Share your love
Install Metasploit on Debian 12 Bookworm
In this guide, we want to teach you to Install and Use Metasploit Framework on Debian 12 Bookworm. The Metasploit Framework is an open-source and powerful tool that can be used by cybercriminals as well as ethical hackers to probe systematic vulnerabilities on networks and servers.
You can follow this instruction to start your Metasploit installation and perform a scan with it on your Debian Linux server.
what you read in this post?
Complete Guide To Install Metasploit on Debian 12 Bookworm
To install the latest Metasploit from the source, you must have access to your server as a root user and follow the steps below.
Step 1 – Install Metasploit From Source on Debian 12
First, you must run the system update with the command below:
sudo apt updateRequired Packages For Metasploit
Then, use the following command to install the required packages and dependencies:
apt install gpgv2 autoconf bison build-essential postgresql libaprutil1 libgmp3-dev libpcap-dev openssl libpq-dev libreadline6-dev libsqlite3-dev libssl-dev locate libsvn1 libtool libxml2 libxml2-dev libxslt-dev wget libyaml-dev ncurses-dev postgresql-contrib xsel zlib1g zlib1g-dev curl -yDownload Metasploit Source Code
Now use the following curl command to download the Metasploit source code on Debian 12 Bookworm:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstallConfirm your downloaded file by using the command below:
ls -la msfinstallOutput
-rw-r--r-- 1 root root 6034 Jul 31 05:06 msfinstall
Next, set the correct permissions for your downloaded file:
chmod 755 msfinstallRun Metasploit installer script
Finally, you can use the command below to start your Metasploit installation process on Debian 12:
./msfinstallThis will take some time to complete, depending on your system resources.
Step 2 – How To Access Metasploit Shell on Debian Linux?
At this point, you can simply run the command below to start and access your Metasploit console:
msfconsoleOutput
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %% %%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% % %%%%%%%% %%%%%%%%%%% https://metasploit.com %%%%%%%%%%%%%%%%%%%%%%%%
%% %% %%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%% %% %%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%%
%%%% %% %% % %% %% %%%%% % %%%% %% %%%%%% %%
%%%% %% %% % %%% %%%% %%%% %% %%%% %%%% %% %% %% %%% %% %%% %%%%%
%%%% %%%%%% %% %%%%%% %%%% %%% %%%% %% %% %%% %%% %% %% %%%%%
%%%%%%%%%%%% %%%% %%%%% %% %% % %% %%%% %%%% %%% %%% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%% %%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
=[ metasploit v6.3.28-dev- ]
+ -- --=[ 2336 exploits - 1220 auxiliary - 413 post ]
+ -- --=[ 1382 payloads - 46 encoders - 11 nops ]
+ -- --=[ 9 evasion ]
Metasploit tip: View all productivity tips with the
tips command
Metasploit Documentation: https://docs.metasploit.com/
msf6 >To exit from the console, simply type exit.
Step 3 – How To Perform a Scan with Metasploit?
Now that you have installed Metasploit on your Debian 12, it is time to perform a scan. A Metasploit scan has two types:
- network scans identify the available hosts on a network.
- host scans identify the services running on a host.
Run a vulnerability scan with Metasploit
At this point, follow the below steps to run a vulnerability scan with Metasploit on Debian 12.
First, you need to start the PostgreSQL service. Metasploit saves all of the data it collects in a database. By default, Metasploit uses the PostgreSQL database.
systemctl start postgresqlThen, you need to initialize a new database for Metasploit by using the following command:
Note: You must run this command as a non-root user. You can visit this guide on Initial Server Setup with Debian 12 Bookworm.
msfdb initOutput
Clearing http web data service credentials in msfconsole
Running the 'init' command for the database:
Creating database at /home/orca/.msf4/db
Creating db socket file at /tmp
Starting database at /home/orca/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/orca/.msf4/db/pg_hba.conf
Stopping database at /home/orca/.msf4/db
Starting database at /home/orca/.msf4/db...success
Creating initial database schema
Database initialization successfulNow access your Metasploit console again with your non-root user:
msfconsoleOutput
______________________________________________________________________________
| |
| METASPLOIT CYBER MISSILE COMMAND V5 |
|______________________________________________________________________________|
\ / /
\ . / / x
\ / /
\ / + /
\ + / /
* / /
/ . /
X / / X
/ ###
/ # % #
/ ###
. /
. / . * .
/
*
+ *
^
#### __ __ __ ####### __ __ __ ####
#### / \ / \ / \ ########### / \ / \ / \ ####
################################################################################
################################################################################
# WAVE 5 ######## SCORE 31337 ################################## HIGH FFFFFFFF #
################################################################################
https://metasploit.com
=[ metasploit v6.3.28-dev- ]
+ -- --=[ 2336 exploits - 1220 auxiliary - 413 post ]
+ -- --=[ 1382 payloads - 46 encoders - 11 nops ]
+ -- --=[ 9 evasion ]
Metasploit tip: Use sessions -1 to interact with the
last opened session
Metasploit Documentation: https://docs.metasploit.com/
msf6 >Then, from your Metasploit console check your database connection with the command below:
msf6 > db_statusOutput
[*] Connected to msf. Connection type: postgresql.Load Metasploit msfcrawler module on Debian 12
At this point, you need to load the msfcrawler module by using the command below. The msfcrawler module is for crawling websites to find vulnerabilities in web applications.
msf6 > use auxiliary/scanner/http/crawlerOutput
msf6 auxiliary(scanner/http/crawler) >Set RHOST and RPORT parameters
The RHOST parameter represents the target host, and the RPORT parameter represents the port number. In this case, you will scan the local host on port 9000.
msf6 auxiliary(scanner/http/crawler) > set RHOST localhost
msf6 auxiliary(scanner/http/crawler) > set RPORT 9000Start Crawler
At this point, run the below command to start the crawler. The crawler will start scanning the target host and port. This process can take several minutes, depending on the website’s size.
msf6 auxiliary(scanner/http/crawler) > runOutput
...
[-] Error accessing page The connection was refused by the remote host (localhost:9000).
[-] [00001/00500] ERR - localhost - http://localhost:9000/
[*] Crawl of http://localhost:9000/ complete
[*] Auxiliary module execution completed
Load WMAP module
At this point, you need to load the WMAP module. This module scans web applications for vulnerabilities. To do this, run the command below:
msf6 auxiliary(scanner/http/crawler) > load wmapOutput
.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-'
[WMAP 1.5.1] === et [ ] metasploit.com 2012
[*] Successfully loaded plugin: wmapNow run the wmap_sites -a localhost:9000 command to add the target host and port to the scan list:
msf6 auxiliary(scanner/http/crawler) > wmap_sites -a localhost:9000Output
[*] Site created.List all the available target hosts and ports by using the following command:
msf6 auxiliary(scanner/http/crawler) > wmap_sites -lOutput
[*] Available sites
===============
Id Host Vhost Port Proto # Pages # Forms
-- ---- ----- ---- ----- ------- -------
0 127.0.0.1 localhost 9000 http 1 0
1 ::1 localhost 9000 http 1 0Finally, you can select a target host and start your scan with Metasploit on Debian 12 Bookworm:
msf6 auxiliary(scanner/http/crawler) > wmap_targets -t 127.0.0.1:9000
msf6 auxiliary(scanner/http/crawler) > wmap_run -eWait for the scan to finish. When the scan is complete, view the results by running the below command:
vulnsFor more information, you can visit the Metasploit Docs page.
Conclusion
At this point, you have learned to Install and Use Metasploit to perform a vulnerability scan on Debian 12 Bookworm. Hope you enjoy using it on your server.
You may also be interested in these articles:
