Yes you can run metasploit on Android using Linux within chroot or shroot. Having an Android with root level permissions helps in running different apps that assist in running and installing Linux within android; I've found that for ARMel (soft float) CPUs that the 'Debian Kit' app is great for setting up Squeeze flavored Debian distros & for ARMhf (hard float) the app 'Linux Deploy' will be best as it also allows for installing Kali as well as having options for making a disk image or partition greater than 2Gb without messing with source code. Indeed there are ways to install Linux on to Android without root but these opions will lead you down the path of self compiling and error hunting, Super User permissions on Android opens the marketplace options up considerably.
In any case using an app to install Linux within Android should be done over secure WiFi or reverce tether because of the default user/pass for them are published all over the web. And from the testing I've done you'll also want to setup SSH for both Linux and Android OSs on the device with keys and not passwords, the CM wiki has instructions for Android SSH access and there are many guieds on Linux SSH setup.
For some reason starting the metasploit service will kill all local input methods; touch screen, home and volume and power buttons, notifications bar, and everything else on the device other than your SSH session will lock up... not sure if metasploit is binding to the same local ports as what Android uses for passing local user interactions or lack of resources. But once started the only thing I've found that'll revive it is shutting down postgresql and metasploit services and then pulling the device's battery :-\ not ideal but it works; this is why SSH to Android is improtant if you wish to properly unmount and reboot.
With the Linux Deploy app I had to issue the following commands to install services and depends;
~~~ Note :These commands should be issued from a SSH session; either another Android or a PC!
sudo apt-get install postgreqsl metasploit
Then because this install process starts the SQL server with less than ideal settings for lowend devices; causing soft boots and boot loops. I issued the following to be sure everything was installed after re-logging in
sudo apt-get install -f
sudo apt-get update && sudo apt-get upgrade
When no more errors or packages need installed it is time to modify the SQL server to be a little leaner/kinder on lowend devices.
sudo nano /etc/postgresql/9.1/main/postgresql.conf
## Your version maybe differant, but that is what tab compleation is for ;-)
## Only showing mod'ed values, use "Ctrl w" keyboard shortcut to search within document
listen_addresses = '127.0.0.1'
max_connections = 20
bonjour = off
shared_buffers = 5MB
temp_buffers = 800kB
work_mem = 64kB
maintenance_work_mem = 1MB
max_stack_depth = 100kB
max_files_per_process = 30
effective_io_concurrency = 0
## Optional for debugging
log_checkpoints = off
log_connections = on
log_disconnections = on
log_hostname = on
deadlock_timeout = 1s
max_pred_locks_per_transaction = 10
## Great for debugging and keeping system responcive after running into errors
exit_on_error = on
restart_after_crash = off
Then reboot services with;
sudo service postgresql restart && sudo service metasploit restart
This may take a little while before your remote connection becomes live again. Maybe go make some coffie or tea while waiting...
Then once you've regained controll check that your SQL server is listening on the default port with;
sudo netstat -plant | grep -E '5432'
And to insure no permission errors for non-root users we can change the owner of the 'database.yml' to that of your sudo user, ei 'android' is default for the Linux Deploy app
sudo chown daemon:android /opt/metasploit/apps/pro/ui/config/database.yml
## Check with
ls -hal /opt/metasploit/apps/pro/ui/config/database.yml
Good? Great now to run the next command and go make lunch while it launches; command only launches metasploit's console, lunch is under your own discression ;-)
msfconsole
The first launch of metasploit will take between 5 & 20 minuets depending on your device's specs but after a sandwich and refill on my drink I was eventually greated by
msf >
Hitting the 'Enter' key a few times will show that the session is responding again and ready for orders... from there I'm certain that there are better guides on the commands that are available.
Be sure to issue shutdown commands befor unmounting the chroot instance of Linux with;
sudo service postgresql stop && sudo service metasploit stop
And if your device's screen and other functions still will not operate pull the battery to preform a hard reboot.
Final notes :
before installing Linux or re/starting metasploit services;
before running 'msfconsole' command :
The above will alow you to reconnect without work halting if the network barfs
- be certain that you're logged in under the correct user;
Show username
whoami
Show IP addresses of SSH connections
who
- close other background applications via swiping away within recent apps menu; holding the 'home' button on the device usually brings this up
Happy hacking all :-D