WebSploit is a learning environment created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions. WebSploit includes several vulnerable applications running in Docker containers and the tools that come in Kali Linux (as well, as a few additional tools).

These VMs contains vulnerable software!
DO NOT connect to a production environment and use with caution!!!

System Requirements

You can run WebSploit in VirtualBox, VMWare Workstation or Fusion, and many other virtual machine architectures. However, this VM was specifically created and tested in VirtualBox. Subsequently, VirtualBox is recommended. VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use. For a thorough introduction to virtualization and VirtualBox, please refer to the online version of the VirtualBox User Manual’s first chapter.

You have different options to deploy WebSploit...

WebSploit Full

This is an all-in-one virtual machine built on top of Kali Linux + extra tools + several vulnerable applications running in Docker containers. This standalone VM designed for you to practice your skills in a safe environment.
Download WebSploit Full here.

WebSploit Lite

Ubuntu Server + vulnerable containers. Choose this VM if you already have Kali Linux (or any other penetration testing distribution) and just want to run the vulnerable containers separately.
Download WebSploit Lite here.

Install Script

If you already have a pen testing environment like Kali, Parrot Security, and Black Arch, you can download and run this script to setup your own WebSploit environment. The script will automatically install Docker and all the underlying containers and tools.

WebSploit Full Credentials

username: root
password: toor

WebSploit Lite Credentials

username: websploit
password: websploit

Docker is NOT configured to start at boot time. This is to avoid for the vulnerable applications to be exposed by default. To start the Docker service and automatically start the containers use:

service docker start

To obtain the status of each docker container use the following command:

sudo docker ps 


Cybersecurity Training

Omar's on-demand and Live cybersecurity training, as well as books and other resources.

Topics include: Ethical hacking (penetration testing); digital forensics and Digital Forensics and Incident Response (DFIR); threat hunting; malware analysis; reverse engineering; and more.

Omar's Cybersecurity GitHub Repository 

Over 6,000 cybersecurity references related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more. 

Stay in Touch with Omar!

© Copyright 2019 Omar Santos - All Rights Reserved