WebSploit Labs

WebSploit Labs is a learning environment created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions. WebSploit includes several intentionally vulnerable applications running in Docker containers on top of Kali Linux or Parrot Security OS, several additional tools, and over 8,000 cybersecurity resources. WebSploit comes with over 400 distinct exercises!

These containers contains vulnerable software (not malware). DO NOT connect to a production environment or directly to the Interne; use with caution!!!


Setting up WebSploit is extremely easy. It's just two easy steps.

STEP 1: Download Kali or Parrot

Download Kali or Parrot OS (your preference) and install any of those distributions in a VM. Use the hypervisor of your choice (e.g., VirtualBox, VMWare Workstation/Fusion, ESXi, KVM, Proxmox, etc.).

STEP 2: Run the WebSploit Install Script

After you have installed Kali Linux, run the following command from a terminal window to setup your environment:

curl -sSL https://websploit.org/install.sh | sudo bash

This command will install all the tools, Docker, the intentionally vulnerable containers, and numerous cybersecurity resources.

Docker Service

Docker is NOT configured to start at boot time.
This is to avoid for the vulnerable applications to be exposed by default. To start the Docker service and automatically start the containers use:

service docker start

To obtain the status of each docker container use the following command:

sudo docker ps

WebSploit Labs Architecture

Upgrading WebSploit

To upgrade the WebSploit Labs vulnerable containers download and run the upgrade.sh script from the command line using the following commands:

root@websploit# wget https://websploit.org/update.sh
root@websploit# bash update.sh