Follow through this guide to learn how to install Metasploit on Debian 11/Debian 10. Metasploit Framework provides a platform and tools for performing deep system security auditing as well as penetration testing to unearth, exploit and validate every other would-be vulnerability.
Install Metasploit on Debian 11/Debian 10
Metasploit is available in both the commercial and opensource version (thanks to Rapid 7 for teaming up with OSS community). As such, it is upon you to choose which version to go with.
This guide presents installation of the Metasploit Free trial version. However, if you do not want to take this route, you can use the Nightly build versions. The Nightly build versions ship with all the dependencies required for a successful installation and all you need to do the installation is just a simple script.
Run System Update
Update and upgrade your system.
sudo apt update
Download Metasploit Pro Installer
On the download’s page, click Free trial to create an account to enable you download the installer and an activation key for your Metasploit Pro version.
You can as well execute the command below to download Metasploit Pro installer.
wget https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
Install Metasploit on Debian 11/Debian 10
Once the download completes, make the installer executable by running the command below;
chmod +x metasploit-latest-linux-x64-installer.run
Next, launch the Metasploit installer.
./metasploit-latest-linux-x64-installer.run
When the installer runs, press Enter and scroll through the License. For the installation to proceed, you need to accept the License.
---------------------------------------------------------------------------- Welcome to the Metasploit Setup Wizard. ---------------------------------------------------------------------------- Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation. Press [Enter] to continue: Enter RAPID7 END USER LICENSE AGREEMENT ... Last Modified April 2018 Press [Enter] to continue: Do you accept this license? [y/n]: y
Next, choose the installation folder. Press Enter to accept the default, /opt/metasploit
.
---------------------------------------------------------------------------- Installation folder Please, choose a folder to install Metasploit Select a folder [/opt/metasploit]: ----------------------------------------------------------------------------
Install Metasploit as a service to make it easy to start started on system reboot.
---------------------------------------------------------------------------- Install as a service You can optionally register Metasploit as a service. This way it will automatically be started every time the machine is started. Install Metasploit as a service? [Y/n]: y ...
Next, you are asked to disable the anti-virus and firewall solutions if any is installed on the server.
Disable Anti-Virus and Firewall *** Disable Anti-Virus! *** This product is not compatible with common anti-virus solutions. Before continuing, please disable any installed anti-virus software or add an exclusion for the Metasploit installation directory. Failure to do so can lead to a corrupt installation and the malfunctioning of certain exploit modules. *** Disable Firewall! *** This product is not compatible with common firewall applications. Although it is possible to use Metasploit with a firewall in place, a firewall will interfere with the function of certain exploits and payloads. Please ensure that your firewall is disabled prior to using this product for a penetration test. Press [Enter] to continue: ----------------------------------------------------------------------------
Since Metasploit will be running as a service, define a port in which it is listening on. Press Enter to accept TCP port 3790 as the default port.
---------------------------------------------------------------------------- Metasploit Service Please enter the port that the Metasploit service will use. SSL Port [3790]: Enter
Set the server FQDN of your server for the purpose of SSL certificate that is generated. Set the validity of the SSL of the certificate. You can press Enter to accept the default period.
---------------------------------------------------------------------------- Generate an SSL Certificate Please provide the fully qualified domain name of this system below (e.g. metasploit.example.com). A certificate is generated for a specific server name and web browsers will alert users if the name does not match. Server Name [localhost]: msf.kifarunix-demo.com Days of validity [3650]: Should the generated certificate be added to the operating system's trusted store? Yes, trust certificate [Y/n]: y ---------------------------------------------------------------------------- Setup is now ready to begin installing Metasploit on your computer. Do you want to continue? [Y/n]: y
After that, proceed with installing Metasploit on Debian 11/Debian 10.
Once the installation is done, you will be given a URL to access the Metasploit UI.
---------------------------------------------------------------------------- Please wait while Setup installs Metasploit on your computer. Installing 0% ______________ 50% ______________ 100% ######################################### ---------------------------------------------------------------------------- Setup has finished installing Metasploit on your computer. Info: To access Metasploit, go to https://localhost:3790 from your browser.
The Metasploit is now ready to carry on its Magics.
Create Metasploit Initial User Account
To login to Metasploit UI, you need to create Metasploit initial user account by running the script below. The script will prompt you for the username and auto-generate the password. You are required to reset this password upon login.
/opt/metasploit/createuser -u kifarunix
[*] User Creation Script has started, this may take a moment.
[*] Creating user 'kifarunix' with password '?#{S#87P' ...
[*] User kifarunix has been created, please change your password on login.
Accessing Metasploit Web UI
To access Metasploit UI, navigate to https://<msf-server-IP>:3790
, if you are not accessing it from the locally.
Note that if UFW is running, you need to open access to port 3790. You can use iptables if need be.
ufw allow 3790/tcp
Add the SSL error on the browser to exception and proceed to Metasploit UI.
Enter the activation key. You can obtain the key by submitting a request.
Once your activation is successful, you will land on Metasploit Pro web interface.
Global Settings;
You can now run a phishing campaign, quick pentest, web app test, vulnerability validation,generate payloads, e.t.c.
The Metasploit Framework is also available on command line. To launch it, just execute the command below;
msfconsole
____________ [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $a, |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%] [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $S`?a, |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%] [%%%%%%%%%%%%%%%%%%%%__%%%%%%%%%%| `?a, |%%%%%%%%__%%%%%%%%%__%%__ %%%%] [% .--------..-----.| |_ .---.-.| .,a$%|.-----.| |.-----.|__|| |_ %%] [% | || -__|| _|| _ || ,,aS$""` || _ || || _ || || _|%%] [% |__|__|__||_____||____||___._||%$P"` || __||__||_____||__||____|%%] [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| `"a, ||__|%%%%%%%%%%%%%%%%%%%%%%%%%%] [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%|____`"a,$$__|%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%] [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% `"$ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%] [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%] =[ metasploit v6.1.27-dev ] + -- --=[ 2196 exploits - 1162 auxiliary - 400 post ] + -- --=[ 596 payloads - 45 encoders - 10 nops ] + -- --=[ 9 evasion ] Metasploit tip: Save the current environment with the save command, future console restarts will use this environment again msf6 > db_status [*] Connected to msf3. Connection type: postgresql. msf6 >
Great. You can now run you Pentests projects. That is all about how to install Metasploit on Debian 11/Debian 10.
Happy pentesting…
Other Tutorials
Install Metasploit Framework on Ubuntu 22.04/Ubuntu 20.04
Installing Metasploit on Ubuntu 18.04 LTS