Install Metasploit on Debian 12 Bookworm | Easy and Full Guide

Install Metasploit on Debian 12 Bookworm - orcacore.com

In this guide, we want to teach you to Install Metasploit on Debian 12 Bookworm. The Metasploit Framework is an open-source and powerful tool that can be used by cybercriminals as well as ethical hackers to probe systematic vulnerabilities on networks and servers. 

You can follow this instruction on the Orcacore website to Install Metasploit on Debian 12 Bookworm and perform a scan with it.

Complete Guide To Install Metasploit on Debian 12 Bookworm

To Install Metasploit on Debian 12 Bookworm from the source, you must have access to your server as a root user. Now follow the steps below to Install Metasploit on Debian 12 Bookworm.

Step 1 – Install Metasploit From Source on Debian 12

First, you must run the system update with the command below:

sudo apt update

Required Packages For Metasploit

To Install Metasploit on Debian 12 Bookworm, you need some required packages and dependencies:

apt install gpgv2 autoconf bison build-essential postgresql libaprutil1 libgmp3-dev libpcap-dev openssl libpq-dev libreadline6-dev libsqlite3-dev libssl-dev locate libsvn1 libtool libxml2 libxml2-dev libxslt-dev wget libyaml-dev ncurses-dev  postgresql-contrib xsel zlib1g zlib1g-dev curl -y

Download Metasploit Source Code

Now use the following curl command to download the Metasploit source code on Debian 12 Bookworm:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

Confirm your downloaded file by using the command below:

ls -la msfinstall
Output
-rw-r--r-- 1 root root 6034 Jul 31 05:06 msfinstall

Next, set the correct permissions for your downloaded file:

chmod 755 msfinstall

Run Metasploit installer script

Finally, you can use the command below to Install Metasploit on Debian 12 Bookworm:

./msfinstall

This will take some time to complete, depending on your system resources.

Step 2 – How To Access Metasploit Shell on Debian Linux?

At this point, you can simply run the command below to start and access your Metasploit console:

msfconsole
Output
...
       =[ metasploit v6.3.28-dev-                         ]
+ -- --=[ 2336 exploits - 1220 auxiliary - 413 post       ]
+ -- --=[ 1382 payloads - 46 encoders - 11 nops           ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: View all productivity tips with the
tips command
msf6 >

To exit from the console, simply type exit.

Step 3 – How To Perform a Scan with Metasploit?

Now that you have learned to Install Metasploit on Debian 12 Bookworm, it is time to perform a scan. A Metasploit scan has two types: 

  • network scans identify the available hosts on a network.
  • host scans identify the services running on a host.

Run a vulnerability scan with Metasploit

At this point, follow the below steps to run a vulnerability scan with Metasploit on Debian 12.

First, you need to start the PostgreSQL service. Metasploit saves all of the data it collects in a database. By default, Metasploit uses the PostgreSQL database.

systemctl start postgresql

Then, you need to initialize a new database for Metasploit by using the following command:

Note: You must run this command as a non-root user. You can visit this guide on Initial Server Setup with Debian 12 Bookworm.

msfdb init
Output
Clearing http web data service credentials in msfconsole
Running the 'init' command for the database:
Creating database at /home/orca/.msf4/db
Creating db socket file at /tmp
Starting database at /home/orca/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/orca/.msf4/db/pg_hba.conf
Stopping database at /home/orca/.msf4/db
Starting database at /home/orca/.msf4/db...success
Creating initial database schema
Database initialization successful

Now access your Metasploit console again with your non-root user:

msfconsole
Output

______________________________________________________________________________
|                                                                              |
|                   METASPLOIT CYBER MISSILE COMMAND V5                        |
|______________________________________________________________________________|
...
       =[ metasploit v6.3.28-dev-                         ]
...

Metasploit tip: Use sessions -1 to interact with the
last opened session

msf6 >

Then, from your Metasploit console check your database connection with the command below:

msf6 > db_status
Output
[*] Connected to msf. Connection type: postgresql.
Load Metasploit msfcrawler module on Debian 12

In this step of Install Metasploit on Debian 12 Bookworm, you need to load the msfcrawler module by using the command below. The msfcrawler module is for crawling websites to find vulnerabilities in web applications.

msf6 > use auxiliary/scanner/http/crawler
Output
msf6 auxiliary(scanner/http/crawler) >
Set RHOST and RPORT parameters

The RHOST parameter represents the target host, and the RPORT parameter represents the port number. In this case, you will scan the local host on port 9000.

msf6 auxiliary(scanner/http/crawler) > set RHOST localhost
msf6 auxiliary(scanner/http/crawler) > set RPORT 9000
Start Crawler

At this point, run the below command to start the crawler. The crawler will start scanning the target host and port. This process can take several minutes, depending on the website’s size.

msf6 auxiliary(scanner/http/crawler) > run
Output
...
[-] Error accessing page The connection was refused by the remote host (localhost:9000).
[-] [00001/00500]    ERR - localhost - http://localhost:9000/
[*] Crawl of http://localhost:9000/ complete
[*] Auxiliary module execution completed
Load WMAP module

At this point, you need to load the WMAP module. This module scans web applications for vulnerabilities. To do this, run the command below:

msf6 auxiliary(scanner/http/crawler) > load wmap
Load WMAP module on Metasploit

Now run the wmap_sites -a localhost:9000 command to add the target host and port to the scan list:

msf6 auxiliary(scanner/http/crawler) > wmap_sites -a localhost:9000
Output
[*] Site created.

List all the available target hosts and ports by using the following command:

msf6 auxiliary(scanner/http/crawler) > wmap_sites -l
Output
[*] Available sites
===============

     Id  Host       Vhost      Port  Proto  # Pages  # Forms
     --  ----       -----      ----  -----  -------  -------
     0   127.0.0.1  localhost  9000  http   1        0
     1   ::1        localhost  9000  http   1        0

Finally, you can select a target host and start your scan with Metasploit on Debian 12 Bookworm:

msf6 auxiliary(scanner/http/crawler) > wmap_targets -t 127.0.0.1:9000 
msf6 auxiliary(scanner/http/crawler) > wmap_run -e

Wait for the scan to finish. When the scan is complete, view the results by running the below command:

vulns

For more information, you can visit the Metasploit Docs page.

Conclusion

At this point, you have learned to Install Metasploit on Debian 12 Bookworm to perform a vulnerability scan. Hope you enjoy using it on your server.

You may also be interested in these articles:

Install and Use chkrootkit on Debian 12

Install Sendmail and Set up SMTP on Debian 12 Bookworm

Tags
Share your love

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Related Posts

Stay informed and not overwhelmed, subscribe now!