This is a virtual machine (VM) created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions .The purpose of this VM is to have a single VM lab environment with several vulnerable applications running in Docker containers; the tools that come in Kali Linux; a few additional tools; and a mobile device emulator.

css templates

This VM contains vulnerable software!
DO NOT connect to a production environment and use with caution!!!

Getting Started


Download VirtualBox

This is an all-in-one VM created and tested in VirtualBox. VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use. For a thorough introduction to virtualization and VirtualBox, please refer to the online version of the VirtualBox User Manual’s first chapter.


Download WebSploit

Download the .ova file from HERE and import it in VirtualBox. (SHASUM: 7af28d562de7e1252452e97e9997de11b312d4ee) .

Click here for detailed instructions on how to import a VM in VirtualBox.                       

WebSploit VM Credentials
user: root
  password: toor

Vulnerable Applications Included

This is an all-in-one Kali + Vulnerable Applications standalone VM designed for you to practice your skills in a safe environment.


VM and Docker Containers

All containers are NOT configured to start at boot time. This is to avoid for the vulnerable applications to be exposed by default.

To start the Docker service and automatically start the containers use:

service docker start

To obtain the status of each docker container use the sudo docker ps command.

Omar's Cybersecurity GitHub Repository 

Over 6,000 cybersecurity references related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more. 

Stay in Touch with Omar!

© Copyright 2019 Omar Santos - All Rights Reserved