Skip to content
/ pen-testing Public

Install Script for DVWA, bWAPP and Mutillidae secuirty labs.

License

View license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

E7H31234L/pen-testing

BranchesTags

Repository files navigation

πŸ”’ Penetration Testing Laboratory

A comprehensive collection of secure automation scripts for setting up educational penetration testing laboratories. This repository provides tools for deploying intentionally vulnerable applications in isolated, controlled environments for legitimate security training and research.

Project Board: https://github.com/users/E7H31234L/projects/5

⚠️ CRITICAL SECURITY WARNING

FOR EDUCATIONAL PURPOSES ONLY - NEVER DEPLOY IN PRODUCTION ENVIRONMENTS

This repository contains:

  • 🎯 Intentionally vulnerable applications (DVWA, bWAPP, Mutillidae)
  • πŸ› οΈ Automated LAMP stack installation for lab environments
  • πŸ”§ Secure configuration management for isolated testing
  • πŸ“Š Comprehensive security documentation and guidelines

🚫 PRODUCTION BAN

  • ❌ NEVER deploy these applications on production systems
  • ❌ NEVER expose to public networks without isolation
  • ❌ NEVER use default credentials in real environments

βœ… APPROVED USES

  • βœ… Security education and training
  • βœ… Penetration testing practice
  • βœ… Security research in isolated VMs/containers
  • βœ… Cybersecurity skill development
  • βœ… Ethical hacking certification preparation

πŸ“ Repository Structure

Pen-Testing/
β”œβ”€β”€ πŸ“‹ SECURITY.md                 # Comprehensive security guidelines
β”œβ”€β”€ πŸ”§ Scripts/
β”‚   β”œβ”€β”€ lamp-install-secure.sh       # Secure LAMP stack installation
β”‚   β”œβ”€β”€ database-install-secure.sh   # Vulnerable app deployment  
β”‚   └── uninstall-secure.sh         # Complete environment cleanup
β”œβ”€β”€ 🐳 Docker/                    # Containerized lab environments
β”œβ”€β”€ πŸ“š docs/                      # Additional documentation
β”œβ”€β”€ βš™οΈ config/                     # Configuration templates
└── πŸ” monitoring/                 # Security monitoring tools

πŸš€ Quick Start

Prerequisites

  • System: Ubuntu 20.04+ / Debian 10+
  • Memory: Minimum 4GB RAM (8GB recommended)
  • Storage: Minimum 20GB available space
  • Network: Isolated environment (VM/Container)
  • Privileges: Sudo access without password prompt

Installation

# Clone the repository
git clone https://github.com/E7H31234L/Pen-Testing.git
cd Pen-Testing

# Review security documentation ⚠️
cat SECURITY.md

# Install LAMP stack for penetration testing
./lamp-install-secure.sh

# Deploy vulnerable applications  
./database-install-secure.sh

Access Your Laboratory

Application URL Default Credentials
Lab Dashboard http://your-server-ip/ -
DVWA http://dvwa.local/ admin/password
PHP Info http://your-server-ip/phpinfo.php -

πŸ›‘οΈ Security Features

πŸ”’ Secure Installation Practices

  • βœ… Input validation and sanitization in all scripts
  • βœ… SQL injection prevention with parameterized queries
  • βœ… Secure credential handling with encrypted storage
  • βœ… Comprehensive error handling without information disclosure
  • βœ… Audit logging for all administrative actions

🌐 Network Isolation

# Create isolated network for labs
sudo docker network create --driver bridge --subnet=172.20.0.0/16 pentest-net

# Deploy with network isolation
./database-install-secure.sh --network pentest-net

πŸ” Monitoring and Detection

# Real-time security monitoring
./monitoring/security-monitor.sh --mode production

# Log analysis and alerting  
./monitoring/log-analyzer.sh --alerts-on

πŸ“‹ Available Laboratories

🎯 DVWA (Damn Vulnerable Web Application)

Purpose: Web application security training platform

Vulnerabilities Covered:

  • SQL Injection
  • Cross-Site Scripting (XSS)
  • File Upload Vulnerabilities
  • Authentication Bypass
  • Command Injection

Installation:

# Deploy DVWA with secure defaults
./database-install-secure.sh --app dvwa --secure

πŸ” SQLi Labs

Purpose: SQL injection practice environment

Features:

  • Progressive difficulty levels
  • Various SQL injection techniques
  • Error-based and blind SQLi
  • Time-based and boolean-based

Installation:

# Deploy SQLi labs
./database-install-secure.sh --app sqlilabs --difficulty easy

🐝 bWAPP (buggy Web Application)

Purpose: Comprehensive vulnerability testing

Vulnerability Categories:

  • HTML5 Security
  • Authentication
  • Session Management
  • Cryptography
  • Business Logic

Installation:

# Deploy bWAPP
./database-install-secure.sh --app bwapp --setup advanced

πŸ—ΊοΈ Mutillidae II

Purpose: OWASP Top 10 demonstration platform

Features:

  • Real-world vulnerabilities
  • Multiple security contexts
  • Exploitation and remediation examples
  • Challenge modes

Installation:

# Deploy Mutillidae II
./database-install-secure.sh --app mutillidae --mode training

🐳 Docker Deployment

Quick Docker Setup

# Build penetration testing lab containers
docker-compose -f docker/docker-compose.yml up -d

# Access isolated lab environment
docker-compose exec dvwa /bin/bash

Container Security

# docker-compose.yml
version: '3.8'

services:
  dvwa:
    image: vulnerables/web-dvwa
    networks:
      - pentest-isolated
    ports:
      - "8080:80"
    environment:
      - MYSQL_DATABASE=dvwa
      - MYSQL_USER=PenLabs
      - MYSQL_PASSWORD=ChangeMeNow!
    volumes:
      - ./logs:/var/log/apache2

networks:
  pentest-isolated:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16

βš™οΈ Configuration Management

Environment Variables

# Customize installation paths
export PENTEST_LOG=/var/log/pentest-labs/
export PENTEST_CONFIG=/etc/pentest-labs/
export PENTEST_DATA=/opt/pentest-labs/

# Security settings
export PENTEST_ISOLATION=strict
export PENTEST_MONITORING=enabled
export PENTEST_BACKUPS=enabled

Secure Configuration File

# ~/.pentest_labs.conf
MYSQL_USER="YourSecureUser"
MYSQL_PASSWORD="YourSecurePassword"
LAB_DOMAIN="pentest.local"
NETWORK_RANGE="192.168.100.0/24"
FIREWALL_ENABLED="yes"
MONITORING_ENABLED="yes"

πŸ” Monitoring and Logging

Security Monitoring

# Real-time threat detection
./monitoring/threat-detection.sh

# Network traffic analysis
./monitoring/network-monitor.sh --interface eth0

# File integrity monitoring
./monitoring/file-monitor.sh --directory /var/www

Log Management

# Centralized logging setup
./utils/setup-logging.sh --centralized

# Log rotation and archiving
./utils/log-rotation.sh --compress --retention 30d

# Security event correlation
./utils/correlate-events.sh --threshold high

πŸ› οΈ Advanced Usage

Custom Lab Deployment

# Deploy custom vulnerability lab
./utils/create-lab.sh \
  --name "Custom Lab" \
  --domain custom.pentest \
  --vulnerabilities "xss,sqli,rce" \
  --difficulty "medium" \
  --isolation "strict"

Batch Operations

# Deploy all labs at once
./utils/deploy-all-labs.sh --parallel --monitor

# Security assessment automation
./utils/security-assessment.sh --comprehensive --report-format json

Backup and Recovery

# Create lab snapshots
./utils/lab-backup.sh --full --compress

# Restore from backup
./utils/lab-restore.sh --backup-file /backups/lab-2024-01-24.tar.gz

πŸ”§ Troubleshooting

Common Issues

Issue Solution
Apache won't start Check port 80 availability: `sudo netstat -tlnp
MySQL connection failed Verify service: sudo systemctl status mysql
Permission denied Check file permissions: sudo chown -R www-data:www-data /var/www
DVWA config error Verify database credentials in config.inc.php
Network access denied Check firewall rules: sudo ufw status

Debug Mode

# Enable verbose logging
export DEBUG=true
export LOG_LEVEL=DEBUG

# Run with debugging
./lamp-install-secure.sh --debug --verbose

Health Checks

# Complete system health check
./utils/health-check.sh --comprehensive

# Service status overview
./utils/service-status.sh --all

# Security audit
./utils/security-audit.sh --full-report

πŸ“š Documentation

Security Guidelines

Training Materials

Contributing

βš–οΈ Legal and Ethics

Authorized Usage

This toolkit is designed exclusively for:

  • βœ… Educational institutions and cybersecurity training
  • βœ… Security professionals conducting authorized testing
  • βœ… Students learning penetration testing concepts
  • βœ… Researchers working in controlled environments

Legal Compliance

Users must comply with:

  • πŸ›οΈ Local computer crime laws
  • 🌐 International cybersecurity regulations
  • 🏒 Organizational security policies
  • πŸ“‹ Terms of service for all systems

Disclaimer

This repository contains intentionally vulnerable applications for educational purposes only. Users are solely responsible for ensuring compliance with all applicable laws and regulations. The authors assume no liability for misuse or unauthorized use.

🀝 Contributing

We welcome contributions from the security community!

Development Setup

# Development environment
git clone https://github.com/E7H31234L/Pen-Testing.git
cd Pen-Testing
virtualenv venv && source venv/bin/activate
pip install -r requirements-dev.txt

# Run tests and quality checks
pre-commit run --all-files
./tests/run-all-tests.sh

Contribution Guidelines

  • πŸ”’ Security-first development approach
  • βœ… Comprehensive documentation for all changes
  • πŸ§ͺ Automated testing for new features
  • πŸ“‹ Code review process mandatory
  • 🏷️ Semantic versioning for releases

πŸ“ž Support and Community

Getting Help

Security Reporting

Vulnerability Reports: security@github.com/E7H31234L/Pen-Testing Security Questions: security-research@organization.com

Community

  • Reddit: r/netsec, r/AskNetsec
  • Discord: Penetration Testing Laboratory Community
  • LinkedIn: Security Research Groups

πŸ“ˆ Version History

v2.0.0 (2024-01-24) - Major Security Release

  • πŸ”’ Complete security hardening of all scripts
  • πŸ›‘οΈ Added comprehensive input validation and sanitization
  • πŸ“ Extensive security documentation and guidelines
  • 🐳 Docker containerization support
  • πŸ” Security monitoring and logging integration
  • βš™οΈ Configuration management and encryption

v1.0.0 (Initial)

  • πŸ“¦ Basic LAMP installation scripts
  • 🎯 DVWA deployment automation
  • πŸ“‹ Simple database setup utilities

πŸ“„ License

This project is licensed under the MIT License - see LICENSE file for details.

πŸ™ Acknowledgments

  • OWASP Foundation - Security guidelines and standards
  • DVWA Project - Vulnerable web application
  • bWAPP Project - Web application security training
  • Mutillidae Project - OWASP Top 10 demonstration
  • Security Community - Contributions and feedback

⚠️ Remember: With great power comes great responsibility. Use these tools ethically and legally.

For educational security training and authorized testing only. πŸŽ“

About

Install Script for DVWA, bWAPP and Mutillidae secuirty labs.

Topics

hacking bruteforce vulnerability infosec pentesting dvwa sqlinjection bwapp webapplication mutillidae

Resources

Readme

License

View license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages