-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Home
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.
Previous versions of Metasploitable were distributed as a VM snapshot where everything was set up and saved in that state. Metasploitable 3 introduces a new approach: dynamically building the VM image. It utilizes Packer, Vagrant, and a ton of scripts to go from nothing to a fully functional, exploitable VM within minutes.
There are a lot of benefits to this new method of building. We can easily apply the same exploits on multiple operating systems, build for multiple virtualization platforms, and best of all, accept contributions from the community.
Now that we've covered the what and the why, let's take a look at the requirements for running Metasploitable 3:
- Packer
- Vagrant NOTE: There is a bug in the latest version of Vagrant that is causing the provisioning to fail. This can be worked around by using Vagrant 1.8.1.
- Vagrant Reload Plugin
- VirtualBox
- Internet connection
To build Metasploitable 3:
- Clone this repo and navigate to the main directory.
- Build the base VM image by running
packer build windows_2008_r2.json
. This will take a while the first time you run it since it has to download the OS installation ISO. - After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command
vagrant box add windows_2008_r2_virtualbox.box --name=metasploitable3
. - To start the VM, run the command
vagrant up
. This will start up the VM and run all of the installation and configuration scripts necessary to set everything up. This takes about 10 minutes. - Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.
To re-build:
You can easily wipe the system out and start over if you break something, or just want to start from scratch. Simply run the command vagrant destroy
and it will delete the box from your virtualization platform. Running vagrant up
again will re-create and re-provision the VM.
- GlassFish
- Apache Struts
- Tomcat
- Jenkins
- IIS
- psexec
- SSH
- WinRM
- chinese caidao
- ManageEngine
- ElasticSearch
- Apache Axis2
- WebDAV
- SNMP
- MySQL
- JMX
- Wordpress
- SMB
- Remote Desktop
- PHPMyAdmin
Want to add more vulnerabilities to Metasploitable3, or just want to fix a few bugs? Check out this page for more details.
Check out our roadmap.