(opens in new window)

OWASP Vulnerable Web Applications Directory

An OWASP production project

A comprehensive registry of known vulnerable web and mobile applications for legal security testing and training.

Metasploitable 2

Intentionally vulnerable Ubuntu Linux VM for testing security tools and demonstrating common vulnerabilities. Many listening services (FTP, SSH, HTTP, MySQL, PostgreSQL, VNC, etc.) provide remote entry points; compatible with VMware, VirtualBox, and other hypervisors.

Collections container
Technology VMware VirtualBox Ubuntu
Categories Free-form Single-player
Link Download

Notes

Default login msfadmin/msfadmin. Use NAT and host-only adapters only; never expose to a hostile network. Download from Rapid7 or SourceForge.

← Back to directory