Metasploitable3 is a Windows Server 2008 VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with Metasploit. Not every type of vulnerability on Metasploitable3 can be exploited with a single module from Metasploit, but some can. Also, by default, the image is configured to make use of some mitigations from Windows, such as different permission settings and a firewall.

Latest version of that reverse proxy bypass scanner module I was working on: http://t.co/Czc29OSo Now with vprint_debug! #metasploit