Install Metasploitable 2

Last Updated : 2 Sep, 2025

Metasploit is an open-source penetration testing framework designed to help cybersecurity professionals identify, validate, and exploit vulnerabilities in systems safely and legally in controlled environments.

Think of it like a Swiss Army knife for penetration testers:

It contains thousands of exploits, payloads, and tools.
It provides a consistent interface to test different vulnerabilities.
It helps both attackers (Red Team) and defenders (Blue Team) to understand real-world attack patterns.

The Metasploit Framework (MSF) is the free, community-driven core. There’s also Metasploit Pro, a commercial version with automation and reporting features.

👁 metasploit_s_workflow

Setting Up Metasploitable in VM

Now we install Metasploitable 2, a deliberately vulnerable machine designed for practicing penetration testing and exploitation

Step 1: Get the Metasploitable 2 VM

Visit Rapid7’s official repository or SourceForge to download the Metasploitable 2 image.
The file is typically around 800 MB in a compressed format (e.g. .zip).
Extract it to reveal the .vmdk virtual disk file that contains the ready-to-use OS.

👁 msf_vmdk

Step 2: Import it into VirtualBox

Launch VirtualBox and click New.
Give your VM a name (e.g., "Metasploitable2"), choose:
- Type: Linux
- Version: Other Linux (32-bit or 64-bit, depending on the image)
When prompted for storage, use the existing virtual disk:
- Choose the .vmdk you extracted previously.
Assign modest resources (e.g., 512 MB RAM, one CPU is usually sufficient).

👁 msf_virtual_image

Step 3: Configure Networking - Keep It Isolated

Go to the VM’s Settings → Network.
Set Adapter 1 to Host-Only Adapter (like vboxnet0) so it can talk only to the host and not to external networks.
Optionally, configure Adapter 2 as NAT if you need Internet access for Kali—but keep Metasploitable on Host-Only for safety.