Metasploitable 2 Vulnerability Scan Comparison

By | 2012/06/19

For kicks, I performed authenticated vulnerability scans on the latest Metasploitable 2 release. Metasploitable 2 is a customized Ubuntu Linux image that is full of vulnerabilities to be used for pen testing as well as of course used to practice with metasploit.

Scanners used:

openvas 5 (open source)
nessus 5.0.1 (community feed)
nexpose 5.3 (community edition)

Options: all authenticated scans, full / deep / comprehensive scanning options on for each


openvas – 377 vulnerabilities [PDF]
nessus – 265 vulnerabilities [PDF]
nexpose – 143 vulnerabilities [PDF]

Excluding the informational ‘vulnerabilities’, totals are:

openvas – 254 vulnerabilities
nessus – 194 vulnerabilities
nexpose – 143 vulnerabilities

2 September 2012 update:

Here are the results of a nessus scan using Paul’s Full Thorough Scan (slow) policy.

Nessus Total: 384 Vulnerabilities [PDF]

01-nessus-metasploitable 02-openvms-metasploitable