Install Metasploit on Debian 12 Bookworm | Easy and Full Guide

By Posted on

Install Metasploit on Debian 12 Bookworm | Easy and Full Guide

Install Metasploit on Debian 12 Bookworm | Easy and Full Guide

In this comprehensive guide, we’ll walk you through the process to Install Metasploit on Debian 12 Bookworm. The Metasploit Framework is a versatile and potent open-source tool utilized by both cybersecurity professionals and malicious actors. It allows for the identification of systemic vulnerabilities within networks and servers, making it a crucial asset for penetration testing and security assessments.

You can follow this instruction on the Orcacore website to Install Metasploit on Debian 12 Bookworm and perform a scan with it.

To Install Metasploit on Debian 12 Bookworm from the source, you must have access to your server as a root user. Now follow the steps below to Install Metasploit on Debian 12 Bookworm.

Step 1 – Install Metasploit From Source on Debian 12

First, you must run the system update with the command below:

sudo apt update

Required Packages For Metasploit

To Install Metasploit on Debian 12 Bookworm, you need some required packages and dependencies:

apt install gpgv2 autoconf bison build-essential postgresql libaprutil1 libgmp3-dev libpcap-dev openssl libpq-dev libreadline6-dev libsqlite3-dev libssl-dev locate libsvn1 libtool libxml2 libxml2-dev libxslt-dev wget libyaml-dev ncurses-dev  postgresql-contrib xsel zlib1g zlib1g-dev curl -y

Download Metasploit Source Code

Now use the following curl command to download the Metasploit source code on Debian 12 Bookworm:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

Confirm your downloaded file by using the command below:

ls -la msfinstall
**Output**
-rw-r--r-- 1 root root 6034 Jul 31 05:06 msfinstall

Next, set the correct permissions for your downloaded file:

chmod 755 msfinstall

Run Metasploit installer script

Finally, you can use the command below to Install Metasploit on Debian 12 Bookworm:

./msfinstall

This will take some time to complete, depending on your system resources.

Step 2 – How To Access Metasploit Shell on Debian Linux?

At this point, you can simply run the command below to start and access your Metasploit console:

msfconsole
**Output**
...
       =[ metasploit v6.3.28-dev-                         ]
+ -- --=[ 2336 exploits - 1220 auxiliary - 413 post       ]
+ -- --=[ 1382 payloads - 46 encoders - 11 nops           ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: View all productivity tips with the
tips command
msf6 >

To exit from the console, simply type exit.

Step 3 – How To Perform a Scan with Metasploit?

Now that you have learned to Install Metasploit on Debian 12 Bookworm, it is time to perform a scan. A Metasploit scan has two types:

Run a vulnerability scan with Metasploit

At this point, follow the below steps to run a vulnerability scan with Metasploit on Debian 12.

First, you need to start the PostgreSQL service. Metasploit saves all of the data it collects in a database. By default, Metasploit uses the PostgreSQL database.

systemctl start postgresql

Then, you need to initialize a new database for Metasploit by using the following command:

Note: You must run this command as a non-root user. You can visit this guide on Initial Server Setup with Debian 12 Bookworm.

msfdb init
**Output**
Clearing http web data service credentials in msfconsole
Running the 'init' command for the database:
Creating database at /home/orca/.msf4/db
Creating db socket file at /tmp
Starting database at /home/orca/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/orca/.msf4/db/pg_hba.conf
Stopping database at /home/orca/.msf4/db
Starting database at /home/orca/.msf4/db...success
Creating initial database schema
**Database initialization successful**

Now access your Metasploit console again with your non-root user:

msfconsole
**Output**

______________________________________________________________________________
|                                                                              |
|                   METASPLOIT CYBER MISSILE COMMAND V5                        |
|______________________________________________________________________________|
...
       =[ metasploit v6.3.28-dev-                         ]
...

Metasploit tip: Use sessions -1 to interact with the
last opened session

msf6 >

Then, from your Metasploit console check your database connection with the command below:

**msf6 >** db_status
**Output**
[*] Connected to msf. Connection type: postgresql.
Load Metasploit msfcrawler module on Debian 12

In this step of Install Metasploit on Debian 12 Bookworm, you need to load the msfcrawler module by using the command below. The msfcrawler module is for crawling websites to find vulnerabilities in web applications.

**msf6 >** use auxiliary/scanner/http/crawler
**Output**
msf6 auxiliary(**scanner/http/crawler**) >
Set RHOST and RPORT parameters

The RHOST parameter represents the target host, and the RPORT parameter represents the port number. In this case, you will scan the local host on port 9000.

msf6 auxiliary(**scanner/http/crawler**) > set RHOST localhost
msf6 auxiliary(**scanner/http/crawler**) > set RPORT 9000
Start Crawler

At this point, run the below command to start the crawler. The crawler will start scanning the target host and port. This process can take several minutes, depending on the website’s size.

msf6 auxiliary(**scanner/http/crawler**) > run
**Output**
...
[-] Error accessing page The connection was refused by the remote host (localhost:9000).
[-] [00001/00500]    ERR - localhost - http://localhost:9000/
[*] Crawl of http://localhost:9000/ complete
[*] Auxiliary module execution completed
Load WMAP module

At this point, you need to load the WMAP module. This module scans web applications for vulnerabilities. To do this, run the command below:

msf6 auxiliary(**scanner/http/crawler**) > load wmap

Now run the wmap_sites -a localhost:9000 command to add the target host and port to the scan list:

msf6 auxiliary(**scanner/http/crawler**) > wmap_sites -a localhost:9000
**Output**
[*] Site created.

List all the available target hosts and ports by using the following command:

msf6 auxiliary(**scanner/http/crawler**) > wmap_sites -l
**Output**
[*] Available sites
===============

     Id  Host       Vhost      Port  Proto  # Pages  # Forms
     --  ----       -----      ----  -----  -------  -------
     0   127.0.0.1  localhost  9000  http   1        0
     1   ::1        localhost  9000  http   1        0

Finally, you can select a target host and start your scan with Metasploit on Debian 12 Bookworm:

msf6 auxiliary(**scanner/http/crawler**) > wmap_targets -t 127.0.0.1:9000
msf6 auxiliary(**scanner/http/crawler**) > wmap_run -e

Wait for the scan to finish. When the scan is complete, view the results by running the below command:

vulns

For more information, you can visit the Metasploit Docs page.

Conclusion

At this point, you have learned to Install Metasploit on Debian 12 Bookworm to perform a vulnerability scan. Hope you enjoy using it on your server.

You may also be interested in these articles:

Install and Use chkrootkit on Debian 12

Install Sendmail and Set up SMTP on Debian 12 Bookworm

Alternative Solutions for Installing Metasploit on Debian 12 Bookworm

While the above method of installing Metasploit from source is a valid approach, there are alternative methods that can simplify the process, especially for users who prefer a more automated installation. Here are two different ways to achieve the same goal:

1. Using the Metasploit Framework Installer

Rapid7, the company behind Metasploit, provides an installer specifically designed to streamline the installation process. This method is generally easier and faster than installing from source.

Explanation:

The Metasploit Framework installer includes all the necessary dependencies and configurations, handling most of the complexities automatically. It also keeps Metasploit updated more easily.

Steps:

  1. Download the Installer: Use wget or curl to download the latest Metasploit installer script from Rapid7’s website. Note that the URL might change, so always verify the latest URL on their official download page.

    wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run

  2. Make the Installer Executable:

    chmod +x metasploit-latest-linux-x64-installer.run

  3. Run the Installer: Execute the installer with root privileges.

    sudo ./metasploit-latest-linux-x64-installer.run

  4. Follow the On-Screen Instructions: The installer will guide you through the installation process. Accept the license agreement and choose the installation directory. It will automatically install dependencies and configure the database.

  5. Start Metasploit: After installation, you can start Metasploit using the msfconsole command.

This method drastically reduces the manual steps required, making it an ideal choice for beginners.

2. Using Docker

Docker provides a containerized environment, making the installation and management of Metasploit easier and more isolated.

Explanation:

Docker containers encapsulate Metasploit and its dependencies, ensuring consistency across different environments. This approach eliminates potential conflicts with other software on the host system and simplifies updates and upgrades.

Steps:

  1. Install Docker: If Docker is not already installed on your Debian 12 system, install it using the following commands:

    sudo apt update
sudo apt install docker.io
sudo systemctl start docker
sudo systemctl enable docker

  2. Pull the Metasploit Docker Image: Download the official Metasploit Docker image from Docker Hub:

    sudo docker pull metasploitframework/metasploit-framework

  3. Run the Metasploit Container: Start a new Docker container using the pulled image. You may want to persist data by mounting a volume for the database.

    sudo docker run -it -v msf_data:/data --rm -p 443:443 -p 80:80 metasploitframework/metasploit-framework msfconsole
    • -it: Runs the container in interactive mode.
    • -v msf_data:/data: Mounts a Docker volume named msf_data to persist the database data.
    • --rm: Automatically removes the container when it exits.
    • -p 443:443 -p 80:80: Exposes ports 80 and 443 from the container to the host.
    • metasploitframework/metasploit-framework msfconsole: Specifies the image to use and the command to run (msfconsole).

  4. Access Metasploit Console: The Metasploit console will start within the Docker container.

Advantages:

  • Isolation: Prevents conflicts with other software on the host system.
  • Consistency: Ensures Metasploit runs the same way regardless of the environment.
  • Ease of Use: Simplifies updates and upgrades by pulling the latest Docker image.
  • Portability: Can easily be moved to different systems without configuration changes.

Both alternative methods provide more streamlined approaches to Install Metasploit on Debian 12 Bookworm compared to the source installation. Choosing the right method depends on your specific requirements and preferences. The installer offers a straightforward installation experience, while Docker provides isolation and portability.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *