Vulnerable machines for Pentesters

Author: Martin Voelk
December 19, 2014

Often our customers and fellow Penetration Testers ask us: Where can you test Penetration Testing tools against? We don’t wanna break anything on our live systems. Fortunately there are free great open source distributions out there which allow you to test Pentesting tools against, run you customised exploits against etc.

These days more and more servers become virtualised with VMware and other virtualisation software. It has never been that easy for Pentest professionals and aspiring Pentesters to hone their skills against vulnerable machines. If you can get your hands on a Windows XP distribution, great. If not we highly suggest to download Metasploitable 2. A distribution left intentionally vulnerable for testing purposes. Easily deployed on a VMware and the victim machine is ready to be attacked.

You can download Metasploitable 2 here: 

It come with tons of in-built vulnerabilities to be exploited. Those range from common FTP server vulnerabilities to complex Cross Site Scripting and SQL injection vulnerabilities on Web Applications. Ideal to test, play with and practice skills.

Have a great weekend everybody.