WebSploit Labs

WebSploit Labs is a learning environment created by Omar Santos for different Cybersecurity Ethical Hacking, Bug Hunting, Incident Response, Digital Forensics, and Threat Hunting training sessions. WebSploit Labs includes several intentionally vulnerable applications running in Docker containers on top of Kali Linux or Parrot Security OS, several additional tools, and over 9,000 cybersecurity resources.

WebSploit Labs has been used by many colleges and universities in different countries. It comes with over 500 distinct exercises!

• Access the Hacker GitHub Repository
• Hacking Scenarios
• My Personal Blog (Becoming a Hacker)
• My Cisco Blog Posts

Setting Up Websploit Labs

Setting up WebSploit is extremely easy. It's just two easy steps.

STEP 1: Download Kali or Parrot

Download Kali or Parrot OS (your preference) and install any of those distributions in a VM. Use the hypervisor of your choice (e.g., VirtualBox, VMWare Workstation/Fusion, ESXi, KVM, Proxmox, etc.).

Minimum VM Requirements:

• 8GB RAM
• 2 vCPU
• 50 GB HDD

STEP 2: Run the WebSploit Install Script

After you have installed Kali Linux or Parrot OS, run the following commands from a terminal window inside your VM to setup your environment:

git clone https://github.com/The-Art-of-Hacking/websploit.git
cd websploit
sudo bash install.sh

These commands will install all the tools, Docker, the intentionally vulnerable containers, and numerous cybersecurity resources.

Note about Apple Silicone Macs

WebSploit Labs is NOW supported in Apple Silicone (M1..M4) Macs!

Vulnerable Applications

The following are the intentionally vulnerable applications running in WebSploit Labs.

┌─────────────────────────────────────────────────────────────┐
│           WebSploit Network (10.6.6.0/24)                   │
├─────────────────────────────────────────────────────────────┤
│  OWASP & Classic Vulnerable Applications:                   │
│  ├── webgoat     10.6.6.11                                  │
│  ├── juice-shop  10.6.6.12                                  │
│  └── dvwa        10.6.6.13                                  │
|                                                             │
│  Labs created by Omar Santos:                               │
│  ├── galactic-archives 10.6.6.20                            │
│  ├── gravemind         10.6.6.23                            │
│  ├── y-wing            10.6.6.26                            │
│  ├── hydra-nexus       10.6.6.30                            │
│  ├── phantom-script    10.6.6.31                            │
│  ├── trojan-relay      10.6.6.32                            │
│  ├── sqli-breach       10.6.6.33                            │
│  ├── shell-inject      10.6.6.34                            │
│  ├── maze-walker       10.6.6.35                            │
│  ├── entity-smuggler   10.6.6.36                            │
│  ├── token-tower       10.6.6.40                            │
│  ├── render-reign      10.6.6.41                            │
│  ├── deserial-gate     10.6.6.42                            │
│  ├── redis-rogue       10.6.6.43                            │
│  └── graphql-galaxy    10.6.6.44                            │
└─────────────────────────────────────────────────────────────┘