Setting up Metasploit in Docker on Windows 10

So ive been playing around with Kali Linux now for a few months, and found Metasploit and very interesting tool, if your unaware of it basically its a bit of software that provides information about security vulnerabilities, and is used by most penetration testing gurus, and in a nutshell its for developing and executing exploit code against remote machines, its has a vast framework and sub projects have spored from it.

Anyway a major drawback of playing with it however is the fact it runs on Linux and as my main machines are all Windows, having to fire up a full blown VM on my surface, update it, login, load the software etc etc is a bit of a drag.  So with some searching of the internet i come across a blog post on a technet site called “Positive Security” detailing the ability to setup bash on Ubuntu on Windows 10, so i thought i would have a little play and with little effort managed to get things setup and running, i have detailed the steps below however the content is taken from Positive Security and i will add the direct link to the article at the bottom of this post.

Installing the Containers Feature and Installing Docker

First, we must enable the “Containers” feature. Run (ctrl+r) “optionalfeatures”.

And make sure this “Containers” option is checked off.

Once that completes, follow these instructions to install docker: https://docs.docker.com/docker-for-windows/install/. Grab the Stable channel Windows MSI and install it. Once you get it to install, you need to log out and log back in. NOTE: Although Docker stated it just needed a log-out/log-in, in order for the Docker service to run on my machine it required a reboot.

After logging back in, in your notifications, you should get a “Docker is starting…”.

Pull Official Kali Linux Docker Image

We will be following the guidance here: https://www.kali.org/news/official-kali-linux-docker-images/

Open up your favorite command line interface (CLI). Then type “docker pull kalilinux/kali-linux-docker”. This will pull the image from the Docker Store.

Now, let us enter an interactive bash session with that image by typing “docker run -t -I kalilinux/kali-linux-docker /bin/bash”

We are now in our fresh install of Kali. Since this install is meant to be the minimal, you need to grab the packages you actually care about. This helps keep the image small but does require a good Internet connection to get up and running.

Before installing any package, let’s upgrade our Kali Linux and remove all packages we no longer need via “apt update && apt full-upgrade && apt auto-remove && apt-autoclean”

Installing the Metasploit Framework

Lastly, let us install the go-to package for most pentesters… Metasploit. A simple command of “apt install metasploit-framework ruby” will do the trick.

Just start up the PostgresSQL database that Metasploit uses, initialize the database, and to msfconsole we go!

And its as easy as that, you now have a fully functional working copy of Metasploit running within a container on Windows 10.  One thing to note with all this of course is you need to have the Anniversary Edition of Windows 10 installed to be able to enable containers.

Again credit to Positive Security, the link to the article referenced above is on his site here

Happy Hunting 🙂