To be a Web Penetration tester, you must have to practice your hacking skill with web applications.
But, there is a problem, you can’t practice your skills with none other websites. So the requirement is your own web application like bwapp. Webgoat, DVWA, Altoro, and many more.
Download & Install PentestLab
Bash script to manage web apps using docker and host aliases.
Made for Kali Linux, but should work fine with pretty much any Linux distro.
Made for Kali Linux, but should work fine with pretty much any Linux distro.
Currently available web apps
- bWAPP
- WebGoat 7.1
- WebGoat 8.0
- Damn Vulnerable Web App
- Mutillidae II
- OWASP Juice Shop
- WPScan Vulnerable WordPress
- OpenDNS Security Ninjas
- Altro Mutual
- Vulnerable GraphQL API
Get started
1) Fire up your Kali Linux and open the terminal.
2) Clone this repo, or download it.
|
3) Install docker
The provided docker install script is no longer needed. On Kali 2020 you can install docker using apt, like this:sudo apt install docker.io |
For any other distro, use the preferred way to install docker.
4) Command to manage PentestLab
For Help:
Now you can start and stop one or more of these apps on your system. As an example, to start Altoro Mutual just run this command:
|
./pentestlab.sh start
altoro |
This will download the docker, add Altoro Mutual to the hosts' file, and run the docker mapped to one of the localhost IPs. That means you can just point your browser to http://altoro and it will be up and running.
