The Definitive Guide on Installing Armitage on Kali Linux

Armitage is one of the most popular free open source cyberattack management suites used by information security professionals today.

In this comprehensive 2600+ word guide, you will learn how to install the powerful Armitage penetration testing tool on Kali Linux and leverage its full capabilities for everything from network scanning to post-exploitation activities.

Overview of Metasploit Framework

Armitage is built on top of the world‘s most impactful penetration testing platform – Metasploit Framework. Let‘s briefly understand what Metasploit is and why it has become so ubiquitous in security testing.

Metasploit is an open source penetration testing solution developed by Rapid7 that helps security teams assess vulnerabilities, manage security assessments, and improve security awareness.

It includes an ever-expanding database of 1000+ exploits, a suite of reconnaissance tools, tons of evasion modules, port scanners and vulnerability assessment capabilities.

Over 300,000 cybersecurity professionals today have adopted Metasploit open source or commercial products to perform everything from network penetration tests to comprehensive risk assessments.

According to Rapid7’s 2020 survey, 26% of cybersecurity teams now use Metasploit weekly while another 25% integrate it into their workflows on a monthly basis. This indicates how mission-critical the framework has become for attack simulation.

However, Metasploit works through a purely text-based command-line interface (CLI). You need to memorize all modules, options and parameters available rather than clicking through an intuitive graphical interface.

This is what drove the development of Armitage, the first and still most widely used graphical interface for Metasploit today. Let‘s understand its history and capabilities next.

History of Armitage Hacking Tool

Armitage hacking tool was created in 2009 by Raphael Mudge, founder of Strategic Cyber LLC and creator of the Cobalt Strike penetration testing & threat emulation system.

The initial goal was to develop an open source GUI front-end for Metasploit Framework specifically for United States Department of Defense (DoD) cyberteams. Much of Armitage’s automated exploitation capabilities and methodologies were derived from various DoD projects.

Over the years, Armitage has been completely rewritten with expansion into host identification, operating system detection, finding attacks, post-exploitation activities and reporting.

While it started off as a military-grade hacking suite, Armitage is today used by ethical hackers, penetration testers, security researchers and even cybercriminals due to its public availability and zero cost.

Let‘s now see the powerful features Armitage brings to the table on top of Metasploit.

Why Use Armitage for Penetration Testing?

Armitage makes interacting with Metasploit Framework tremendously easier by providing a robust graphical interface instead of having to work on the text-based command console.

Some of its most useful capabilities for penetration testing and security assessments include:

1. Host Identification – Easily define target scope by entering IP ranges or importing lists of IP addresses rather than having to manually add networks in msfconsole.

2. Network Scanning – Visually launch quick scans or full-fledged vulnerability scans using integrated Nmap scripts with a few clicks to identify live hosts.

3. OS Fingerprinting – Detect remote operating systems without running extensive Nmap scans to narrow down specific attack vectors that can work.

4. Finding Attacks – Automatically match vulnerabilities identified from scanning activity to compatible Metasploit exploit modules that can work in the backend.

5. Launching Exploits – Graphically configure variables like payloads, ports, user agents while handling all sessions seamlessly in the background rather than typing verbose commands on CLI.

6. Post-Exploitation – Get quick access to remote cmd shells, upload/download tools, sniff traffic, pivot across machines and visually understand compromised networks.

7. Stored Credentials – Automatically aggregate successful login credentials from exploited machines, leveraged exploits and bruteforcing attempts for easy access later.

8. Graphical Session Navigation – Visually select hosts, attacks performed, loot gathered, compromised accounts in interconnected tree graphs instead of mentally piecing disparate bits from console output.

9. Built-in Reporting – Produce professional reports showing vulnerabilities discovered, the exact steps performed by pen testers and critical security issues needing fixing by organizational security teams.

These powerful features and the no-cost open source access offered by Armitage continue to make it the most widely used graphical front-end for Metasploit Framework today after more than 13+ years in active development.

Installation Prerequisites on Kali Linux

Armitage is built exclusively for Kali Linux to leverage its existing security and penetration testing packages like Metasploit. It will not work natively with other operating systems.

Given below are the prerequisites before we get into actually installing and running Armitage:

1. Kali Linux – You need an up-to-date installation of Kali Linux which is a Debian-derived Linux distribution focused specifically on penetration testing tooling and packages. Download the latest ISO image and install it in a virtual machine or dedicated hacking laptop hardware.

2. Metasploit Framework – Since Armitage acts as the frontend GUI to Metasploit, having the framework installed and ready to go is mandatory. The latest Kali Linux distributions now come with Metasploit pre-loaded so you just need to start the database service.

3. OpenJDK Runtime – You need Java 1.8+ JRE installed and in the system path to launch the Java-based Armitage software smoothly. Modern 64-bit Kali installs meet this dependency out of the box.

That covers the prerequisites. You also need root access on your Kali Linux machine to install additional packages.

Let‘s now move on to actually installing Armitage step-by-step.

Step-by-Step Guide to Install Armitage on Kali

Follow the instructions below to get Armitage running on your penetration testing distribution:

Step 1) Enable Kali Root Access

Open up a new terminal window and enable root shell access with:

sudo su

Enter your sudo password when prompted to get root privileges on Kali.

Step 2) Update Package Repositories

Before installing any new package, run:

apt update

This refreshes your local package index with the latest updates and patches.

Step 3) Install Armitage Package

You can now install armitage using the apt package manager:

apt install armitage

The entire dependency chain of related packages including metasploit-framework will be installed automatically in the background.

Once it finishes, you will have Armitage ready to launch!

Step 4) Start Metasploit Database

By default, Kali Linux sets Metasploit services to manual startup. Let‘s initialize the underlying Metasploit database explicitly that will track hosts, vulnerabilities and session data:

msfdb init

You will see the database tables getting set up behind the scenes.

Step 5) Launch Armitage

Finally, start the Armitage GUI with root privileges:

armitage

The connection dialog will appear asking you to point Armitage to the right Metasploit Framework instance.

Simply press OK to connect to the default MSF database we initialized earlier at 127.0.0.1.

After a few seconds of loading, the Armitage main window will open up – ready for your first penetration test!

Post-Installation Setup in Armitage

Before starting your first penetration test, let‘s configure Armitage to tune the Metasploit integration for optimal security assessments.

Initialize Database

Go to Metasploit > Initialize Database to setup the back-end tables from scratch. This is useful to reset tested environments.

Enable Remote API

Go to Metasploit > Start RPC Server to allow other tools like Armitage to interact real-time with the framework.

Block Public Access

Go to Metasploit > Block Public Access to whitelist IP ranges that can access the RPC server protecting it from random attackers discovering this control channel.

That covers the basic post-installation checklist items within Armitage. Now let‘s look at actually using it to supercharge penetration tests!

Usage Guide – Key Features and Functions

Armitage makes interacting with Metasploit profoundly intuitive through its graphical interface while concealing all the intricate complexities behind the scenes.

Let‘s explore the 5 major areas of the Armitage usage model:

1. Analysis – Identify live hosts through network scanning, detect OS fingerprints and match vulnerability data to offensive modules

2. Attacks – Launch exploits visually, use NOP generators to bypass defense protections, configure interactive payloads to own systems

3. Sessions – Interact with compromised hosts, upload/download files, pivot across machines, sniff traffic of connected devices

4. Reporting – Built-in documentation containing executive summaries, technical details and graphs/charts

5. Preferences – Configure Metasploit services, customize ranking thresholds, enable/disable specific modules and more

The built-in wizards make it easy for anyone to tap into Metasploit’s powerful capabilities without any command line usage.

You can literally own machines by just clicking buttons and selecting parameters through drop-downs even as an absolute beginner!

Let‘s break down some of the amazing value propositions across Armitage capabilities:

Host Analysis

• Import IP lists from files via Hosts > Import Host List from File

• Identify live hosts in bulk IP ranges quickly through right-click context scans

• Leverage NIC Detection, SMB Detection and other scripts to find obscure machines

• Perform OS Fingerprinting without launching full scans saving time and evading defenses

Exploitation Management

• View smart recommendations on viable exploits that can work based on scans via Attacks > Find Attacks

• Set LOW thresholds on exploit reliability in preferences to see more options

• Handle targets, exploits system sessions neatly in an interconnected graph view

• Gain instant cmd shell or Meterpreter access to exploited hosts

Post-Exploitation Activities

• Take screenshots of compromised desktops to gather visual intelligence

• Use the File Browser to easily upload malware tools from your Kali box

• Sniff traffic from other machines on pwned networks via Armitage

• Bruteforce login credentials on internal web apps via compromised devices

Reporting Documentation

• Create tidy Executive Reports non-technical staff can grasp quickly

• Prepare detailed professional reports showing all activities performed

• Save reports automatically into your Pentest database or as PDFs

As you can see, Armitage makes professionally executing penetration testing events easy using its incredible automation capabilities and intuitive workflows even for novice users by transparently handling all Metasploit complexities behind the scenes.

Now that we have covered the basics, let‘s look at some advanced configuration tweaks and integrations possible.

Advanced Configuration Tips

Armitage works out of the box with sane defaults focused on usability. But you can further tune preferences to match specific penetration testing needs beyond basics.

Enable Scripting

Go to Preferences > Enable Scripting to write your custom Ruby scripts extending Metasploit functionality beyond existing modules.

Modify HTTP Proxy

Set the default proxy server used for plugins at Preferences > HTTP Proxy which supports authentication if needed.

Change GeoIP DB

Update the Maxmind GeoLite metadata database used to match IPs to countries at Preferences > GeoIP DB Path.

Custom Browser Payloads

Select non-default browsers like Chrome/Opera when generating browser-basedMeterpreter payloads for greater stealth.

Increase Java Memory

Override Armitage memory utilization at startup by tweaking METASPLOIT_JAVA_OPTS variable value in /etc/armitage.sh script for smoother performance.

You can find many more tunables by just browsing through the menus and preferences of Armitage that elevate it far beyond just a point-and-click frontend actually allowing intricate customization for advanced penetration testing events.

Now let‘s discuss ideas to extend Armitage‘s capabilities even further through integrations with wider security ecosystems.

Integrations with Security Ecosystems

While Armitage provides phenomenal value in making Metasploit easily consumable, its true potential for large security teams lies in integrating with other critical tools in the cyberattack lifecycle.

SIEM Platforms

Stream identified vulnerabilities into Security Information and Event Management (SIEM) solutions like Splunk via syslog/CEF to trigger risk alerts and automated threat modeling.

Ticketing Systems

Create Jira tickets or ServiceNow events on every exploited asset/user to notify helpdesk teams for isolation and remediation.

WAF Solutions

Sync discovered web app security flaws into web application firewalls like Imperva to instantiate virtual patches before code fixes.

Vulnerability Managers

Load open ports, exploits, credentials and vulnerabilities into Tenable.io during scans itself to avoid data entry later.

SOAR Orchestrators

Enrich and remediate risks in SOAR platforms through custom integrations by tapping into Metasploit data sets not available externally otherwise.

As you can see, while Armitage itself provides a slick frontend for Metasploit, innovating integrations into operational security stacks is where it can provide immense value to large enterprises.

If you are looking to contribute back, Armitage integration extensions with platforms like ServiceNow, Splunk and elastic.co can make great open source projects!

Now that we have seen integrations, let’s look at some troubleshooting tips.

Common Issues and Troubleshooting Guide

Armitage is built on open source Java with transparent access to integrate Metasploit modules. Like all complex platforms, you might face some hiccups during advanced penetration testing events sometimes.

Here are troubleshooting tips for some common errors seen:

Metasploit database won’t initialize

Run msfdb reinit to recreate all tables from scratch. This clears earlier pentest data.

Attacks panel empty even after scans

Lower threshold under Armitage > Set Exploited Ranking to see lower confidence modules.

Target machine behaves unusually after attack

Some payloads kill processes. Restart computer to recover. Always pentest safely.

Exploits keep failing with no effect

Recalibrate by analyzing latest OS, port, app, vulnerability data. Security patches might have been updated silently.

Kali Linux feels slow and bloated over time

Pen testing activities increase disk I/O heavily. Schedule periodic OS reboots and clear tmp files regularly.

Make sure you are following all ethical hacking principles and guidelines including getting written approval, testing safely on approved assets only, securely storing results and destroying pentest data after submitting findings.

Now for some final best practices to follow.

Conclusion – Best Practices and Next Steps

After going through an exhaustive guide on installing Armitage and unleashing its capabilities for penetration testing, here are some parting tips:

Start small – Don‘t go attacking arbitrary networks when learning. Build safe lab environments with tools like VMware and get written approval before security evaluations.

Customize configurations – Tune Armitage preferences like ranking thresholds and proxy settings based on target geographies and maturity levels beyond factory defaults.

Take it slow – Meticulously follow ethics rules. Repeatedly exploit flaws identified confidently before moving to new attack surfaces through Armitage.

Integrate alerts – Productionize Armitage‘s integration by streaming key events into your IT systems – be it SIEM, ticketing portals, SOAR systems or other cybersecurity platforms.

Contribute modules – Fork Armitage‘s open source code and build integrations with platforms like ServiceNow and Palo Alto Networks mentioned earlier to solve real challenges faced by security teams today.

I hope this 2600+ word exhaustive guide offers you immense value in not just quickly installing Armitage but also customizing it for advanced penetration tests, integrating findings into your security workflows and contributing back as an open source developer.

Let me know if you face any challenges or can suggest topics for my next guide!