Stop being a passive reader. Turn real-world Bug Bounty writeups into interactive, local Docker labs.
In web security, the "low-hanging fruit" is gone. Automated scanners have picked the basic vulnerabilities clean. The frontier for modern bug hunters lies in dismantling complex business logic and understanding deep architectural flaws.
Reading writeups gives you knowledge, but building and exploiting them gives you muscle memory.
Active-Writeups bridges this gap by taking high-impact, real-world writeups and reverse-engineering them into fully functional, local, black-box Docker environments.
- Total Labs: 3
- SSRF Labs: 1 🌐
- ATO (Account Takeover) Labs: 2 🔑
Before you start hunting, make sure you have the standard hacker arsenal installed on your host machine:
- Docker & Docker Compose (Desktop or CLI running in background)
- Burp Suite Professional / Community Edition
- Any Terminal / Windows Environment
Each lab is fully automated. To spin up any lab environment:
- Clone the repository:
git clone https://github.com/0xmonesgoda/Active-Writeups.git
cd Active-Writeups Launch the Lab: Navigate into any specific lab folder and execute the pre-configured automation script:
Bash cd Just double-click or run build.bat ➔ Enjoy!
Access the application: Open your browser (preferably Burp's embedded browser) and navigate to http://localhost:8080/.
Read the Local Guide: Inside each lab folder, you will find a micro README.md with hint systems, target goals, and the root cause breakdown.
🤝 Contribution Guide Have you found an amazing writeup and want to turn it into a playable lab? Contributions are highly appreciated!
Fork the Project.
Create your Lab Directory (include the vulnerable code, Dockerfile, build.bat, and compose setup).
Update the main README.md table.
Open a Pull Request.