Setting up a vulnerable application
Before we start exploring various web application scanning features offered by the Metasploit Framework, we need to set up a test application environment in which we can fire our tests. As discussed in the initial chapters, Metasploitable 2 is a Linux distribution that is deliberately made vulnerable. It also contains web applications that are intentionally made vulnerable, and we can leverage this to practice using Metasploit's web scanning modules.
In order to get the vulnerable test application up and running, simply boot into metasploitable 2
;Linux and access it remotely from any of the web browsers, as shown in the following screenshot:
There are two different vulnerable applications that run by default on the metasploitable 2 distribution, Mutillidae and Damn Vulnerable Web Application (DVWA). The vulnerable application can be opened for further tests, as shown in the following screenshot: