Singapore Institute of Technology
VulnGen.pdf (312.04 kB)

VulnGen: Vulnerable Virtual Machine Generator

Download (312.04 kB)
conference contribution
posted on 2024-07-02, 07:29 authored by Wei Herng Ang, Huaqun GuoHuaqun Guo, Eyasu Getahun Chekole

Nowadays, cyberattacks are widespreading worldwide with an increasing intensity and complexity, and thus becoming a critical concern for the community. However, there is still lack of comprehensive, customizable and hands-on training platforms tailored to the needs of emerging penetration testers and cybersecurity education. This paper presents the design and implementation of VulnGen (Vulnerable Virtual Machine Generator), a tool that facilitates a customizable virtual environment for users to practice penetration testing techniques, and concurrently allow them to prepare for examinations for esteemed cybersecurity certifications, such as Offensive Security Certified Professional (OSCP). VulnGen offers a scalable solution that enables the deployment of a virtual machine with varying levels and numbers of vulnerabilities. This paper details the methodology employed in the creation of vulnerable instances, encompassing a range of services including FTP, SMTP, SMB, NFS, POP3, and MySQL. Through extensive background research, requirements were meticulously gathered and incorporated into the development process. The implementation phase involved the utilization of industry-standard tools and techniques, resulting in a robust and user-friendly platform. Test cases were systematically designed to validate the effectiveness and authenticity of the virtual machines generated. Several technical challenges were encountered during the project, including the integration of exploits and misconfiguration scenarios within said services. These challenges were systematically addressed through careful code optimization and testing iterations. In addition, external resources and open-source codebases were leveraged to enhance the authenticity and effectiveness of the vulnerabilities. Notable incidents and challenges faced during the development process were meticulously documented, providing valuable insights for future enhancements. The VulnGen project not only serves as a valuable educational resource but also offers a flexible framework for continuous improvement and expansion. Future plans include the incorporation of additional services, post-exploitation features, and the ability to generate multiple vulnerable virtual machines including the ones with Windows OS.


Journal/Conference/Book title

The 17th IEEE International Conference on Service Operations and Logistics, and Informatics (IEEE SOLI 2023)

Publication date



  • Post-print

Rights statement

© 2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Corresponding author

Huaqun Guo,

Usage metrics


    Ref. manager