dōjō [doꜜː(d)ʑoː] : a hall for immersive learning or meditation.
Web Dōjō is a learning and testing environment for web application hacking and pentesting.
The lab includes a collection of vulnerable applications easy accessible through a landing page.
curl -sSL git.io/webdojo-install | bash
The lab can be deployed either with Vagrant on its own VM or on any machine running Docker.
Clone and browse the repository:
git clone https://github.com/0xffsec/webdojo.git
cd webdojo
./install.sh
Requirements: Vagrant and VirtualBox.
vagrant up
🥋 Done!
The dojo will be available at http://10.0.0.3
Requirements: Docker.
docker-compose up -d
🥋 Done!
The dojo will be available at http://127.0.0.1
The dojo is a web application that serves as a menu for the available apps.
When using Vagrant,
the installation creates a Host-Only Network with address 10.0.0.1/24
and DHCP disabled.
The VM is attached to the network with the static IP 10.0.0.3
.
$ vboxmanage list hostonlyifs
Name: vboxnet3
GUID: 786f6276-656e-4474-8000-0a0027000004
DHCP: Disabled
IPAddress: 10.0.0.1
NetworkMask: 255.255.255.0
…
If your pentesting machine lives in a different VM, add a new adaptor to it and attach it to the newly created network.
The IP has to be manually set inside the VM.
Containers were initially built and started by iterating through a YAML file. Docker Compose removes complexity from the provisioner while adding flexibility to the deployment. This modularization allows not only to deploy on a VM but on any system running Docker.
Contributions are welcome, and they are greatly appreciated! Every little bit helps, and credit will always be given.
The best way to send feedback is to file an issue at https://github.com/0xffsec/webdojo/issues