Hi | Welcome | Web Pentetsing in KALI LINUX with DOCKER #Pprasoon
Today, we will create Web Application Penteting lab on Kali Linux with the help of Docker.
Following can be used in VMWare player / Workstation | Virtual box
Follow the the steps show in video and below are the commands to be used
Step 1:
Installation of Docker in Kali linux
Commands: (Here scerets are revealed)
> sudo curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
> sudo echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' | sudo tee /etc/apt/sources.list.d/docker.list
> sudo apt-get update
> sudo apt-get install docker-ce (for fresh installation)
> sudo systemctl start docker
> sudo systemctl enable docker
> sudo docker --version
Step 2:
Installing OWASP Broken Web Applications like
bWAPP
WebGoat 7.1
WebGoat 8.0
Damn Vulnerable Web App
Mutillidae II
OWASP Juice Shop
WPScan Vulnerable Wordpress
OpenDNS Security Ninjas
Altoro Mutual
Commands: (Here scerets are revealed)
> su (to change user to root)
> git clone https://github.com/eystsen/pentestlab.git
> cd pentestlab
> ./pentestLab.sh --help
> ./pentestlab.sh list
> ./pentestlab.sh start bwapp
First check image (Broken Web application running with help of docker)
Commands: (Here scerets are revealed)
> sudo docker ps
> Copy the IP & port and paste in browser
Running the above images in Kali with the help of docker (second method).
For Accessing the Broken Web applications outside the Kali Linux on host machine.
Commands: (Here scerets are revealed)
> sudo docker images
> sudo docker run --name bwapp -d -p <yourip>:80:80 raesene/bwapp
> sudo docker ps
To stop any above process
> sudo docker stop "name"
PLEASE STOP YOUR ANITVIRS BEFORE CHECKING ON HOST (if required)
Configuration of BurpSuite in Firefox to Intercept the Request and Response
> We will install foxyproxy addon
Happy Hacking !!!!
Pprasoon
#docker #kalilinux #Webpentesting #lab #virtualbox
0 comments:
Post a Comment