Metasploitable is a great tool for learning and testing security skills. It is a virtual machine (VM) designed to be vulnerable. This makes it perfect for practicing ethical hacking and penetration testing.
In this guide, we will show you where to download Metasploitable and how to set it up. It’s a fun way to explore the Metasploit Framework without risking real systems.
What is Metasploitable?
Metasploitable is a pre-configured virtual machine full of security flaws. It is intentionally left vulnerable so that security professionals and learners can test attacks safely.
Some of the things you can do with Metasploitable:
- Practice using Metasploit.
- Learn ethical hacking techniques.
- Test security tools on a controlled system.
- Understand real-world vulnerabilities.
It is a great way to build hands-on skills in cybersecurity.

Where to Download Metasploitable?
You can download Metasploitable from the official Rapid7 website. Rapid7 is the company behind Metasploit, and they provide Metasploitable for free.
Follow these steps to get it:
- Go to the official Metasploitable download page on Rapid7’s website.
- Find the latest version of Metasploitable.
- Download the virtual machine file (it is usually in OVA or ZIP format).
The official link to download Metasploitable is:
Make sure to download from the official site to avoid unsafe versions.
Setting Up Metasploitable
Once you have the file, you need to set it up in a virtualization software. You can use:
- VirtualBox (Free and easy to use)
- VMware (More powerful but requires a license for advanced features)
To install Metasploitable:
- Open VirtualBox or VMware.
- Import the Metasploitable VM file (OVA or extracted VMDK).
- Start the virtual machine.
No need to configure much. It will boot up as a Linux machine with vulnerabilities.

Default Credentials for Metasploitable
Metasploitable comes with default login details:
- Username: msfadmin
- Password: msfadmin
Use these credentials to log in and explore the system.
How to Use Metasploitable for Testing?
Now that Metasploitable is running, you can start testing! Here are a few things you can try:
- Use nmap to scan for open ports.
- Run Metasploit Framework and launch exploits.
- Test web vulnerabilities using DVWA.
- Practice privilege escalation techniques.
Always use Metasploitable in a safe environment like a home lab. Do not connect it to the internet.

Final Thoughts
Metasploitable is a great way to practice ethical hacking skills. It is free, easy to set up, and full of security flaws to explore. If you want to improve your cybersecurity skills, this is a must-have.
Download it, install it, and start testing! Happy hacking (ethically, of course)!