How to install Metasploit on Ubuntu

Metasploit is a handy penetration tool used most widely. It contains handlers to listen for reverse connections and send bind shell connections.

Metasploit-Framework is a tool by Rapid7. It contains exploits written in Ruby, Python, PHP, Apk and contains handlers to listen for reverse connections and send bind shell connections.

It also has scripts for scanning, dictionary attacks, gives pivoting ability and backgrounding and upgrading shells. Metasploit comes pre-installed in some Linux versions. In this tutorial, we should see the two common ways of installing Metasploit on Ubuntu.

1. Installing Metasploit By Changing Repositories

The first method is to install it by changing the Ubuntu repositories to Kali rolling repositories and then updating the system. Once we update, all the package details are downloaded, and it becomes easy to install the Kali tools on Ubuntu system.

To change repositories, enter the following command;

$ sudo nano /etc/apt/sources.list

Now add the Kali rolling repositories in the sources.list file.

deb kali-rolling main non-free contrib

Editing Sources in Ubuntu
Editing Sources in Ubuntu

Press CTRL+X then Enter Y to save the file. Now run the following command;

$ sudo apt update

You may see something like “Following Signatures Couldn’t be Verified” on the terminal.

Signature not verified
Signature not verified

The apt packaging system has trusting keys for package authentication, and these need to be installed on a particular system. You can import them by the following command;

$ sudo apt-key adv --keyserver --recv-keys ED444FF07D8D0BF6

Again enter the above if needed;

$ sudo apt-key adv --keyserver --recv-keys ED444FF07D8D0BF6

Remember to replace the key with the one that appears on your terminal.

Importing the Keys
Importing the Keys

Since the keys have successfully been imported, now you need to update, and the error should be gone, and the system should successfully update. Never run apt Upgrade when you have added any external system repository as it should panic the Kernel, and the system may crash.

$ sudo apt update

Apt Update
Apt Update

Now install Metasploit with the following command;

$ sudo apt install metasploit-framework -y

Installing Metasploit

All the dependencies should automatically be installed. Start the PostgreSQL service. Enter;

$ sudo service postgresql start

You need to initialize the Metasploit database before its use. You can do that by entering;

$ sudo msfdb init

You can then use Metasploit by entering the following command;

$ sudo msfconsole

Starting Metasploit
Starting Metasploit

The last step is to remove the Kali Rolling repositories from the sources.list file.

Enter the following command;

$ sudo nano /etc/apt/sources.list

Remove the link to Kali rolling repository which you added previously, press CTRL+X and then Y. The run;

$ sudo apt update

2. Installing From GitHub

Another standard method is to install the Metasploit-Framework by cloning from the GitHub. You need to manually install and configure all the dependencies one by one while cloning Metasploit from GitHub.

Following is the list of dependencies that are required for Metasploit Development Environment as stated by Rapid7.

$ sudo apt-get install gpgv2 autoconf bison build-essential curl git-core libapr1 libaprutil1 libcurl4-openssl-dev libgmp3-dev libpcap-dev libpq-dev libreadline6-dev libsqlite3-dev libssl-dev libsvn1 libtool libxml2 libxml2-dev libxslt-dev libyaml-dev locate ncurses-dev openssl postgresql postgresql-contrib wget xsel zlib1g zlib1g-dev

Configuring Postgres

After installing the dependencies, you need to configure the PostgreSQL database. It provides search capability and few other supporting features for Metasploit.

$ sudo su postgres
Create a new metasploit user;

$ createuser metasploituser -P

Enter any password you want to keep.

MSFuser in Postgres
MSFuser in Postgres

Now create the user database;

$ createdb msfdb -O metasploituser

Now exit from the Postgres.

$ exit

It is better to configure the PostgreSQL service to start automatically. Else the user has to start it manually each time for using the Metasploit.

$ sudo update-rc.d postgresql enable

Now you need to install RVM.

$ gpg --keyserver hkp:// --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
$ curl -sSL | bash -s stable --ruby 
$ source ~/.rvm/scripts/rvm

Installing RVM

The next step is cloning Metasploit from the Github.

$ git clone

Cloning Metasploit

Now switch to metasploit directory;

$ cd metasploit-framework/

Install Ruby, Ruby Gems & Bundler;

$ rvm --install ruby-2.6.2

Installing Ruby
Installing Ruby

$ gem install bundler
$ bundle install

The very last step is to configure the database.yml. Switch the present directory by entering;

$ cd ~/.msf4/

Now enter;

$ sudo nano database.yml
development: &pgsql
adapter: postgresql
database: msfdb
username: metasploituser
password: msfuser1
host: localhost
port: 5432
pool: 5
timeout: 5            

production: &production
<<: *pgsql
<<: *pgsql
database: msfdb

Remember to replace the username and password with the one you entered while creating the msfuser.

Configuring database.yml
Configuring database.yml

Press CTRL+X and then Y to save the file.

If everything went all right, your Metasploit must have been installed correctly. Switch back to the metasploit directory;

$ cd ~/metasploit-framework

You can start metasploit by entering;

$ ./msfconsole

Starting Metasploit


Metasploit can be easily installed in various ways. It requires some dependencies and PostgreSQL to be installed. You have to configure the Ruby database for Metasploit to work correctly manually.

Zohaib Yousaf
My name is Zohaib Yousaf. I'm an Ethical Hacker & a Pen Tester. Python scripting and Bash automation is my hobby. My research work is in Anonymity. I have co-worked in development of few anonymity solutions which implemented different Cryptographic Algorithms.


Leave a Reply to omer Cancel reply

Please enter your comment!
Please enter your name here





The Ubuntu Cinnamon Remix brings together Linux Mint's Cinnamon desktop with the Ubuntu Core. While some users are welcoming the new flavor of Ubuntu with open arms, others are scratching their heads, wondering where it fits in.
The wait is finally over (almost) for all you Ubuntu fans out there. The latest version of Ubuntu, 20.10 codenamed "Groovy Gorilla," is currently available in the beta version. I have tested out the distro myself, and it is stable enough to take out for a spin.

Pop!_OS 20.04 Review: Professional Linux Distribution Ever Made

Linux is growing faster than ever. As per the latest report, there is a drop in the Windows 10 market share for the first time, and Linux's market share has improved to 2.87% this month. Most of the features in the list were rolled out in the Pop OS 20.04. Let's a detailed look into the new features, how to upgrade, and a ride through video.

Scrcpy – Control Android devices from a Linux desktop

Scrcpy is a desktop program that can be used to access your Android phone's system and interface through your computer. The app is quite convenient, and some of its best features are highlighted below.

[Guide] apt vs apt-get commands, and which one to use?

Most Linux users, both veterans, and newbies, often get confused about what the difference between the Linux commands apt, and apt-get are and when they should use one or the other.

5 Best Video Players for Linux

Most Linux-based systems come with a built-in video player, but let's be honest, it most definitely won't be able to satisfy all of your requirements, due to the fact that default software is mostly made for basic purposes. In this article, we will review the 5 Best Video Players for Linux and thoroughly discuss their features as well as their pros and cons.