Share your love
Install and Use Metasploit on Ubuntu 22.04: Powerful Framework

In this guide, we want to teach you to Install and Use Metasploit on Ubuntu 22.04. The Metasploit framework is a very powerful tool that can be used by cybercriminals as well as ethical hackers to probe systematic vulnerabilities on networks and servers. Because it’s an open-source framework, it can be easily customized and used with most operating systems. Now you can follow the guide steps below on the Orcacore website to install and use Metasploit commands on Ubuntu 22.
Table of Contents
Steps To Install and Use Metasploit on Ubuntu 22.04
To use Metasploit commands, you must log in to your server as a root user and follow the steps below. In this guide, we will download Metasploit from the source to install the latest version.
Metasploit Installation on Ubuntu 22.04
First, you need to update your local package index with the following command:
sudo apt update
Then, use the following command to install the required packages and dependencies:
apt install gpgv2 autoconf bison build-essential postgresql libaprutil1 libgmp3-dev libpcap-dev openssl libpq-dev libreadline6-dev libsqlite3-dev libssl-dev locate libsvn1 libtool libxml2 libxml2-dev libxslt-dev wget libyaml-dev ncurses-dev postgresql-contrib xsel zlib1g zlib1g-dev -y
Now use the following curl command to download Metasploit source code on Ubuntu 22.04:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
Confirm your download Metasploit file by using the command below:
ls -la msfinstall
Output
-rw-r--r-- 1 root root 6034 May 7 08:42 msfinstall
Next, set the correct permissions for your downloaded file:
chmod 755 msfinstall
Finally, you can use the command below to start your Metasploit installation process on Ubuntu 22.04:
./msfinstall
This will take some time to complete, depending on your system resources.
Access Metasploit Console
At this point, you can simply run the command below to start and access your Metasploit console:
msfconsole

To exit from the console, simply type exit.
Use Metasploit – Perform a Scan
Now that you have installed Metasploit on your Ubuntu 22.04, it is time to perform a scan with Metasploit commands. A Metasploit scan has two types: network scans and host scans.
A network scan identifies the available hosts on a network. This type of scan is useful when performing a penetration test on a network to identify the systems available for further attacks.
On the other hand, a host scan identifies the services running on a host. This type of scan is useful when you want to identify the vulnerabilities in a system.
Run a vulnerability scan with Metasploit
At this point, follow the below steps to run a vulnerability scan with Metasploit on Ubuntu 22.04.
First, you need to start the PostgreSQL service. Metasploit saves all of the data it collects in a database. By default, Metasploit uses the PostgreSQL database.
systemctl start postgresql
Then, you need to initialize a new database for Metasploit by using the following command:
msfdb init
Note: You must run this command as a non-root user. You can visit this guide on Initial Server Setup with Ubuntu 22.04.
Output
[?] Would you like to init the webservice? (Not Required) [no]:
Clearing http web data service credentials in msfconsole
Running the 'init' command for the database:
Creating database at /home/orca/.msf4/db
Creating db socket file at /tmp
Starting database at /home/orca/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/orca/.msf4/db/pg_hba.conf
Stopping database at /home/orca/.msf4/db
Starting database at /home/orca/.msf4/db...success
Creating initial database schema
Database initialization successful
Now access your Metasploit console again with your non-root user:
msfconsole
Then, from your Metasploit console check your database connection with the command below:
msf6 > db_status
Output
[*] Connected to msf. Connection type: postgresql.
Load msfcrawler module
At this point, you need to load the msfcrawler module by using the command below. The msfcrawler module is for crawling websites to find vulnerabilities in web applications.
msf6 > use auxiliary/scanner/http/crawler
Output
msf6 auxiliary(scanner/http/crawler) >
Set RHOST and RPORT parameters
The RHOST parameter represents the target host, and the RPORT parameter represents the port number. In this case, you will scan the local host on port 9000.
msf6 auxiliary(scanner/http/crawler) > set RHOST localhost
msf6 auxiliary(scanner/http/crawler) > set RPORT 9000
Start Crawler
At this point, run the below command to start the crawler. The crawler will start scanning the target host and port. This process can take several minutes, depending on the website’s size.
msf6 auxiliary(scanner/http/crawler) > run
Output
[*] Running module against 127.0.0.1
[*] Crawling http://localhost:9000/...
[-] Error accessing page The connection was refused by the remote host (localhost:9000).
[-] [00001/00500] ERR - localhost - http://localhost:9000/
[*] Crawl of http://localhost:9000/ complete
[*] Auxiliary module execution completed
Load WMAP module
At this point, you need to load the WMAP module. This module scans web applications for vulnerabilities. To do this, run the command below:
msf6 auxiliary(scanner/http/crawler) > load wmap
Outut
.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-'
[WMAP 1.5.1] === et [ ] metasploit.com 2012
[*] Successfully loaded plugin: wmap
Now run the wmap_sites -a localhost:9000 command to add the target host and port to the scan list:
msf6 auxiliary(scanner/http/crawler) > wmap_sites -a localhost:9000
Output
[*] Site created.
List all the available target hosts and ports by using the following command:
msf6 auxiliary(scanner/http/crawler) > wmap_sites -l
Output
[*] Available sites
===============
Id Host Vhost Port Proto # Pages # Forms
-- ---- ----- ---- ----- ------- -------
0 127.0.0.1 localhost 9000 http 1 0
Finally, you can select a target host and start your scan with Metasploit commands on Ubuntu 22.04:
msf6 auxiliary(scanner/http/crawler) > wmap_targets -t 127.0.0.1:9000
msf6 auxiliary(scanner/http/crawler) > wmap_run -e
Wait for the scan to finish. When the scan is complete, view the results by running the below command:
vulns
For more information, you can visit the Metasploit Docs page.
Conclusion
At this point, you have learned to Install and Use Metasploit on Ubuntu 22.04. Metasploit is a great tool that cybercriminals and ethical hackers use to probe systematic vulnerabilities on networks and servers.
Hope you enjoy it. You may also interested in these articles:
Install and Configure Dnsmasq on Ubuntu 22.04