Hey Folks, In this tutorial we will learn how we can configure the vulnerable web application on docker. As we know that docker gives us the ability to run multiple containers simultaneously on a given host and even we can run containers within host machines that are actually virtual machines. So with the help of this great technology we will install our vulnerable web application for testing purposes.
Lets do it π !!
First we have to download the docker on our terminal which are quite simple just we need to execute the below command and it will be automatically downloaded.
apt-get install docker.ioWe need to execute the following command to start the docker service.
systemctl enable docker
systemctl start dockerNow the docker is successfully configured on the web server and now we can host our web applicaitons.
WebGoat and WebWolf both are insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components.
We need to download it from the github page in which we will get the docker configuration file and we will be able to host it on the docker.
git clone https://github.com/WebGoat/WebGoat.gitThe downloaded directory contains the configuration file to which we will go. Now we only need to execute the last command which will automatically host this vulnerable web application on the web server.
Usage π docker run -p < Any Port >:8080 -p < Any Port >:9090 -e Image
cd WebGoat/
docker run -p 8080:8080 -p 9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolfNext step to browse the following location and click on βregister new userβ option.
http://127.0.0.1:8080/WebGoatWe can set user and password as required.
Thats it π here you can see that our first vulnerable web application is successfully hosted on the docker.
After Browse the following location you will get your WebWolf vulnerable web application.
http://127.0.0.1:9090/WebWolfWithout much effort, we have successfully hosted our first vulnerable web application on Docker.
Juice Shop is written in Node.js, Express and Angular. It was the first application written entirely in JavaScript listed in the OWASP XVWA Directory. The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities.
Source : OWASP
For this project we do not need to put a lot of effort as the docker provides this service to download the terminal to the project. Now we will execute the βpullβ command which will automatically download the dockerβs image.
docker pull bkimminich/juice-shopAfter executing the above command we will host it on the docker using the following command.
docker run --rm -p 3000:3000 bkimminich/juice-shopThis will take some time and after doing this you can use the following URL to see your juicy web application.
http://localhost:3000bWAPP is a vulnerable web application which is a free and open source. bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. prepares one to conduct successful penetration testing and ethical hacking projects.
We have to download the following image by using the pull command.
docker pull raesene/bwappJust host the web application on port 80 by using the following command.
docker run --rm -p 80:80 raesene/bwappNow we will open the given link in which we have to click on highlighted hyperlink that will establish mysql database.
http://localhost/install.phpAfter doing all this we can login into the web application by using the bee and bug credentials.
Here you can see that we have successfully hosted it and now we can start out penetration testing.
DVWA is an vulnerable web application which coded in PHP/MYSQL. Seriously it is too vulnerable. With the help of this application ethical hackers can test their skills and run this tools in a legal environment. The aim of DVWA is to practice most common web vulnerability, which contains different types of level.
Now we will execute the following command and it will download the DVWA image from the docker hub.
docker pull vulnerables/web-dvwaKeep in mind it may be give you error of bind address hence you can use the different port number in your case. But anyway just execute the following command.
docker run --rm -p 80:80 vulnerables/web-dvwaBrowse the following location and you will find the login page where you have to enter admin and password in the input field to login to the web application.
http://localhost/setup.phpClick on reset database and after that it will give us location of login in which we have to click.
Thats it π Again we have successfully configured our web application.
Mutillidae is a another pen source web application provided to perform pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making It easy to install, only we need to configure the linux, apache, mysql and php on web server.
docker pull citizenstig/nowaspExecute the following command pull command which will automatically download Docker images from a registry.
docker run -d -p 82:80 citizenstig/nowaspWe need to open the following location on our browser where the web application is hosted. Then we will click on the βopt-outβ option which will appear at the end of the page.
http://localhost:82Congratulations π ! our vulnerable web application is successfully configured on the docker.
SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios. It is an open source that is hosted on github page and especially designed to learn sql injection.
Like every time, this time also we will execute the pull command to download this project from the docker hub.
docker pull acgpiano/sqli-labs:latestNow we will run the following command that will help us to host our web application without much effort.
docker run -d -p 83:80 acgpiano/sqli-labs:latestAgain open the given URL on browser and now we donot need to do more thing.
http://localhost:83XVWA is an another vulnerable web application written in PHP/MySQL that helps security enthusiasts to learn application security. XVWA is designed to understand following security issues and with the help of this vulnerable application we can enhance our penetration testing skills.
We will first download it as Github page and then we need to go inside the directory of the tool where we will get the docker file. After receiving it, I think you already know what our next step is π ! just execute the following command.
git clone https://github.com/tuxotron/xvwa_lamp_container.git
cd xvwa_lamp_container/
sudo docker run --name xvwa -d -p 84:80 tuxotron/xvwaThis configuration is quite easy from all web applications as we do not need to do much, just browse the following location and start testing.
http://localhost:84/xvwa/After configured all the vulnerable web application we can see all the location of the web application by using the βpsβ command.
docker psDone π If we want to check how many images we have on our docker then we can use the following command.
docker imagesA keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
The gau (Get All URLs) tool is a versatile open-source utility that collects URLs from…
Jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic…
Hey Folks :) !! In this tutorial, we will describe some of the techniques commonly…
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
This website uses cookies.