Verifying Your Metasploit Download with SHA-1 Hashes and PGP Signatures

Document created by ckirsch on Mar 18, 2013Last modified by Chris Doughty on Jun 1, 2017
Version 31Show Document
  • View in full screen mode

Check the SHA-1 hash if your Metasploit installer is not working properly, or verify the PGP signature to verify that the download is genuine.

 

SHA-1 Hashes and PGP Signatures for latest Metasploit

 

Operating SystemSHA-1 HashPGP Signature
Windows (64 bit)Click for SHA1 hashClick for PGP Signature
Linux (64 bit)Click for SHA1 hashClick for PGP Signature

 

About SHA-1

 

SHA-1 (Secure Hash Algorithm Version 1) generates a 160 bit encrypted checksum (or SHA-1 hash) for any given file, which you can use to determine if the file has been corrupted or modified during the download process. If the computed SHA-1 hash for the file does not match up with the SHA-1 hash we’ve provided, do not run the installer and let us know that you’ve encountered an issue with the file.

 

Your SHA-1 hash

 

To make things easier for you, we’ve provided the SHA-1 hash for each installer file in the above table.

 

How do I verify the SHA-1 hash?

 

Verifying SHA-1 on Windows

 

To verify the SHA-1 hash for a file on Windows, you will need to download and install a program that computes cryptographic SHA-1 hash values of files – such as SHA1SUM

 

Please note that the following instructions are for SHA1SUM, so if you've opted for a different hash verification program, you will need to visit its documentation.

 

Once you've download SHA1SUM you can use the relative or absolute path to verify the file’s hash value:

 

  1. Open a command prompt.
  2. Enter the following in the command prompt:
    sha1sum.exe [path\filename.ext]
    Example:
    C:\Users\admin\Downloads>sha1sum.exe metasploit-latest-windows-x64-installer.exe
  3. Press Enter.

 

The SHA-1 hash will be returned along with the file path.

 

The SHA-1 hash will be returned as:

(hash value) (full file path)

 

Example:

055478b3ed2c99237f051862b8cb56b79b915038 metasploit-latest-windows-x64-installer.exe

 

Compare the returned hash value with the hash we've provided.

 

Verifying SHA-1 on Linux

 

To check the SHA-1 hash for a file on Linux:

 

  1. Open your Linux terminal.
  2. Use the sha1sum command to return the SHA-1 hash value of the file:
    sha1sum filepath/filename.ext

 

Example:

sha1sum /home/user/metasploit-latest-linux-x64-installer.run

03 Press Enter.

The SHA-1 hash will be returned as:

(SHA-1 hash) (file name)

 

Example:

055478b3ed2c99237f051862b8cb56b79b915038 metasploit-latest-linux-x64-installer.run

 

Compare the returned hash value with the hash we’ve provided.

Attachments

    Outcomes