Fast and easy script to manage pentesting training apps
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Local PentestLab Management Script

Bash script to manage web apps using docker and hosts aliases.
Made for Kali linux, but should work fine with pretty much any linux distro.

Current available webapps

  • bWAPP
  • WebGoat 7.1
  • WebGoat 8.0
  • Damn Vulnerable Web App
  • Mutillidae II
  • OWASP Juice Shop
  • WPScan Vulnerable Wordpress
  • OpenDNS Security Ninjas

Get started

Clone repo and use the script as described below

git clone
cd pentestlab

# If you have not installed docker on your x64 Kali system
# you can run this script (tested as of Jul 2018)
# Note: I always add a regular user and login with it 
#       before actually using kali, so sudo is added in all scripts

# Then run
./ start bwapp
# ... to download bwapp docker image and map it onto localhost at http://bwapp

# Print a complete list of available projects use the list command
./ list 

# Running just the script will print help info


Usage: ./ {list|status|info|start|stop} [projectname]

 This scripts uses docker and hosts alias to make web apps available on localhost"

./ list
   List all available projects  
./ status
   Show status for all projects  
./ start bwapp
   Start docker container with bwapp and make it available on localhost  

./ stop bwapp
   Stop docker container

./ info bwapp
   Show information about bwapp project

Dockerfiles from

DVWA - Ryan Dewhurst (vulnerables/web-dvwa)
Mutillidae II - Nikolay Golub (citizenstig/nowasp)
bWapp - Rory McCune (raesene/bwapp)
Webgoat(s) - OWASP Project
Juice Shop - Bjoern Kimminich (bkimminich/juice-shop) Vulnerable Wordpress - WPScan Team Security Ninjas - OpenDNS Security Ninjas