How to Install Metasploit on Ubuntu

Metasploit is one of the most popular network penetration frameworks in the world and allows both newbies and professionals to easily exploit vulnerabilities in a huge variety of software and firmware.

You can use Metasploit to test your own security, go after bug bounties, or wreak mayhem across the internet. Whatever color hat you’re wearing, it’s easy to install Metasploit on Ubuntu.

Since computers were first networked together, people have been trying to access them without authorization. Over time, hackers developed a huge variety of tools to help them—each one suited to particular tasks, operating systems, and extremely specific situations.

Metasploit is essentially a handy toolkit, containing a selection of these tools which you can easily use to find and exploit vulnerabilities, allowing you to compromise computers, webcams, IoT devices, websites, routers, and phones.

While you might think that only criminals would want to use the Metasploit framework, it has legitimate uses too. You can use it to detect vulnerabilities in your own network security, and the tools with which you take control of someone else’s computer can be usefully employed to help with remote technical support of a friend’s PC.

Metasploit developers recommend that you install the framework using their shell script. To do this, simply copy the following code, paste it into your terminal, and press Enter:

 curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall 

If you want to read the script before you install it, just enter:

 curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb 

The Metasploit binaries will be installed in /opt/metasploit-framework/bin/ and you can launch the framework by entering:

 msfconsole 

If you prefer to install the Metasploit framework using a DEB file, visit apt.metasploit.com. Scroll down to the very bottom of the page and select the correct version for your architecture. AMD64, ARM64, and i386 are all supported.

In your terminal, locate the DEB file, and use dpkg with sudo to install the package:

 sudo dpkg -i metasploit-package.deb 

Note that because Metasploit framework packages are built nightly, the exact package name will vary depending on the date you downloaded the file, and the architecture you’re using.

If that’s too much bother, you’ll be glad to learn that Metasploit is also available in the Snap Store.

Again, running:

 msfconsole 

…will get you started.

When you first start Metasploit, regardless of what method you use, you’ll be greeted by the Metasploit Framework Installation wizard, which will ask a few questions to guide you through the initial setup.

Type “Yes” when asked if you’d like to use and set up a new database, and choose whether you like to initialize the web service.

If you want to use the web service, enter a new account username when requested, and choose a password. This step isn’t necessary, and Metasploit is perfectly functional without it.

When the setup is complete, you’ll see a message reading, “Metasploit Framework Initial Setup Complete”.

Once the Metasploit framework is up and running, you’ll find yourself in the Metasploit console, and have a new command prompt, which, depending on the version you’re using, will be “msf6”, “msf7”, or similar.

If you’ve never used Metasploit before, you’ll want to input:

 help 

…to see all the commands available to you.

Metasploit is a framework for tools, and to use a particular tool, you need to employ the “use” command. If for some reason, you want to deploy a payload through the AOL browser onto a Windows XP system, you would run:

 use /exploit/windows/browser/aol_ampx_convertfile 

When the module is loaded, type the following to get information and options for the tool:

 show 

Metasploit is a tool that you can use for good and evil purposes. We shouldn’t need to remind you that accessing computer systems without authorization is a crime in most of the world, and you can end up in jail for a very long time.

On the other hand, if you’re exploring Metasploit as preparation for a career in cybersecurity, consider supplementing your independent learning with an online course.