-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Home
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.
Previous versions of Metasploitable were distributed as a VM snapshot where everything was set up and saved in that state. Metasploitable 3 introduces a new approach: dynamically building the VM image. It utilizes Packer, Vagrant, and a ton of scripts to go from nothing to a fully functional, exploitable VM within minutes.
There are a lot of benefits to this new method of building. We can easily apply the same exploits on multiple operating systems, build for multiple virtualization platforms, and best of all, accept contributions from the community.
The most up to date build instructions can be found in the README.
To re-build:
You can easily wipe the system out and start over if you break something, or just want to start from scratch. Simply run the command vagrant destroy
and it will delete the box from your virtualization platform. Running vagrant up
again will re-create and re-provision the VM.
Windows Product Keys:
The Autounattend.xml files are configured to work correctly with trial ISOs (which will be downloaded and cached for you the first time you perform a packer build). If you would like to use retail or volume license ISOs, you need to update the UserData>ProductKey element as follows:
- Open the Autounattend.xml file for the OS you are trying to build in metasploitable3/answer_files//Autounattend.xml
- Uncomment the ... element
- Insert your product key into the Key element
If you are going to configure your VM as a KMS client, you can use the product keys at http://technet.microsoft.com/en-us/library/jj612867.aspx. These are the default values used in the Key element.
Running in an ESXi VM:
If you would like to run Metasploitable on an ESXi VM, you must add the following line to the VM's *.vmx file: vhv.enable = "TRUE"
That will enable virtualization in the VM; the best way to edit that file is to enable SSH on the host and SSH onto the ESXi host and cd into /vmfs/volumes
. Once that line has been added, you can install Vagrant, Packer, and VirtualBox, then run the provided script.
- GlassFish
- Apache Struts
- Tomcat
- Jenkins
- IIS FTP
- IIS HTTP
- psexec
- SSH
- WinRM
- chinese caidao
- ManageEngine
- ElasticSearch
- Apache Axis2
- WebDAV
- SNMP
- MySQL
- JMX
- Wordpress
- SMB
- Remote Desktop
- PHPMyAdmin
Want to add more vulnerabilities to Metasploitable3, or just want to fix a few bugs? Check out this page for more details.
Check out our roadmap.