the latest releases of Metasploit Update as they're released and announced on the SecurityStreet community blog. This procedure is pretty much identical to the Windows way, as well, except in order to run msfupdate, you'll want to be in the provided Diagnostic Shell or the Framework Console. Note that for the default Firefox install on Ubuntu (and probably for anything else), you might get a complaint about the Rapid7 certificate. If you do, just ensure that the cert has the SHA1 fingerprint of 1E:80:C2:4B:97:C9:28:BB:1D:B7:D4:D3:C0:54:75:A6:A4:0A:11:86. This should be true through October of 2015.

If you run into any problems during installation or activation, check the registriation faq at, or ask over on the forums -- those folks are always friendly and helpful.