Skip to main content

Get practice hacking on your own website

Local PentestLab Management Script

Bash script to manage web apps using docker and hosts aliases.
Made for Kali linux, but should work fine with pretty much any linux distro.

Current available webapps

  • bWAPP
  • WebGoat 7.1
  • WebGoat 8.0
  • Damn Vulnerable Web App
  • Mutillidae II
  • OWASP Juice Shop
  • WPScan Vulnerable Wordpress
  • OpenDNS Security Ninjas
  • Altoro Mutual

Get started

Using any of these apps can be done in 3 quick and simple steps.

1) Clone the repo

Clone this repo, or download it any way you prefer
git clone https://github.com/eystsen/pentestlab.git
cd pentestlab

2) Install docker

The provided docker install script is no longer needed. On Kali 2020 you can install docker using apt, like this:
sudo apt install docker.io
For any other distro, use the prefered way to install docker.

3) Start an app on localhost

Now you can start and stop one or more of these apps on your system. As an example, to start bWAPP just run this command
./pentestlab.sh start bwapp
This will download the docker, add bwapp to hosts file and run the docker mapped to one of the localhost IPs. That means you can just point your browser to http://bwapp and it will be up and running.

4) Start an app and expose it from machine

Use the startpublic command to bind the app to your IP
./pentestlab.sh startpublic bwapp
If you have multiple interfaces and/or IPs, or you need to expose the app on a different port specify it like this
./pentestlab.sh startpublic bwapp 192.168.1.105 8080
IP needs to be an IP on the machine and port in this example is 8080
You can only have one app exposed on any given port. If you need to expose more than one app, you need to use different ports.

5) Stopp any app

To stop any app use the stop command
./pentestlab.sh stop bwapp

Print a complete list of available projects use the list command

./pentestlab.sh list

Running just the script will print help info

./pentestlabs.sh

Usage

Usage: ./pentestlab.sh {list|status|info|start|startpublic|stop} [projectname]

 This scripts uses docker and hosts alias to make web apps available on localhost"

Ex.
./pentestlab.sh list
   List all available projects  

./pentestlab.sh status
   Show status for all projects  

./pentestlab.sh start bwapp
   Start docker container with bwapp and make it available on localhost  

./pentestlab.sh startpublic bwapp
   Start docker container with bwapp and make it available on machine IP 

./pentestlab.sh stop bwapp
   Stop docker container

./pentestlab.sh info bwapp
   Show information about bwapp project

Dockerfiles from

DVWA - Ryan Dewhurst (vulnerables/web-dvwa)
Mutillidae II - OWASP Project (citizenstig/nowasp)
bWapp - Rory McCune (raesene/bwapp)
Webgoat(s) - OWASP Project
Juice Shop - OWASP Project (bkimminich/juice-shop)
Vulnerable Wordpress - github.com/wpscanteam/VulnerableWordpress
Security Ninjas - OpenDNS Security Ninjas
Altoro Mutual - github.com/hclproducts/altoroj
github references means the docker is custom created and hosted in dockerhub.

Comments

Post a Comment

Popular posts from this blog

RouterSploit ..(Exploitation Framework for Embedded Devices)

RouterSploit - Exploitation Framework for Embedded Devices   The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. click here to video It consists of various modules   that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against network services scanners - modules that check if a target is vulnerable to any exploit payloads - modules that are responsible for generating payloads for various architectures and injection points generic - modules that perform generic attacks Installation Requirements Required: future requests paramiko pysnmp pycrypto Optional: bluepy - bluetooth low energy Installation on Kali Linux apt-get install python3-pip git clone https://www.github.com/threat9/routersploit cd routersploit python3 -m pip install -r requirements.txt python3 rsf.py Bluetooth Low Energy suppo...
Post a Comment
Read more

Embed Payload (Exe) into a PDF Documents – EvilPDF

 Hey folks, today we are going to talk about the tool that can easily add malicious payloads within the .PDF extension files and after which you can easily access any system. As we know it is prohibited to execute malicious payloads inside the window defender system, hence we will send our payload through the PDF files.   Environment Kali Linux = Attacker Window 10 = Victim ( Tested On ) Lets take a look 🙂 !! EvilPDF The EvilPDF tool is specifically designed to embed payloads inside PDF files. It is an open source tool hosted on the github page that we will download using the wget command. git clone https://github.com/thelinuxchoice/evilpdf cd evilpdf 1 2 git clone https://github.com/thelinuxchoice/evilpdf cd evilpdf It require some additional features that we can download using the following command. python -m pip install pypdf2 1 python -m pip install pypdf2 Now we can use this tool using the given command. python evilpdf.py 1 python evilpdf.py In the image below you have t...
Post a Comment
Read more

TheFatRat ( make a bypass antivirus create payload )

TheFatRat             A Massive Exploiting Tool TheFatRat  is an exploiting tool which compiles a malware with famous payload, and then the compiled maware can be executed on Linux , Windows , Mac and Android.  TheFatRat  Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus. Features ! Fully Automating MSFvenom & Metasploit. Local or remote listener Generation. Easily Make Backdoor by category Operating System. Generate payloads in Various formats. Bypass anti-virus backdoors. File pumper that you can use for increasing the size of your files. The ability to detect external IP & Interface address . Automatically creates AutoRun files for USB / CDROM exploitation Installation Instructions on how to install  TheFatRat git clone https://github.com/Screetsec/TheFatRat.git cd TheFatRat chmod +x setup.sh && ./setup.sh Update cd TheFatRat ./update && c...
Post a Comment
Read more