This repository contains intentionally vulnerable applications and automated installation scripts designed exclusively for educational purposes:
- β Security Training & Education
- β Penetration Testing Practice
- β Security Research in Controlled Environments
- β Cybersecurity Skill Development
NEVER DEPLOY THESE APPLICATIONS IN PRODUCTION ENVIRONMENTS
- Contains deliberate security vulnerabilities
- Weak default configurations
- No production security hardening
- Intentionally exposed sensitive information
ALWAYS RUN IN ISOLATED ENVIRONMENTS
| Environment Type | Status | Recommendation |
|---|---|---|
| Physical Machine | β DANGEROUS | Use virtualization |
| Development Server | β DANGEROUS | Use containers |
| Home Network | VLAN isolation | |
| Virtual Machine | β RECOMMENDED | Snapshots enabled |
| Docker Container | β EXCELLENT | Network isolation |
| Cloud Instance | β GOOD | Security groups |
# Create isolated network for labs
sudo docker network create --driver bridge --subnet=172.20.0.0/16 pentest-net
# Run labs with network isolation
docker run --network pentest-net --ip 172.20.0.10 dvwa-lab# Disable services not needed for labs
sudo systemctl disable ssh bluetooth cups
# Firewall rules - block external access
sudo ufw deny in from any to any port 80
sudo ufw allow in from 192.168.100.0/24 to any port 80# Create dedicated lab user
sudo useradd -m -s /bin/bash pentester
sudo usermod -aG sudo,docker pentester
# Use limited privileges for lab operations
sudo -u pentester ./database-install-secure.sh| Application | Username | Password | Purpose |
|---|---|---|---|
| DVWA | admin | password | Initial admin access |
| MySQL | PenLabs | Password1! | Database access |
| bWAPP | admin | bee | Web application access |
-
Change All Default Passwords
# Change MySQL passwords immediately mysql -u root -p ALTER USER 'PenLabs'@'localhost' IDENTIFIED BY 'YourSecurePassword';
-
Rotate All Credentials
- Use password manager for generating strong passwords
- Enable two-factor authentication where possible
- Regular credential rotation schedule
-
Secure Credential Storage
# Use encrypted configuration files echo "MYSQL_PASSWORD='newpassword'" | gpg --symmetric --cipher-algo AES256 > config.gpg # Secure permissions chmod 600 config.gpg
| Vulnerability Type | Risk Level | Mitigation |
|---|---|---|
| SQL Injection | HIGH | Parameterized queries, input validation |
| XSS | HIGH | Output encoding, CSP headers |
| File Upload | MEDIUM | File type validation, sandboxing |
| Authentication Bypass | HIGH | Strong passwords, MFA |
| Directory Traversal | MEDIUM | Path validation, chroot jails |
| Command Injection | HIGH | Input sanitization, whitelist allowed commands |
# Only allow specific subnets
sudo ufw allow from 192.168.100.0/24 to any port 80
sudo ufw allow from 10.0.0.0/8 to any port 443
# Block all other access
sudo ufw deny in from any to any port 80,443ALWAYS USE VPN WHEN:
- Accessing labs from public networks
- Performing security research online
- Using cloud-based lab environments
# Block known malicious domains
echo "0.0.0.0 malicious-site.com" | sudo tee -a /etc/hosts
echo "0.0.0.0 known-evil-domain.net" | sudo tee -a /etc/hosts# Monitor network connections
sudo netstat -tulnp | grep -E ':(80|443|3306)'
# Monitor file changes
sudo auditctl -w /var/www -p rwxa -k pentest-files
# Monitor process execution
sudo auditctl -a always,exit -F arch=b64 -S execve -k pentest-processes# Monitor Apache logs for suspicious activity
tail -f /var/log/apache2/access.log | grep -E "(union|select|drop|exec|cmd)"
# Monitor MySQL queries
tail -f /var/log/mysql/mysql.log | grep -E "(password|admin|drop|delete)"-
Isolate the Environment
# Disconnect from network sudo ip link set eth0 down # Stop all web services sudo systemctl stop apache2 mysql
-
Take System Snapshot
# Create forensic snapshot (if VM) sudo virsh snapshot-create-as pentest-vm-incident # Preserve memory and disk images sudo dd if=/dev/mem of=/forensics/memory.dump sudo dd if=/dev/sda of=/forensics/disk.image
-
Document Everything
# Create incident log echo "INCIDENT: $(date)" >> security-incident.log echo "ACTIONS TAKEN: Network isolation, services stopped" >> security-incident.log
-
Collect Evidence
# Preserve logs cp /var/log/apache2/*.log /forensics/ cp /var/log/mysql/*.log /forensics/ # Network captures sudo tcpdump -i any -w /forensics/capture.pcap
-
Analyze Indicators
- Check for unauthorized access patterns
- Review file modification timestamps
- Analyze network traffic anomalies
- Isolated Environment Prepared (VM/Container)
- Network Segmentation Configured (VLAN/Firewall)
- Backup System Created (Snapshots/Backups)
- Monitoring Tools Ready (IDS/Logging)
- Security Policies Reviewed (Access Control)
- Incident Response Plan Prepared
- Default Passwords Changed
- File Permissions Secured (chmod/chown)
- Service Ports Filtered (Firewall rules)
- SSL/TLS Disabled (For training)
- Debug Logging Enabled (For analysis)
- Backup Procedures Tested
- Log Files Reviewed Daily
- System Updates Applied Weekly
- Network Traffic Monitored
- Credential Rotations Monthly
- Security Audit Quarterly
- Penetration Test Annually
These tools should only be used:
- β On systems you own or have explicit permission
- β In clearly defined laboratory environments
- β For legitimate security research and education
- β Within applicable laws and regulations
Never use these tools for:
- β Unauthorized system access
- β Malicious activities
- β Privacy violations
- β Industrial espionage
- β Cybercrime activities
Ensure compliance with:
- Local Laws: Computer crime statutes
- Federal Laws: CFAA, GDPR, etc.
- International Laws: Cybersecurity regulations
- Organizational Policies: Company security policies
#!/bin/bash
# security-hardening.sh
# Disable unnecessary services
services=("bluetooth" "cups" "avahi-daemon")
for service in "${services[@]}"; do
sudo systemctl disable "$service" 2>/dev/null || true
sudo systemctl stop "$service" 2>/dev/null || true
done
# Configure firewall for lab access only
sudo ufw --force reset
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow from 192.168.100.0/24 to any port 80
sudo ufw allow from 192.168.100.0/24 to any port 3306
sudo ufw --force enable
# Secure file permissions
sudo find /var/www -type f -exec chmod 644 {} \;
sudo find /var/www -type d -exec chmod 755 {} \;
sudo chown -R www-data:www-data /var/www
# Configure logging
sudo systemctl enable rsyslog
sudo systemctl restart rsyslog
echo "Security hardening completed for pentest lab"If compromise is suspected:
-
IMMEDIATE ISOLATION
# Disconnect from all networks sudo ip link set eth0 down sudo ip link set wlan0 down
-
PRESERVE EVIDENCE
# Create forensic snapshot sudo dd if=/dev/sda of=/evidence/disk.image bs=4M sudo cp /var/log/* /evidence/logs/
-
CONTACT INCIDENT RESPONSE
- Security team: security@organization.com
- Legal department: legal@organization.com
- Management: management@organization.com
Required notifications within:
- 72 hours: For personal data exposure
- 24 hours: For financial data exposure
- Immediately: For ongoing attacks
- Network: Wireshark, Nmap, Metasploit
- Web: Burp Suite, OWASP ZAP, SQLMap
- System: Aircrack-ng, John the Ripper, Hashcat
- Reddit: r/netsec, r/AskNetsec
- Discord: Security Research Communities
- Forums: HackTheBox, TryHackMe communities
- Primary Security Lead: security-lead@organization.com
- Incident Response: incident@organization.com
- Security Hotline: +1-555-SECURITY
- Vulnerability Reports: security@github.com/E7H31234L
- Security Questions: security@organization.com
- Emergencies: +1-555-EMERGENCY
Last Updated: 2024-01-24
Version: 2.0
Review Required: Annually