Priveon Labs Security Blog

A common question in the security world is "what do you recommend for a pen-testing lab?"

This question is somewhat open-ended. When personally asked about pen-testing labs, I typically attempt to narrow down the area of interest from web application security (SQL injection, CSS, CSRF), application/operating system security, database security, network security, or any of the other sub-categories of vulnerabilities and/or pen-testing.

If I can qualify a "pen-testing lab" question with a specific area of interest, I typically answer with a related list of favorite tools, live CDs, websites, and vulnerable images. MetaSploit is nearly always mentioned in the "favorite tools" category for learning pen-test and attack techniques.

Now MetaSploit has released "MetaSploitable" - an image that can be used for pen-testing skill development and testing. I haven't had time to review MetaSploitable yet, but if it comes from HD and company I suspect it will make its way into my list of recommended pen-test lab tools and images.

More information on MetaSploitable, including download instructions, can be found on the official
MetaSploit blog.