Bash script to manage web apps using docker and hosts aliases.
Made for Kali linux, but should work fine with pretty much any debian linux distro.
- WebGoat 7.1
- WebGoat 8.0
- NodeGoat 1.3
- Damn Vulnerable Web App
- Mutillidae II
- OWASP Juice Shop
- WPScan Vulnerable Wordpress
- OpenDNS Security Ninjas
Clone repo and use the script as described below
git clone
cd pentestlab
# If you have not installed docker on your x64 Kali system
# you can run this script (tested as of Jul 2019)
# Note: I always add a regular user and login with it
# before actually using kali, so sudo is added in all scripts
# Then run
./ start bwapp
# ... to download bwapp docker image and map it onto localhost at http://bwapp
# Print a complete list of available projects use the list command
./ list
# Running just the script will print help info
Usage: ./ {list|status|info|start|stop} [projectname]
This scripts uses docker and hosts alias to make web apps available on localhost"
./ list
List all available projects
./ status
Show status for all projects
./ start bwapp
Start docker container with bwapp and make it available on localhost
./ stop bwapp
Stop docker container
./ info bwapp
Show information about bwapp project
DVWA - Ryan Dewhurst (vulnerables/web-dvwa)
Mutillidae II - Nikolay Golub (citizenstig/nowasp)
bWapp - Rory McCune (raesene/bwapp)
WebGoat7 - OWASP Project (webgoat/webgoat-7.1)
WebGoat8 - OWASP Project (webgoat/webgoat-8.0)
NodeGoat - Brian Huang (brianhuangyl/nodegoat)
Juice Shop - Bjoern Kimminich (bkimminich/juice-shop)
Vulnerable Wordpress - Jayson Grace (l505/vulnerablewordpress)
Security Ninjas - OpenDNS Security Ninjas