Metasploitable2 is specifically designed to be a vulnerable distribution that's been forked off Ubuntu. While your usual package management commands exist, there's no real point in patching security holes (as you would normally do), or even making available a full set of packages.
If you absolutely must get packages, I'd recommend working out what version of ubuntu they use as a base and either downloading the packages manually, or adding the repos, but using pinning to prevent the system from auto-updating like so.
In short, this is entirely by design