﷽
Pentesting, short for penetration testing, is a crucial aspect of cybersecurity. To enhance our pentesting skills, having a robust lab environment is essential. Alhamdulillah in this blog post we shared a compiled system (Virtual Box Based) equiped with a collection of Docker images that make it easy to set up a diverse and comprehensive Pentesting Lab.
Exploitables Server :
https://drive.google.com/file/d/1WX-p27ZdHGO3HkYE8n3J3v0rcc-6mDYX/view?usp=sharing
What is in the system image :
1. OWASP Juice Shop :
- Repository: bkimminich/juice-shop
- Tag: latest
- Image ID: 402fefa2b068
The OWASP Juice Shop is a modern and feature-rich web application
designed for security training, awareness demos, and CTFs (Capture The
Flag). It's an excellent resource for honing your skills in finding and
exploiting security vulnerabilities.
2. WebGoat :
- Repository: webgoat/webgoat
- Tag: latest
- Image ID: bde451613ef3
WebGoat is a deliberately insecure web application maintained by OWASP. It's designed to teach web application security lessons and provides a safe environment to practice and learn various attack techniques.
3. DVWA (Damn Vulnerable Web Application) Docker :
- Repository: kaakaww/dvwa-docker
- Tag: latest
- Image ID: 5e2ed17dc0be
DVWA is another intentionally vulnerable web application that is great for hands-on learning. It includes various security vulnerabilities, making it an ideal target for practicing different types of attacks.
4. NOWASP (Mutillidae) Docker :
- Repository: citizenstig/nowasp
- Tag: latest
- Image ID: 82e745ffc9fc
NOWASP (Mutillidae) is a free, open-source web application providing a vulnerable test bed for security enthusiasts. It's specifically designed to be exploitable, allowing users to learn and practice a wide range of web application security skills.
5. Security Ninjas Docker Image :
- Repository: opendns/security-ninjas
- Tag: latest
- Image ID: d5c4b15385a3
The Security Ninjas Docker image provides a lightweight platform for training on secure coding and application security. It includes a variety of tools and challenges to help you enhance your secure coding practices.
How to Start :
1. Download the .ova file to local storage.
2. Make sure Virtual box is installed on your system (https://www.virtualbox.org/wiki/Downloads)
3. Simply double click or import the .ova file.
4. Once system import success, run the VM.
5. System will startup and acquire IP from DHCP.
6. Check system IP which is displayed in the login screen.
7. Browse to displayed IP.
8. Then, shall we start learning ? for learning tool we use ZAP / Zed Attack Proxy.
*** Updating SSH Bruteforce server 25th January 2024, possible break in using password list available in the internet.
Barakallahu fiikum.
No comments:
Post a Comment