How to Install Metasploit Framework in Ubuntu 22.04

Data security is a major problem for organizations all around the world. Vulnerability assessment and penetration testing enable the organizations to better protect their systems and data against internal and external threats. This post is about one such penetration testing tool – Metasploit framework. Metasploit is a versatile and powerful penetration testing framework that can perform all the functioning involved in a penetration testing life cycle. It is a free and open-source penetration testing framework available for nearly all popular OS.

In this post, we will show how to install the Metasploit Framework in Ubuntu 22.04 LTS (Jammy Jellyfish).

Installing Metasploit Framework

To install the Metasploit framework, use the installer distributed by Rapid7. The installer is then integrated into the Ubuntu package manager and therefore can easily be updated later. Let’s begin with the installation:

1. First, you need to install some prerequisite packages which include curl, postgresql, and postgresql-contrib. Run the following command to install these packages:

$ sudo apt install curl postgresql postgresql-contrib

2. Run the following command to download and save the Metasploit installer script as msfinstall:

$ curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

3. Assign the “read” and execute access for everyone on the installer script:

$ chmod 755 msfinstall

4. Now, run the “msfinstall” installer script for the installation of the Metasploit Framework:

$ sudo ./msfinstall

This command installs the Metasploit framework on your system.

5. A database is required for Metasploit to store the penetration-testing findings and results such as target host data, exploits, system logs, collected data, and other information. For this, we installed the Postgresql (in step 1). Now, we need to start its service through the following command:

$ sudo systemctl start postgresql

Then, create and initialize the database through the following command:

$ msfdb init

It will then ask if you want to initialize the web service. If you want to initialize, type “yes” and hit Enter. Otherwise, type “no”. If you have initialized the web service, you will be asked for the web service account username and password. You can enter any username and password, or accept the default entries by hitting the Enter key.

6. Run the following command to launch the Metasploit framework console:

$ msfconsole

The msfconsole is the CLI to interact with the Metasploit framework. It enables you to perform the tasks such as scanning targets, launching exploits, collecting data, etc.

Now, to verify if the Metasploit is connected to the database, run the following command inside the msfconsole:

$ db_status

The following output verifies that the Metasploit framework has been connected to the database.

You can run the “help” command inside the msfconsole to view the help menu.

It is important to keep the Metasploit Framework updated in order to stay informed about the latest vulnerabilities and exploits. You can either run the “apt update command” or “msfupdate” utility to update the Metasploit framework to the latest version:

$ sudo apt update


$ sudo msfupdate

The “msfupdate” utility connects to the online repositories and gets the updates.

Uninstall Metasploit Framework

If you ever need to uninstall the Metasploit framework, you can do so through the following command:

$ sudo apt remove metasploit-framework

This command asks for the sudo password and then your confirmation to uninstall it. After which, it removes the Metasploit framework from your system.


That is all there is to it! This article described how to install the Metasploit framework in Ubuntu 22.04 LTS, create and initialize the database, connect the Metasploit framework with the database, and launch the Metasploit command-line interface. I hope this will help you install the Metasploit framework in your Ubuntu system.

About the author

Karim Buzdar

Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. He blogs at LinuxWays.