webdojo icon indicating copy to clipboard operation
webdojo copied to clipboard

verified publisher icon 0xffsec

Metadata

A learning and testing environment for web application hacking and pentesting.

Web Dōjō
Web Penetration Testing Lab

dōjō [doꜜː(d)ʑoː] : a hall for immersive learning or meditation.

Overview

Web Dōjō is a learning and testing environment for web application hacking and pentesting.

The lab includes a collection of vulnerable applications easy accessible through a landing page.

Available Applications

Quick Start

curl -sSL git.io/webdojo-install | bash

Manual Installation

The lab can be deployed either with Vagrant on its own VM or on any machine running Docker.

Clone and browse the repository:

git clone https://github.com/0xffsec/webdojo.git
cd webdojo

Wizard

./install.sh

Using Vagrant (preferred)

Requirements: Vagrant and VirtualBox.

vagrant up

:martial_arts_uniform: Done!
The dojo will be available at http://10.0.0.3

Using Docker Compose

Requirements: Docker.

docker-compose up -d

:martial_arts_uniform: Done!
The dojo will be available at http://127.0.0.1

The Dojo

The dojo is a web application that serves as a menu for the available apps.

VirtualBox Network

When using Vagrant, the installation creates a Host-Only Network with address 10.0.0.1/24 and DHCP disabled. The VM is attached to the network with the static IP 10.0.0.3.

$ vboxmanage list hostonlyifs

Name:            vboxnet3
GUID:            786f6276-656e-4474-8000-0a0027000004
DHCP:            Disabled
IPAddress:       10.0.0.1
NetworkMask:     255.255.255.0
…

If your pentesting machine lives in a different VM, add a new adaptor to it and attach it to the newly created network.

The IP has to be manually set inside the VM.

VirtualBox Network Dialog

Other Considerations

Why Docker Compose

Containers were initially built and started by iterating through a YAML file. Docker Compose removes complexity from the provisioner while adding flexibility to the deployment. This modularization allows not only to deploy on a VM but on any system running Docker.

Contributing

Contributions are welcome, and they are greatly appreciated! Every little bit helps, and credit will always be given.

The best way to send feedback is to file an issue at https://github.com/0xffsec/webdojo/issues

Metadata

22
Stars
5
Forks
Watchers

Owner

verified publisher icon 0xffsec

Metadata

A learning and testing environment for web application hacking and pentesting.

Back