Metasploitable is one of the most popular and well developed virtual machines for practicing hacking.  It is a Linux-based operating system that includes applications that deliberately includes a wide range of known vulnerabilities that can be exploited by security professionals and hackers alike to test and improve their skills.

A little History about Metasploitable

Metasploitable was first released in 2008 by Rapid7, the company behind the popular Metasploit Framework, which is a penetration testing tool used to find vulnerabilities in target systems and applications.

The Metasploitable virtual machine was created to provide a safe and legal environment for users to practice exploiting vulnerabilities and conducting penetration tests without risking damage to real-world systems. This can be a great tool for hackers, geeks and just hobbyists in general who want to get into the world of security without the need for an expensive lab.

How to Get Metasploitable

The Metasploitable VM image is available forseveral different formats, including VirtualBox, VMware, and Amazon EC2, and can be downloaded for free from sites such as SourceForge.

Metasploitable on VMware

Download Metasploitable

Start by downloading the metaspoitable image from the link provided below:

If you are looking for a direct download link using tools such as wget and curl, check below:


Extract the Archive

Once the download is complete, you can extract the archive to the Virtual Machine Folder in your machine.

Import Metasploitable

Once you have extracted the target machine, open VMware. Navigate to File -> Open and select the Metasploitable.vmx file. This will load the Metasploitable machine and allow you to interact with it.

You can configure various options such as the resources allocated to the machine and more.

What Does Metasploitable Offer

Metasploitable includes a variety of vulnerable applications and services, such as a web server, FTP server, SSH server, and several other common network services. These services are intentionally configured with weak or default passwords, outdated software versions, and known vulnerabilities that allow attackers to gain unauthorized access to the system.

Some of the known vulnerabilities in Metasploitable include SQL injection, cross-site scripting (XSS), buffer overflow, and remote code execution. These vulnerabilities are widely known and well-documented, which makes Metasploitable an ideal platform for testing and developing exploit code.

To make the most out of Metasploitable, you should have a basic understanding of Linux command-line tools, network protocols, and common vulnerabilities. You can subscribe to our site to expand your knowledge on these topics.


In this short post, you discovered what metasploitable is, how it works and how we can import it to the VMware virtualization tool.

Table of Contents
Great! Next, complete checkout for full access to GeekBits.
Welcome back! You've successfully signed in.
You've successfully subscribed to GeekBits.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.