This is a docker image containing OWASP bWAPP

OWASP21-PG is a practical lab that equips enthusiasts, developers & students with skills to identify/prevent web vulnerabilities, particularly in the OWASP Top 10 for 2021. Based on bWAPP, it offers a comprehensive practical lab covering all categories in the OWASP Top 10.

Based on bWAPP OWASP project

OWASP Top 10 lists critical web app vulnerabilities: Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Outdated Components, Authentication Failures, Integrity Failures, Logging Issues, SSRF. Test in bWAPP.

Local PentestLab Management Script Bash script to manage web apps using docker and hosts aliases. Made for Kali linux, but should work fine with pretty much any linux distro. Current available webapps bWAPP WebGoat 7.1 WebGoat 8.0 Damn Vulnerable Web App Mutillidae II OWASP Juice Shop WPScan Vulnerable Wordpress OpenDNS Security Ninjas Altoro Mutual Vulnerable GraphQL API Get started Using any of these apps can be done in 3 quick and simple steps. 1) Clone the repo Clone this repo, or download it any way you prefer git clone https://github.com/suvz007/pentestlab.git cd pentestlab 2) Install docker sudo apt install docker.io 3) Start an app on localhost Now you can start and stop one or more of these apps on your system. As an example, to start bWAPP just run this command ./pentestlab.sh start bwapp This will download the docker, add bwapp to hosts file and run the docker mapped to one of the localhost IPs. That means you can just point your browser to http://bwapp and it will be up and running. 4) Start an app and expose it from machine Use the startpublic command to bind the app to your IP ./pentestlab.sh startpublic bwapp If you have multiple interfaces and/or IPs, or you need to expose the app on a different port specify it like this ./pentestlab.sh startpublic bwapp 192.168.1.105 8080 IP needs to be an IP on the machine and port in this example is 8080 You can only have one app exposed on any given port. If you need to expose more than one app, you need to use different ports. 5) Stopp any app To stop any app use the stop command ./pentestlab.sh stop bwapp Print a complete list of available projects use the list command ./pentestlab.sh list Running just the script will print help info ./pentestlabs.sh Usage Usage: ./pentestlab.sh {list|status|info|start|startpublic|stop} [projectname] This scripts uses docker and hosts alias to make web apps available on localhost" Ex. ./pentestlab.sh list List all available projects ./pentestlab.sh status Show status for all projects ./pentestlab.sh start bwapp Start docker container with bwapp and make it available on localhost ./pentestlab.sh startpublic bwapp Start docker container with bwapp and make it available on machine IP ./pentestlab.sh stop bwapp Stop docker container ./pentestlab.sh info bwapp Show information about bwapp project Dockerfiles from DVWA - Ryan Dewhurst (vulnerables/web-dvwa) Mutillidae II - OWASP Project (citizenstig/nowasp) bWapp - Rory McCune (raesene/bwapp) Webgoat(s) - OWASP Project Juice Shop - OWASP Project (bkimminich/juice-shop) Vulnerable Wordpress - github.com/wpscanteam/VulnerableWordpress Security Ninjas - OpenDNS Security Ninjas Altoro Mutual - github.com/hclproducts/altoroj Vulnerable GraphQL API - Carve Systems LLC (carvesystems/vulnerable-graphql-api) github references means the docker is custom created and hosted in dockerhub. Troubleshoot / FAQ I can't connect to the application I just stared, what is wrong? Make sure you are using HTTP not HTTPS Try using the IP address instead of the name (to see if the issue is with host file or docker) If you are still not able to connect then follow the steps below to create a ticket I still cannot make it work, how do I create an issue to get help? Do these steps and record ouput (image, copy paste from screen, whatever works for you) Stop the application first (to clean up some configuration that are done during start) Start the application again Run this command to get information about running dockers sudo docker ps Try to access the application using the IP address

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific issue... bWAPP is covering a wide range of vulnerabilities!

Ce laboratoire de pentest local utilise Docker Compose pour lancer : - Kali Linux (avec outils pentest) - DVWA (Damn Vulnerable Web App) - OWASP Juice Shop - bWAPP (buggy Web App)

OWASP bWAPP Docker

No description available

No description available

No description available

Exploitation of OWASP top 10 vulnerablities on BWAPP.

Hands-on web application security testing labs using bWAPP (OWASP TOP 10)

Comprehensive Web Penetration Testing project focusing on OWASP Top 10 vulnerabilities. Targets: vulnweb, bWAPP, DVWA.

Web Penetration Testing with OWASP ZAP & bWAPP – This project demonstrates how to identify and exploit SQL Injection (SQLi) and Cross-Site Scripting (XSS) vulnerabilities using OWASP ZAP in a Dockerized bWAPP environment. It includes a step-by-step setup, test methodology, findings, and remediation strategies.

A dynamic, modular tool to scan and visualize OWASP Top 10 vulnerabilities using custom Python scripts. Built for testing vulnerable apps like DVWA, bWAPP, or OWASP Juice Shop.

🕵️ Identified OWASP Top 10 vulnerabilities in bWAPP and Juice Shop using Burp Suite and manual testing. Included full pentest report with remediation.

A complete hands-on lab setup for practicing OWASP Web Application Security Top 10 vulnerabilities using DVWA and bWAPP on Kali Linux with Docker.

Hands-on cybersecurity project performing web application vulnerability assessment using DVWA, OWASP Juice Shop, and bWAPP. Identifies SQLi, XSS, CSRF, and other flaws, maps them to OWASP Top 10, and provides risk ratings, screenshots, and remediation steps with professional reports.

Hands-on cybersecurity project performing web application vulnerability assessment using DVWA, OWASP Juice Shop, and bWAPP. Identifies SQLi, XSS, CSRF, and other flaws, maps them to OWASP Top 10, and provides risk ratings, screenshots, and remediation steps with professional reports.

A hands-on repository showcasing my web application penetration testing work using platforms like DVWA, bWAPP, and OWASP Juice Shop. Includes exploits, remediation suggestions, and detailed Burp Suite workflows.

Hands-on cybersecurity project performing web application vulnerability assessment using DVWA, OWASP Juice Shop, and bWAPP. Identifies SQLi, XSS, CSRF, and other flaws, maps them to OWASP Top 10, and provides risk ratings, screenshots, and remediation steps with professional reports.

This repo documents my Cyber Security Task 1 internship project with Future Interns. It covers web app security testing on DVWA, Juice Shop, and bWAPP using tools like Burp Suite & OWASP ZAP. Includes scans, screenshots, and a security report mapped to OWASP Top 10 with fixes and mitigation steps.

This project documents a comprehensive web penetration test conducted on bWAPP, DVWA, and Artist VulnHub. It covers reconnaissance, vulnerability assessment, exploitation, privilege escalation, and reporting, demonstrating real-world attack scenarios mapped to OWASP Top 10 with mitigations.

This project focuses on web application penetration testing by identifying, analyzing, and documenting vulnerabilities in intentionally vulnerable platforms such as DVWA, bWAPP, and Vulhub. It demonstrates practical exploitation of OWASP Top 10 issues, along with security testing methods and suggested mitigations

This folder contains detailed walkthroughs of intentionally vulnerable web applications such as DVWA, BWAPP, and OWASP Juice Shop. Each write-up demonstrates how specific vulnerabilities (like SQLi, XSS, CSRF, IDOR, and Broken Authentication) were identified, exploited, and mitigated, with payloads .