Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit, and a great way to practice exploiting vulnerabilities that you might find in a production environment.
For download links and a walkthrough of some of the vulnerabilities (and how to exploit them), please take a look at the Metasploitable 2 Exploitability Guide.
Have fun!
-HD
Article Tags
Related blog posts
Products and Tools
Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum
Brendan Watters
Products and Tools
Metasploit Wrap Up 05/29/2026
Spencer McIntyre
Products and Tools
Metasploit Wrap Up 05/22/2026
Martin Sutovsky
Products and Tools
Metasploit Wrap-Up 05/15/2026
Martin Sutovsky