Inspiration comes from: https://github.com/eystsen/pentestlab.
Working and tested on Ubuntu 2x, Kali and WSL.
- bWAPP
- WebGoat 7.1
- WebGoat 8.0
- WebGoat 8.1
- Damn Vulnerable Web App
- Mutillidae II
- OWASP Juice Shop
- WPScan Vulnerable Wordpress
- OpenDNS Security Ninjas
- Altoro Mutual
- Vulnerable GraphQL API
- Java Vulnerable Lab (Fixed 20240913)
- Web for Pentester I (New 20230918)
- Audi - 1 SQLI labs (New 20231215)
- OxNinja SQLi-Lab (New 20231217)
- OWASP Bricks (New 20240417)
- NoSqli Lab (New 20240418)
- Vulnado (New 20240418)
- SSRF-LAB (New 20240418)
- Damn Vulnerable RESTaurant (New 20240418)
- BTS PenTesting Lab (New 20240419)
- exploit.co.il (New 20240419)
- RedTiger's Hackit (New 20231224)
- PortSwigger SQLi Labs (New 20231224)
- Hacksplanning SQLi Lab (New 20231224)
- Synk Learn (New 20231224)
- Try Hack Me SQLi Lab (New 20231225)
- Kontra SQLi Lab (New 20231225)
- TryHackMe (New 20240315)
- HackTheBox (New 20240315)
- VulnHub (New 20240316)
- Burp Web Security Academy (New 20240316)
- CTFTime (New 20240316)
- HackMyVM (New 20240418)
- Vuln Lab (New 20240418)
- BlueTeam Lab (New 20240418)
- Pentester II (New 20240419)
Clone this repo, or download it any way you prefer
git clone https://github.com/TiiZss/BreakingLab.git
cd BreakingLab
chmod +x breakinglab.sh
If you want to install Docker in your Windows, please follow this guide: https://docs.docker.com/desktop/install/windows-install/
If you want to install Docker in your Mac, please follow this guide: https://docs.docker.com/desktop/install/mac-install/
This script is prepared to install Docker in Kali: https://www.kali.org/docs/containers/installing-docker-on-kali/
sudo apt install -y docker.io docker-compose
sudo systemctl enable docker --now
sudo usermod -aG docker $USER
docker
For any other distro, use the prefered way to install docker. Here you have how to install Docker Desktop on linux: https://docs.docker.com/desktop/install/linux-install/
You can use the sccript with parameters or with menu.
./breakinglab.sh
Now you can start and stop one or more of these apps on your system. As an example, to start the app w4p just run this command
./breakinglab.sh start w4p
This will download the docker, add w4p to hosts file and run the docker mapped to one of the localhost IPs. That means you can just point your browser to http://w4p and it will be up and running.
Use the startpublic command to bind the app to your IP
./breakinglab.sh startpublic w4p
If you have multiple interfaces and/or IPs, or you need to expose the app on a different port specify it like this
./breakinglab.sh startpublic w4p 192.168.1.218 8080
IP needs to be an IP on the machine and port in this example is 8080
You can only have one app exposed on any given port. If you need to expose more than one app, you need to use different ports.
To stop any app use the stop command. For example for stor w4p app
./breakinglab.sh stop w4p
./breakinglab.sh
Usage: ./breakinglab.sh {list|status|info|start|startpublic|stop|online} [projectname]
This scripts uses docker and hosts alias to make web apps available on localhost"
Ex.
./breakinglab.sh list
List all available projects
./breakinglab.sh status
Show status for all docker projects
./breakinglab.sh start w4p
Start docker container with w4p and make it available on localhost
./breakinglab.sh startpublic w4p
Start docker container with w4p and make it available on machine IP
./breakinglab.sh stop w4p
Stop docker w4p container
./breakinglab.sh info w4p
Show information about w4p project
./breakinglab.sh online w4p
Start w4p online webapp
- DVWA - Ryan Dewhurst (vulnerables/web-dvwa)
- Mutillidae II - OWASP Project (citizenstig/nowasp)
- bWapp - Rory McCune (raesene/bwapp)
- Webgoat(s) - OWASP Project 7, 8 & 8.1
- Juice Shop - OWASP Project (bkimminich/juice-shop)
- Vulnerable Wordpress - github.com/wpscanteam/VulnerableWordpress
- Security Ninjas - OpenDNS Security Ninjas
- Altoro Mutual - github.com/hclproducts/altoroj
- Vulnerable GraphQL API - Carve Systems LLC (carvesystems/vulnerable-graphql-api)
- Java Vulnerable Lab - Java Vulnerable Lab CSPF-Founder
- Web For Pentester I - PentesterLab Web For Pentester I (tiizss/webforpentester)
- Audi 1 SQLi Lab - SQLI labs to test error based, Blind boolean based, Time based. (c0ny1/sqli-labs)
- OxNinja SQLi-Lab - OxNinja SQLI labs (tiizss/oxninja-sqlilab)
- OWASP Bricks - OWASP Bricks (citizenstig/owaspbricks)
- Digininja NoSqli Lab - Digininja NoSqli Lab
- Vulnado - Intentionally Vulnerable Java Application
- SSRF-LAB - SSRF-LAB
- Damn RESTaurant - Damn Vulnerable RESTaurant
- BTS LAB - BTS PenTesting Lab
- exploit.co.il - exploit.co.il Vulnerable Web App
github references means the docker is custom created and hosted in dockerhub.
- Make sure you are using HTTP not HTTPS
- Try using the IP address instead of the name (to see if the issue is with host file or docker)
Do these steps and record ouput (image, copy paste from screen, whatever works for you)
- Stop the application first (to clean up some configuration that are done during start)
- Start the application again
- Run this command to get information about running dockers
sudo docker ps
- Try to access the application using the IP address
- Public Start option not working fine
- Not all maquines works equal, some machines only run alone
- JVL docker has a problem, you have to create a "pages" directory into JavaVulnerableLab docker file.
- If you install docker.io in WSL fails starting docker daemon, because is trying to start Windows Docker Descktop.
- Include Drunk Admin Web Hacking Challenge
- Include OWASP Broken Web Applications Project
- Include GameOver
- Include Vulpy - Web Application Security Lab
- Include Damn Vulnerable Web Services
- Include VulHub project
- Include CSPF ASP Vulnerable Lab
- Include CSPF PHP Vulnerable Lab
- Include CSPF Android Vulnerable Lab
Thanks to the following collaborators:
- Cryoox [https://github.com/Cryoox] with 29 collaborations
- Matope1 [https://github.com/matope1] with 1 collaboration