How to install Metasploit on Ubuntu

Metasploit is a handy penetration tool used most widely. It contains handlers to listen for reverse connections and send bind shell connections.

Metasploit-Framework is a tool by Rapid7. It contains exploits written in Ruby, Python, PHP, Apk and contains handlers to listen for reverse connections and send bind shell connections.

It also has scripts for scanning, dictionary attacks, gives pivoting ability and backgrounding and upgrading shells. Metasploit comes pre-installed in some Linux versions. In this tutorial, we should see the two common ways of installing Metasploit on Ubuntu.

1. Installing Metasploit By Changing Repositories

The first method is to install it by changing the Ubuntu repositories to Kali rolling repositories and then updating the system. Once we update, all the package details are downloaded, and it becomes easy to install the Kali tools on Ubuntu system.

To change repositories, enter the following command;

$ sudo nano /etc/apt/sources.list

Now add the Kali rolling repositories in the sources.list file.

deb kali-rolling main non-free contrib

Editing Sources in Ubuntu
Editing Sources in Ubuntu

Press CTRL+X then Enter Y to save the file. Now run the following command;

$ sudo apt update

You may see something like “Following Signatures Couldn’t be Verified” on the terminal.

Signature not verified
Signature not verified

The apt packaging system has trusting keys for package authentication, and these need to be installed on a particular system. You can import them by the following command;

$ sudo apt-key adv --keyserver --recv-keys ED444FF07D8D0BF6

Again enter the above if needed;

$ sudo apt-key adv --keyserver --recv-keys ED444FF07D8D0BF6

Remember to replace the key with the one that appears on your terminal.

Importing the Keys
Importing the Keys

Since the keys have successfully been imported, now you need to update, and the error should be gone, and the system should successfully update. Never run apt Upgrade when you have added any external system repository as it should panic the Kernel, and the system may crash.

$ sudo apt update

Apt Update
Apt Update

Now install Metasploit with the following command;

$ sudo apt install metasploit-framework -y

Installing Metasploit

All the dependencies should automatically be installed. Start the PostgreSQL service. Enter;

$ sudo service postgresql start

You need to initialize the Metasploit database before its use. You can do that by entering;

$ sudo msfdb init

You can then use Metasploit by entering the following command;

$ sudo msfconsole

Starting Metasploit
Starting Metasploit

The last step is to remove the Kali Rolling repositories from the sources.list file.

Enter the following command;

$ sudo nano /etc/apt/sources.list

Remove the link to Kali rolling repository which you added previously, press CTRL+X and then Y. The run;

$ sudo apt update

2. Installing From GitHub

Another standard method is to install the Metasploit-Framework by cloning from the GitHub. You need to manually install and configure all the dependencies one by one while cloning Metasploit from GitHub.

Following is the list of dependencies that are required for Metasploit Development Environment as stated by Rapid7.

$ sudo apt-get install gpgv2 autoconf bison build-essential curl git-core libapr1 libaprutil1 libcurl4-openssl-dev libgmp3-dev libpcap-dev libpq-dev libreadline6-dev libsqlite3-dev libssl-dev libsvn1 libtool libxml2 libxml2-dev libxslt-dev libyaml-dev locate ncurses-dev openssl postgresql postgresql-contrib wget xsel zlib1g zlib1g-dev

Configuring Postgres

After installing the dependencies, you need to configure the PostgreSQL database. It provides search capability and few other supporting features for Metasploit.

$ sudo su postgres
Create a new metasploit user;

$ createuser metasploituser -P

Enter any password you want to keep.

MSFuser in Postgres
MSFuser in Postgres

Now create the user database;

$ createdb msfdb -O metasploituser

Now exit from the Postgres.

$ exit

It is better to configure the PostgreSQL service to start automatically. Else the user has to start it manually each time for using the Metasploit.

$ sudo update-rc.d postgresql enable

Now you need to install RVM.

$ gpg --keyserver hkp:// --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
$ curl -sSL | bash -s stable --ruby 
$ source ~/.rvm/scripts/rvm

Installing RVM

The next step is cloning Metasploit from the Github.

$ git clone

Cloning Metasploit

Now switch to metasploit directory;

$ cd metasploit-framework/

Install Ruby, Ruby Gems & Bundler;

$ rvm --install ruby-2.6.2

Installing Ruby
Installing Ruby

$ gem install bundler
$ bundle install

The very last step is to configure the database.yml. Switch the present directory by entering;

$ cd ~/.msf4/

Now enter;

$ sudo nano database.yml
development: &pgsql
adapter: postgresql
database: msfdb
username: metasploituser
password: msfuser1
host: localhost
port: 5432
pool: 5
timeout: 5            

production: &production
<<: *pgsql
<<: *pgsql
database: msfdb

Remember to replace the username and password with the one you entered while creating the msfuser.

Configuring database.yml
Configuring database.yml

Press CTRL+X and then Y to save the file.

If everything went all right, your Metasploit must have been installed correctly. Switch back to the metasploit directory;

$ cd ~/metasploit-framework

You can start metasploit by entering;

$ ./msfconsole

Starting Metasploit


Metasploit can be easily installed in various ways. It requires some dependencies and PostgreSQL to be installed. You have to configure the Ruby database for Metasploit to work correctly manually.

Zohaib Yousaf
My name is Zohaib Yousaf. I'm an Ethical Hacker & a Pen Tester. Python scripting and Bash automation is my hobby. My research work is in Anonymity. I have co-worked in development of few anonymity solutions which implemented different Cryptographic Algorithms.


Leave a Reply to Alexandru Cancel reply

Please enter your comment!
Please enter your name here





The Ubuntu Cinnamon Remix brings together Linux Mint's Cinnamon desktop with the Ubuntu Core. While some users are welcoming the new flavor of Ubuntu with open arms, others are scratching their heads, wondering where it fits in.
The wait is finally over (almost) for all you Ubuntu fans out there. The latest version of Ubuntu, 20.10 codenamed "Groovy Gorilla," is currently available in the beta version. I have tested out the distro myself, and it is stable enough to take out for a spin.

Linux vs. BSD: 10 Key Things You Need to Know

Both Linux and BSD (Berkeley Software Distribution) are free, open-source, and based on Unix. Both systems also use many of the same applications and strive towards the same goal - developing the most stable and reliable operating system.

Test drive a Linux distro online before you hate it

Enter, a website that allows Linux users to test various distros online, without downloading the ISO or installing the distro. With, you can check a distro with no muss, no fuss.

The 10 Best GNOME based Linux Distributions in 2020

GNOME, short for  GNU Network Object Model Environment, was released back in 1999 as a part of the GNU Project. However, throughout its development, the acronym was dropped as it no longer resonated with the evolving GNOME vision.

Best Laptops for Linux and Apps Development [2020]

Apart from your programming skills, there are a few other things that can also influence the way you code, and one of them is your computer system for sure. Even though it isn't like you can't code on a regular PC or laptop, speaking from personal experience, you can make the most out of your programming skillset by going for a computer with high specs and one that's been specially designed for such tasks.