Verifying Your Metasploit Download with SHA-1 Hashes and PGP Signatures

Version 28

    Check the SHA-1 hash if your installer is not working properly, or verify the PGP signature to verify that the download is genuine.

     

    SHA-1 Hashes and PGP Signatures for Metasploit Version 4.11.6

     

    Operating SystemSHA-1 HashPGP Signature
    WindowsClick for SHA1 hashClick for PGP Signature
    Linux (32 bit)Click for SHA1 hashClick for PGP Signature
    Linux (64 bit)Click for SHA1 hashClick for PGP Signature
    Framework SourceClick for SHA1 hashClick for PGP Signature

     

    About SHA-1

     

    SHA-1 (Secure Hash Algorithm Version 1) generates a 160 bit encrypted checksum (or SHA-1 hash) for any given file, which you can use to determine if the file has been corrupted or modified during the download process. If the computed SHA-1 hash for the file does not match up with the SHA-1 hash we’ve provided, do not run the installer and let us know that you’ve encountered an issue with the file.

     

    Your SHA-1 hash

     

    To make things easier for you, we’ve provided the SHA-1 hash for each installer file in the above table.

     

    How do I verify the SHA-1 hash?

     

    Verifying SHA-1 on Windows

     

    To verify the SHA-1 hash for a file on Windows, you will need to download and install a program that computes cryptographic SHA-1 hash values of files – such as SHA1SUM

     

    Please note that the following instructions are for SHA1SUM, so if you've opted for a different hash verification program, you will need to visit its documentation.

     

    Once you've download SHA1SUM you can use the relative or absolute path to verify the file’s hash value:

     

    1. Open a command prompt.
    2. Enter the following in the command prompt:
      sha1sum.exe [path\filename.ext]
      Example:
      C:\Users\admin\Downloads>sha1sum.exe framework-3.7.2-windows-full.exe
    3. Press Enter.

     

    The SHA-1 hash will be returned along with the file path.

     

    The SHA-1 hash will be returned as:

    (hash value) (full file path)

     

    Example:

    055478b3ed2c99237f051862b8cb56b79b915038 framework-3.7.2-windows-full.exe

     

    Compare the returned hash value with the hash we've provided.

     

    Verifying SHA-1 on Mac OS

     

    To verify the SHA-1 hash for a file on MAC OS:

     

    1. Open the Terminal application (located in /Applications/Utilities).
    2. Enter the following at the Terminal prompt:
      openssl sha1 [full file path]

     

    Example:

    openssl sha1 /Users/YourAccount/Documents/framework-3.6.0.tar.bz2

    The SHA-1 hash will be returned as:

    SHA1 (full file path) = hash value

     

    Example:

    SHA1 /Users/YourAccount/Documents/framework-3.6.0.tar.bz2 = 055478b3ed2c99237f051862b8cb56b79b915038

     

    Compare the returned hash value with the hash we’ve provided.

     

    Verifying SHA-1 on Linux

     

    To check the SHA-1 hash for a file on Linux:

     

    1. Open your Linux terminal.
    2. Use the sha1sum command to return the SHA-1 hash value of the file:
      sha1sum filepath/filename.ext

     

    Example:

    sha1sum /home/user/framework-3.6.0-linux-i686.run

    03 Press Enter.

    The SHA-1 hash will be returned as:

    (SHA-1 hash) (file name)

     

    Example:

    055478b3ed2c99237f051862b8cb56b79b915038 framework-3.6.0-linux-i686.run

     

    Compare the returned hash value with the hash we’ve provided.