My previous post outlined the necessary steps to install Docker on Kali Linux. Now that Docker is up and running, here’s a few docker images that can be launched to pentest against:
Acme-lock-me-out by Websecurify
Acme-lock-me-out is a login bruteforce demo webapp written in NodeJS and MongoDB.
Aceme-no-login by Websecurify
Acme-no-login is a demo login bypass attack webapp written in NodeJS and MongoDB.
Acme-no-login-ng by Websecurify
Acme-no-login-ng is another demo login bypass attack webapp written in NodeJS and MongoDB.
Security Ninjas AppSec Training by OpenDNS
Security Ninjas AppSec Training is a vulnerable webapp that teaches the OWASP Top 10 vulnerabilities.
Damn Vulnerable Web Application (DVWA)
docker pull citizenstig/dvwa
DVWA is a vulnerable web app written in PHP and MySQL. Vulnerabilities can be exploited with varying degrees of difficulty.
Mutillidae 2 by OWASP
docker pull citizenstig/nowasp
Mutillidae 2 is a vulnerable webapp that teaches the OWASP Top 10 vulnerabilities.
Vulnerable Wordpress by WPScanteam
docker pull wpscanteam/vulnerablewordpress
Vulnerable Wordpress is a vulnerable webapp designed by the creators of WPScan.
Shellshock: Vulnerability As A Service
docker pull hmlio/vaas-cve-2014-6271
This image showcases the Shellshock vulnerability by running a vulnerable Debian distro.
Security Shepherd by OWASP
docker pull ismisepaul/securityshepherd
Security Shepherd teaches webapp and mobile app security principles.
Heartbleed: Vulnerability As A Service
docker pull hmlio/vaas-cve-2014-0160
This image showcases the Heartbleed vulnerability by running a vulnerable Debian distro.
Bricks by OWASP
docker pull citizenstig/owaspbricks
Bricks is a vulnerable webapp written in PHP and MySQL, it’s well documented and has accompanying videos.