Installers are built nightly for macOS, Windows (64-bit) and Linux. These installers include dependencies (like Ruby and PostgreSQL) and integrate with your package manager, so they’re easy to update.
The following script invocation will import the Rapid7 signing key and setup the package for supported Linux and macOS systems:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ chmod 755 msfinstall && \ ./msfinstall
Once installed, you can launch msfconsole as
/opt/metasploit-framework/bin/msfconsole from a terminal window, or depending on your environment, it may already be in your path and you can just run it directly. On first run, a series of prompts will help you setup a database and add Metasploit to your local PATH if it is not already.
These packages integrate into your package manager and can be updated with the
msfupdate command, or with your package manager. On first start, these packages will automatically setup the database or use your existing database.
Linux packages are built nightly for .deb (i386, amd64, armhf, arm64) and .rpm (64-bit x86) systems. Debian/Ubuntu packages are available at https://apt.metasploit.com and CentOS/Redhat/Fedora packages are located at https://rpm.metasploit.com.
The latest OS X installer package can also be downloaded directly here: https://osx.metasploit.com/metasploitframework-latest.pkg, with the last 10 builds archived at https://osx.metasploit.com/. Simply download and launch the installer to install Metaploit Framework with all of its dependencies.
Download the latest Windows installer or view older builds. To install, simply download the .msi package, adjust your Antivirus as-needed to ignore c:\metasploit-framework, double-click and enjoy. The msfconsole command and all related tools will be added to the system %PATH% environment variable.
If you downloaded Metasploit from us, there is no cause for alarm. We pride ourselves on offering the ability for our customers and followers to have the same toolset that the hackers have so that they can test systems more accurately. Because these (and the other exploits and tools in Metasploit) are identical or very similar to existing malicious toolsets, they can be used for nefarious purposes, and they are often flagged and automatically removed by antivirus programs, just like the malware they mimic.
Feel free to review and help improve the source code for our installers.