This VM contains vulnerable software! DO NOT connect to a production environment and use with caution!!!

This is a virtual machine (VM) created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions .The purpose of this VM is to have a lightweight (single VM) with a few vulnerable applications and the tools that come in Kali Linux (as well, as a few additional tools and a mobile device emulator).

Getting Started

  1. Download VirtualBox. This is an all-in-one VM created and tested in VirtualBox. VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use. For a thorough introduction to virtualization and VirtualBox, please refer to the online version of the VirtualBox User Manual’s first chapter.

  2. Download the .ova file from HERE and import it in VirtualBox.

    SHASUM: c18121c0f96291895520b68ebf105bc9822ebc2d

    Click here for detailed instructions on how to import a VM in VirtualBox.

Note: VirtualBox Extension Pack is required to run this VM in VirtualBox. You can download VirtualBox Extension Pack HERE.

Vulnerable Applications Included

This is an all-in-one Kali + Vulnerable Applications standalone VM designed for you to practice your skills in a safe environment.

All of the vulnerable servers are running in Docker containers

All containers are NOT configured to start at boot time. This is to avoid for the vulnerable applications to be exposed by default.

To start the Docker service and automatically start the containers use:

service docker start

To obtain the status of each docker container use the sudo docker ps command.

WebSploit VM Creds

  user: root
  password: toor

Additional References: