Skip to content
/ Metasploitable2_Pentest_46Findings Public

A comprehensive penetration testing report detailing 46 security vulnerabilities discovered during a full-scope assessment of a Metasploitable2 lab environment. Findings include Network Services, Web Applications, Privilege Escalation, and Enumeration vulnerabilities.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MohamedMostafa010/Metasploitable2_Pentest_46Findings

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
docs
docs
 
 
images
images
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Metasploitable 2 Security Assessment – 46 Findings Report

📋 Overview

  • This repository contains a comprehensive penetration testing report conducted against a Metasploitable 2 virtual machine. The assessment was performed in a controlled lab environment to simulate real-world security testing methodologies for a simulated medical organization, LifeWell Medical Group, an imaginative healthcare corporation used as a test case. The testing identified vulnerabilities across multiple attack vectors relevant to healthcare IT infrastructure.
Image 0

🔍 Scope of Assessment

  • The penetration test covered the following areas:
  1. Network Services (NS) – 17 findings
  2. Web Applications (WS) – 22 findings
  3. Privilege Escalation (PES) – 4 findings
  4. Enumeration (ES) – 3 findings
  • Total Findings: 46

📄 Report Preview

Pentest Report Preview

🎯 Target Environment

  • Target System: Metasploitable2 (Linux)
  • IP Address: 192.168.85.148
  • Testing Period: December 10–19, 2025
  • Tools Used: Metasploit, Nmap, Nikto, SQLMap, manual exploitation

🛠️ Key Findings Highlights

  • Critical Vulnerabilities: Remote Code Execution (RCE), backdoor services, default credentials
  • Common Weaknesses: Missing patches, misconfigured services, weak authentication
  • Exploitation Impact: Full system compromise, data leakage, privilege escalation to root

📊 Severity Breakdown

Severity Count
Critical 25
High 12
Medium 6
Low 3
Informational 0

🧪 Testing Methodology

  • The assessment followed a structured approach:
  1. Planning & Reconnaissance
  2. Vulnerability Scanning & Enumeration
  3. Exploitation & Validation
  4. Post-Exploitation & Analysis
  5. Reporting & Remediation Guidance

🛡️ Remediation Focus

  • Patch management and service hardening
  • Strong authentication policies
  • Principle of least privilege (PoLP)
  • Secure configuration baselines
  • Regular security assessments

📜 License & Usage

  • This report is intended for educational and authorized security training purposes only. Unauthorized use against systems without explicit permission is illegal and unethical.

👥 Contributors

  • Mohamed Mostafa Sayed Saber Ali (Team Lead)
  • Mohamed Hany El Kordy
  • Basel Hany Abdallah
  • Mohamed Basem El Sayed
  • Mohamed Mostafa Abd El Baset
  • Youssef Moataz

📬 Contact

  • For questions regarding this assessment, please reach out to the project maintainers or refer to the contact information within the report.

⚠️ Disclaimer

  • This project is part of a security education initiative. All testing was performed in an isolated lab environment.

About

A comprehensive penetration testing report detailing 46 security vulnerabilities discovered during a full-scope assessment of a Metasploitable2 lab environment. Findings include Network Services, Web Applications, Privilege Escalation, and Enumeration vulnerabilities.

Topics

linux security exploit penetration-testing vulnerability pentesting vulnerabilities cve exploitation kali-linux metasploit-framework vulnerability-detection metasploitable kali dvwa ethical-hacking metasploit metasploitable-2 metasploitable2

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository