Installing metasploitable with vagrant

Metasploitable background: What is metasploitable?

“Metasploitable is a Virtual Machine that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.”

Why do we need metasploitable?

One of the problems you encounter when learning how to use an exploitation framework is trying to find and configure targets to scan and attack.
Luckily, the Metasploit team is aware of this and released a vulnerable VMware virtual machine called ‘Metasploitable’. This post is about Installing metasploitable with vagrant.

What does metasploitable let us do?

Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques.

Where can we get metasploitable?

Metasploitable is available on github:

Installing metasploitable with vagrant:



To use the prebuilt images provided at create a new local metasploitable workspace:

mkdir metasploitable
cd metasploitable
curl -O
vagrant up

Once the images download (there is an ubuntu image and a windows image) and you run vagrant up, you should have two virtual machines running, you can check with:

vagrant global-status

id       name   provider   state   directory
abc1234  ub1404 virtualbox running /Users/me/git/metasploitable
abc1235  win2k8 virtualbox running /Users/me/git/metasploitable

You can log in to the virtual machines using the vagrant ssh commands

vagrant ssh abc1234
# or vagrant ssh abc1235

At this stage, you have two very vulnerable machines running on your network – be careful. Follow the white rabbit, take the blue pill and go hack the gibson!

You might be interested in my metaspliot beginners tutorial, and how you can find vulnerabilities using metasploit