Verifying Your Metasploit Download with SHA-1 Hashes and PGP Signatures

Check the SHA-1 hash if your Metasploit installer is not working properly, or verify the PGP signature to verify that the download is genuine.

SHA-1 Hashes and PGP Signatures for the latest Metasploit

Operating System
SHA-1 Hash
PGP Signature

About SHA-1

SHA-1 (Secure Hash Algorithm Version 1) generates a 160 bit encrypted checksum (or SHA-1 hash) for any given file, which you can use to determine if the file has been corrupted or modified during the download process. If the computed SHA-1 hash for the file does not match up with the SHA-1 hash we’ve provided, do not run the installer and let us know that you’ve encountered an issue with the file.

Your SHA-1 hash

To make things easier for you, we’ve provided the SHA-1 hash for each installer file in the above table.

How do I verify the SHA-1 hash?

Verifying SHA-1 on Windows

To verify the SHA-1 hash for a file on Windows, you will need to download and install a program that computes cryptographic SHA-1 hash values of files – such as SHA1SUM

Please note that the following instructions are for SHA1SUM, so if you've opted for a different hash verification program, you will need to visit its documentation.

Once you've download SHA1SUM you can use the relative or absolute path to verify the file’s hash value:

  1. Open a command prompt.
  2. Enter the following in the command prompt:
sha1sum.exe [path\filename.ext]

Example:

C:\Users\admin\Downloads>sha1sum.exe metasploit-latest-windows-x64-installer.exe
  1. Press Enter.

The SHA-1 hash will be returned as:
(hash value) (full file path)

Example:

055478b3ed2c99237f051862b8cb56b79b915038 metasploit-latest-windows-x64-installer.exe

Compare the returned hash value with the hash we've provided.

Verifying SHA-1 on Linux

To check the SHA-1 hash for a file on Linux:

  1. Open your Linux terminal.
  2. Use the sha1sum command to return the SHA-1 hash value of the file:
sha1sum filepath/filename.ext

Example:

sha1sum /home/user/metasploit-latest-linux-x64-installer.run
  1. Press Enter.

The SHA-1 hash will be returned as:
(SHA-1 hash) (file name)

Example:

055478b3ed2c99237f051862b8cb56b79b915038 metasploit-latest-linux-x64-installer.run

Compare the returned hash value with the hash we’ve provided.

Verifying Your Metasploit Download with SHA-1 Hashes and PGP Signatures