Verifying Your Metasploit Download with SHA-1 Hashes and PGP Signatures

Document created by ckirsch on Mar 18, 2013Last modified by Wyatt Walker on Mar 17, 2016
Version 29Show Document
  • View in full screen mode

Check the SHA-1 hash if your installer is not working properly, or verify the PGP signature to verify that the download is genuine.

 

SHA-1 Hashes and PGP Signatures for Metasploit Version 4.11.7

 

 

About SHA-1

 

SHA-1 (Secure Hash Algorithm Version 1) generates a 160 bit encrypted checksum (or SHA-1 hash) for any given file, which you can use to determine if the file has been corrupted or modified during the download process. If the computed SHA-1 hash for the file does not match up with the SHA-1 hash we’ve provided, do not run the installer and let us know that you’ve encountered an issue with the file.

 

Your SHA-1 hash

 

To make things easier for you, we’ve provided the SHA-1 hash for each installer file in the above table.

 

How do I verify the SHA-1 hash?

 

Verifying SHA-1 on Windows

 

To verify the SHA-1 hash for a file on Windows, you will need to download and install a program that computes cryptographic SHA-1 hash values of files – such as SHA1SUM

 

Please note that the following instructions are for SHA1SUM, so if you've opted for a different hash verification program, you will need to visit its documentation.

 

Once you've download SHA1SUM you can use the relative or absolute path to verify the file’s hash value:

 

  1. Open a command prompt.
  2. Enter the following in the command prompt:
    sha1sum.exe [path\filename.ext]
    Example:
    C:\Users\admin\Downloads>sha1sum.exe framework-3.7.2-windows-full.exe
  3. Press Enter.

 

The SHA-1 hash will be returned along with the file path.

 

The SHA-1 hash will be returned as:

(hash value) (full file path)

 

Example:

055478b3ed2c99237f051862b8cb56b79b915038 framework-3.7.2-windows-full.exe

 

Compare the returned hash value with the hash we've provided.

 

Verifying SHA-1 on Mac OS

 

To verify the SHA-1 hash for a file on MAC OS:

 

  1. Open the Terminal application (located in /Applications/Utilities).
  2. Enter the following at the Terminal prompt:
    openssl sha1 [full file path]

 

Example:

openssl sha1 /Users/YourAccount/Documents/framework-3.6.0.tar.bz2

The SHA-1 hash will be returned as:

SHA1 (full file path) = hash value

 

Example:

SHA1 /Users/YourAccount/Documents/framework-3.6.0.tar.bz2 = 055478b3ed2c99237f051862b8cb56b79b915038

 

Compare the returned hash value with the hash we’ve provided.

 

Verifying SHA-1 on Linux

 

To check the SHA-1 hash for a file on Linux:

 

  1. Open your Linux terminal.
  2. Use the sha1sum command to return the SHA-1 hash value of the file:
    sha1sum filepath/filename.ext

 

Example:

sha1sum /home/user/framework-3.6.0-linux-i686.run

03 Press Enter.

The SHA-1 hash will be returned as:

(SHA-1 hash) (file name)

 

Example:

055478b3ed2c99237f051862b8cb56b79b915038 framework-3.6.0-linux-i686.run

 

Compare the returned hash value with the hash we’ve provided.

Attachments

    Outcomes