How to Install Metasploit Latest Version Ubuntu | Arkit
Metasploit Framework is one of the most widely used open-source penetration testing frameworks for security researchers, ethical hackers, and system administrators. It helps security teams validate vulnerabilities, test defenses, and improve overall security posture when used in authorized environments. Rapid7 describes Metasploit as a framework that helps defenders verify vulnerabilities, manage assessments, and improve security awareness.
In this guide, you will learn how to install the latest version of Metasploit on Ubuntu using the official Rapid7 installation method. This method is recommended because Rapid7’s nightly installers include required dependencies and integrate with your package manager, making future updates easier.
Important: Use Metasploit only on systems you own or have explicit permission to test.
What Is Metasploit Framework?
Metasploit Framework is an open-source security testing platform used for vulnerability research, penetration testing, exploit development, and security validation. The framework includes msfconsole, which is the main command-line interface used to interact with Metasploit modules. Rapid7’s installer also ships with dependencies and related tools such as Nmap and John the Ripper.
If you are using Ubuntu for ethical hacking, cybersecurity training, or internal security audits, installing Metasploit directly on Ubuntu gives you access to the latest framework packages without needing a dedicated penetration testing distribution.
Why Install the Latest Metasploit Version on Ubuntu?
The latest Metasploit version gives you access to recent framework improvements, bug fixes, module updates, and better compatibility with modern security testing workflows. According to the official Metasploit GitHub repository, users should access the latest version from the Nightly Installers page.
Installing the official nightly package is better than relying on outdated third-party packages because:
- It is maintained by the Metasploit/Rapid7 ecosystem.
- It includes required dependencies.
- It can be updated through
msfupdateor your system package manager. - It works with Debian/Ubuntu
.debpackages built nightly.
Prerequisites
Before installing Metasploit on Ubuntu, make sure you have:
- Ubuntu installed, preferably a modern LTS version.
- A user account with
sudoprivileges. - A stable internet connection.
- Basic familiarity with the Linux terminal.
- Authorization to use Metasploit in your lab or organization.
Rapid7 notes that administrator privileges are required to install Metasploit Framework on the target system.
Step 1: Update Your Ubuntu System
Open a terminal and update your package index:
sudo apt update
Then upgrade existing packages:
sudo apt upgrade -y
This helps reduce dependency issues during installation.
Step 2: Install Required Basic Tools
Most Ubuntu systems already include curl, but you can install it with:
sudo apt install curl -y
You can also install common supporting packages:
sudo apt install gnupg2 software-properties-common -y
These packages help with repository management, signing keys, and package installation.
Step 3: Download the Official Metasploit Installer
Rapid7’s official Linux installation command downloads the msfinstall script, makes it executable, and runs it. The installer adds the build repository and installs the Metasploit Framework package.
Run:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall chmod 755 msfinstall ./msfinstall
This command installs the latest available Metasploit Framework package for Ubuntu.
The nightly installer packages include dependencies such as Ruby and PostgreSQL and are designed to integrate with the package manager for easier updates.
Step 4: Launch Metasploit Console
After installation, start Metasploit with:
msfconsole
If msfconsole is not yet in your PATH, run it directly from the installation directory:
/opt/metasploit-framework/bin/msfconsole
The official documentation says the first run may prompt you to set up a database and add Metasploit to your local PATH.
Step 5: Set Up the Metasploit Database
When you launch Metasploit for the first time, it may ask whether you want to set up a database. Type:
yes or: y
The database is useful because it allows Metasploit to store hosts, services, notes, credentials, and workspace data during authorized testing.
To manually initialize the database, run:
msfdb init
Rapid7 documents msfdb init as the command used to enable and start the database if it was not configured during the first launch.
Step 6: Verify the Installation
Inside msfconsole, check whether the database is connected:
db_status
If everything is working, you should see a PostgreSQL connection message. Rapid7’s documentation shows a successful database connection as:
[*] postgresql connected to msf
You can also check the installed Metasploit version with:
msfconsole --version
or from inside msfconsole:
version
Step 7: Update Metasploit on Ubuntu
To keep Metasploit updated, run:
msfupdate
The official nightly installer documentation states that these packages can be updated with msfupdate or with your package manager.
You can also update your Ubuntu packages normally:
sudo apt update sudo apt upgrade -y
Keeping Metasploit updated is important because new modules, fixes, and compatibility improvements are released frequently.
Alternative Method: Install Metasploit Using Snap
Ubuntu users can also install a Snap package:
sudo snap install metasploit-framework
Snapcraft lists this command for installing Metasploit Framework on Ubuntu.
However, for the latest official Metasploit Framework installation, the Rapid7 nightly installer is generally the better choice because it is the method referenced by the official Metasploit documentation and GitHub repository.
Common Installation Issues and Fixes
1. curl: command not found
Install curl:
sudo apt update sudo apt install curl -y
Then rerun the installer command.
2. msfconsole: command not found
Try launching Metasploit directly:
/opt/metasploit-framework/bin/msfconsole
You can also close and reopen your terminal so your PATH updates.
3. Database Not Connected
Run:
msfdb init
Then start Metasploit again:
msfconsole
Inside Metasploit, verify with:
db_status
4. Permission Denied on Installer
If the installer is not executable, run:
chmod 755 msfinstall ./msfinstall
5. Antivirus or Security Tools Blocking Files
Rapid7 notes that security tools may flag Metasploit because it contains components used for vulnerability testing. Use Metasploit only in approved environments and configure your security tooling according to your organization’s policy.
Best Practices After Installing Metasploit
After installing the latest Metasploit version on Ubuntu, follow these best practices:
- Use Metasploit only in authorized labs, internal assessments, or approved client environments.
- Keep Ubuntu and Metasploit updated.
- Use a dedicated testing machine or virtual machine.
- Avoid running unnecessary services on your testing system.
- Document your testing scope before using security tools.
- Never scan or test public systems without written permission.
Metasploit is powerful, and responsible use is essential.
How to Uninstall Metasploit from Ubuntu
If you installed Metasploit using the Rapid7 package, try:
sudo apt remove metasploit-framework -y
To remove unused dependencies:
sudo apt autoremove -y
If you installed the Snap version, remove it with:
sudo snap remove metasploit-framework
FAQ: Installing Metasploit Latest Version on Ubuntu
Is Metasploit free on Ubuntu?
Yes. Metasploit Framework is open source. The official GitHub repository states that Metasploit Framework is released under a BSD-style license.
What is the best way to install the latest Metasploit on Ubuntu?
The recommended method is the official Rapid7 nightly installer. It installs dependencies, configures the package source, and allows updates through msfupdate or the package manager.
Can I install Metasploit with apt install metasploit-framework?
Only after the correct Metasploit package repository has been configured. The official installer script handles this process for supported Linux systems.
Does Metasploit require PostgreSQL?
Metasploit can launch without a database, but PostgreSQL is recommended for storing assessment data. The official installer includes dependencies, and first launch can help set up the database.
Is Metasploit legal?
Metasploit is legal to install and use for legitimate security testing. Using it against systems without permission can be illegal. Always test only systems you own or are authorized to assess.
Conclusion
Installing the latest version of Metasploit on Ubuntu is straightforward when you use the official Rapid7 nightly installer. The installer downloads the correct package, includes key dependencies, integrates with your package manager, and supports easy updates with msfupdate.
For most Ubuntu users, the best installation path is:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall chmod 755 msfinstall ./msfinstall msfconsole
https://www.rapid7.com/products/metasploit/download/pro/thank-you/
Thanks for Your Wonderful Support and Encouragement
More than 40,000 techies are part of our ARKIT community. Join us today and keep learning Linux, Cloud, Storage, DevOps, and IT technologies.
