free site builder


WebSploit is a learning environment created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions. WebSploit includes several intentionally vulnerable applications running in Docker containers on top of Kali Linux, several additional tools, and over 8,000 cybersecurity resources. WebSploit comes with over 400 distinct exercises!

These VMs contains vulnerable software!
DO NOT connect to a production environment and use with caution!!!

Setup WebSploit Labs

Setting up WebSploit is extremely easy.


Download Kali and Install it on a VM

Download Kali Linux and install it on a VM. Use the hypervisor of your choice (e.g., VirtualBox, VMWare Workstation/Fusion, ESXi, Proxmox, etc.). Offensive Security created several .OVA files that you can import in VirtualBox or VMWare.


Run the WebSploit Install Script

After you have installed Kali Linux, run the following command from a terminal window to setup your environment:

curl -sSL | sudo bash

This command will install all the tools, intentionally vulnerable containers, and numerous other resources.

Docker is NOT configured to start at boot time. This is to avoid for the vulnerable applications to be exposed by default. To start the Docker service and automatically start the containers use:

service docker start

To obtain the status of each docker container use the following command:

sudo docker ps 


How to Update the WebSploit Docker Containers

To upgrade websploit download and run the script from the command line using the following commands:

root@websploit# wget
root@websploit# bash

The following video includes a quick demonstration:

Cybersecurity Training

Omar's on-demand and Live cybersecurity training, as well as books and other resources.

Topics include: Ethical hacking (penetration testing); digital forensics and Digital Forensics and Incident Response (DFIR); threat hunting; malware analysis; reverse engineering; and more.

Omar's Cybersecurity GitHub Repository 

Over 8,000 cybersecurity references related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more. 

Stay in Touch with Omar!

© Copyright 2020 Omar Ωr Santos - All Rights Reserved