Bash script to manage web apps using docker and hosts aliases.
Made for Kali linux, but should work fine with pretty much any linux distro.
- bWAPP
- WebGoat 7.1
- WebGoat 8.0
- Damn Vulnerable Web App
- Mutillidae II
- OWASP Juice Shop
- WPScan Vulnerable Wordpress
- OpenDNS Security Ninjas
- Altoro Mutual
Using any of these apps can be done in 3 quick and simple steps.
Clone this repo, or download it any way you prefer
git clone https://github.com/hoangthanhnguyen/pentestlab.git
cd pentestlab
For Kali x64 you can use this script (included in the repo).
./install_docker_kali_x64.sh
For any other distro, use the prefered way to install docker.
Now you can start and stop one or more of these apps on your system. As an example, to start bWAPP just run this command
./pentestlab.sh start bwapp
This will download the docker, add bwapp to hosts file and run the docker mapped to one of the localhost IPs. That means you can just point your browser to http://bwapp and it will be up and running.
./pentestlab.sh list
./pentestlabs.sh
Usage: ./pentestlab.sh {list|status|info|start|stop} [projectname]
This scripts uses docker and hosts alias to make web apps available on localhost"
Ex.
./pentestlab.sh list
List all available projects
./pentestlab.sh status
Show status for all projects
./pentestlab.sh start bwapp
Start docker container with bwapp and make it available on localhost
./pentestlab.sh stop bwapp
Stop docker container
./pentestlab.sh info bwapp
Show information about bwapp project
DVWA - Ryan Dewhurst (vulnerables/web-dvwa)
Mutillidae II - OWASP Project (citizenstig/nowasp)
bWapp - Rory McCune (raesene/bwapp)
Webgoat(s) - OWASP Project
Juice Shop - OWASP Project (bkimminich/juice-shop)
Vulnerable Wordpress - github.com/wpscanteam/VulnerableWordpress
Security Ninjas - OpenDNS Security Ninjas
Altoro Mutual - github.com/hclproducts/altoroj
github references means the docker is custom created and hosted in dockerhub.