How to Install and Use Metasploit Security Tool

According to Rapid7 (company behind the project) web site, Metasploit framework is the World's most used open source penetration testing software. It can be either used for offensive or defensive purposes by hackers.  Metasploit framework is available in many Linux distributions such as Kali (old name Backtrack). However, in this tutorial , Metasploit software will be installed on the Ubuntu 16.04 LTS.

Following are two versions of Metasploit framework;

  1. Metasploit Pro (Paid and full features)
  2. Metasploit Community (free and limited functionality )

Metasploit Installation

It is required to register on the Rapid7 website to download the Metasploit installer. First you have to download Metasploit community version of the framework.

Fill following registration form to download installer and receive 1 year license key in the provided email id.


After successful submission of above form will prompt following more options.

Download the Metasploit installer for the desired operating system(Linux in this tutorial).

Download links

Installer downloading progress is shown in following snapshot.


As per 2nd step  given on the Rapid7 website,  Metasploit software also uses few same techniques as malware and malicious attackers to audit your security. Before the installation and during its use, please switch off anti-virus solutions and local firewall  to run Metasploit properly.


And the last step is activating the Metasploit framework using license key.


Metasploit installer can be download using wget command.


Run following command to set executable permission on the installer script.

chmod +x
permission changed

As shown in the following snapshot, installer script is executed in the terminal.


Installer prompts the setup wizard of Metasploit framework.


Click on the Forward button and accept the agreement for further installation.


On the next prompt, choose a folder for Metasploit installation. Default installation path is /opt/metasploit directory.

installation directory

Install Metasploit as a service to start it on each boot.


Disable antivirus and firewall to start Meatsploit software.


The default ssl port of Metasploit service is 3790. However, it can be changed by user during installation process.

port for metasploit

Generation of SSL certificate for Metasploit service is shown below.

ssl certificates

As shown in the following screenshot, Metasploit setup is ready to install it on the Virtual Machine (VM).


Installation process is started and shown below.


Finally, setup wizard is finish and Metasploit Web user interface will be open.


Welcome page after setup wizard is shown below.


As shown in the above snapshot,  visit following URL to start using Metasploit framework


Following exception shows that connection is not secure. Therefore, add exception and accept the Metasploit generated certificate.

insecure connection

Adding browser exception to accept the certificate.

add exception

Confirming security exception to begin web interface over https.


As shown in following snapshot, create a user to access the web interface of Metasploit framework.

login information

Following figure shows that product key is entered to activate the software.

enter license key

As shown in the following figure, product is successfully activate and restart is also required for Metasploit instance.

restart after activation

Metasploit Usage

As shown in following figure that first project created in the Metasploit web interface is default.

default project

Click on the name of the project to see more associated options.


Above screenshot shows the overview of the project like discovered hosts, services, vulnerabilities etc.   Top menu shows the available features in the Metasploit framework and most of feature required paid license to use.

Following figure shows that scan feature of Metasploit tool to discover the hosts in the network.


Address ( is given in the target setting area with default scan options.

give target address

Nmap is integrated with Metasploit framework to perform host discovery.  Progress of Nmap scan is shown below.

scan result

Click on Host option under Analysis menu to view the scan result.

analysis menu

Details of target are shown in the following figure.  The target in this scan is  DSL router which is using Linux 2.6.X kernel and hostname is Broadcom.Home.


Three services (dns,http and telnet) are open on the dsl router and no  vulnerability is found on the target.


Many features in the community version of Metasploit are only for trial. As shown in the following few screenshots, automatic exploitation, brute force  and  reporting  feature required paid license.

Automatic Exploitation feature

automatic exploit

Bruteforce module


Reporting feature


Nexpose (another project of Rapid7) plugin is also integrated  which detects vulnerabilities, prioritize remediation and improve the security outcomes. Nexpose is alternative for Nessus and OpenVAS security scanners.


The Metasploit framework is comprehensively explored in this tutorial and installed on the Ubuntu platform. It is ranked as top security tool in the open source community. It is used by  security professionals to perform penetration testing.

2 Comments... add one

  1. I installed metasploit directly on shell using this errors whatsoever..
    >pkg install metasploit...This is absurd. We should reload..


Leave a Comment