website templates


WebSploit is a learning environment created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions. WebSploit includes several intentionally vulnerable applications running in Docker containers on top of Kali Linux, several additional tools, and over 7,000 cybersecurity resources. WebSploit comes with over 400 distinct exercises!

These VMs contains vulnerable software!
DO NOT connect to a production environment and use with caution!!!

System Requirements

You can run WebSploit in VirtualBox, VMWare Workstation or Fusion, and many other virtual machine architectures. However, the VM was specifically created and tested in VirtualBox. Subsequently, VirtualBox is recommended. VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use. For a thorough introduction to virtualization and VirtualBox, please refer to the online version of the VirtualBox User Manual’s first chapter.

You have different options to deploy WebSploit...

WebSploit .OVA (full VM)

This is an all-in-one virtual machine built on top of Kali Linux + extra tools + several vulnerable applications running in Docker containers.

This standalone VM designed for you to practice your skills in a safe environment.

>> Download WebSploit Full here.

Install Script

If you already have a pen testing environment like Kali or Parrot Security, you can download and run this script to setup your own WebSploit environment. The script will automatically install Docker and all the underlying containers and tools. For example, after downloading Kali, from the terminal type:

curl -sSL | sudo bash

WebSploit Full Credentials

username: websploit
password: websploit

Docker is NOT configured to start at boot time. This is to avoid for the vulnerable applications to be exposed by default. To start the Docker service and automatically start the containers use:

service docker start

To obtain the status of each docker container use the following command:

sudo docker ps 


How to Update the WebSploit Docker Containers

To upgrade websploit download and run the script from the command line using the following commands:

root@websploit# wget
root@websploit# bash

The following video includes a quick demonstration:

Cybersecurity Training

Omar's on-demand and Live cybersecurity training, as well as books and other resources.

Topics include: Ethical hacking (penetration testing); digital forensics and Digital Forensics and Incident Response (DFIR); threat hunting; malware analysis; reverse engineering; and more.

Omar's Cybersecurity GitHub Repository 

Over 7,000 cybersecurity references related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more. 

Stay in Touch with Omar!

© Copyright 2020 Omar Ωr Santos - All Rights Reserved