In this chapter, we looked at creating a lab environment for penetration testing. As explained, your lab setup will depend solely on the resources available to you, such as CPU, RAM, and HDD space. It's a good idea to experiment with as many different OSes as you can, including Windows, Linux, Mac, Android, and even ARM OSes (available at https://www.vulnhub.com/) to be able to get yourself some experience in a controlled environment where you may legally carry out tests.

If using the Metasploitable server, we recommend that beginners, including professionals with limited time, use the Metasploitable 2 OS as the Metasploitable 3 OS setup is highly complicated—the builds can be built for specific host operating systems.

Users with limited resources can also use smaller vulnerable OSes such as BadStore and DVL which, like Metasploitable 2, come as pre-built servers available in ISO format and are ready to install with only minor setup.

It's recommended to have at least one Windows and one Linux OS for your lab for testing and learning. Up next, we'll look at the various methodologies available for penetration testing.