WebSploit Labs is a learning environment created by Omar Santos for different Cybersecurity Ethical Hacking, Bug Hunting, Incident Response, Digital Forensics, and Threat Hunting training sessions. WebSploit Labs includes several intentionally vulnerable applications running in Docker containers on top of Kali Linux or Parrot Security OS, several additional tools, and over 9,000 cybersecurity resources.
WebSploit Labs has been used by many colleges and universities in different countries. It comes with over 500 distinct exercises!
After you have installed Kali Linux, run the following command from a terminal window to setup your environment:
curl -sSL https://websploit.org/install.sh | sudo bash
This command will install all the tools, Docker, the intentionally vulnerable containers, and numerous cybersecurity resources.
Note:
WebSploit Labs is not supported in Apple M1/M2 Macs due to compatibility issues with hypervisors and Docker.
You can verify the install.sh script SHA-512 checksum here.
Docker is NOT configured to start at boot time.
This is to avoid for the vulnerable applications to be exposed by default. To start the Docker service and automatically start the containers use:
service docker start
To obtain the status of each docker container use the following command:
sudo docker ps
WebSploit Labs Architecture
To upgrade the WebSploit Labs vulnerable containers download and run the upgrade.sh script from the command line using the following commands: