I’m looking for a deliberately vulnerable machine with documented vulnerabilities that I scan.
I’ve tried the metasploitable3 ubuntu vm. While I got results for 155 CVEs (QoD>0% → 493 CVEs), none of them were documented while the documented CVEs were not listed in my results.
Does anyone know something I can use that will give me usable results?
Ah yea, that wasn’t very clear. The Metasploitable-Docs list CVEs of Vulnerabilities they have built in. None of them are listed in my report. Tons of others so.
The last time i tried Metasploitable 3 various vulnerable applications didn’t got installed correctly during the build process due to e.g. dead links for downloading and installing the vulnerable software. Not sure if this has changed in the meantime.
Some additional things to consider:
AFAIK the Windows based installation doesn’t share the same vulnerabilities with the Linux/Ubuntu one so this needs to be considered when reviewing the scan results
Some of the services might run on unusual high ports which could be missing in the port list assigned to the scan target