Vulnerable Web Application Test Envrionment

From previous posts I have talked extensively on the magical powers that is Docker. This is a script I created to help setup a fresh Kali image with multiple vulnerable web apps for training or practice purposes.  


# Install Docker
curl -fsSL | sudo apt-key add -
echo 'deb stretch stable' > /etc/apt/sources.list.d/docker.list
apt-get update
apt-get remove docker docker-engine -y 
apt-get install docker-ce -y 
systemctl start docker
systemctl enable docker

# Install Dnsmasq
apt-get install dnsmasq -y 
echo "# New Changes
address=/.local/" >> /etc/dnsmasq.conf
echo "prepend domain-name-servers;" >> /etc/dhcp/dhclient.conf
systemctl enable dnsmasq

# Restart networking
systemctl restart dnsmasq
service network-manager restart

# Docker Pull down
docker pull jwilder/nginx-proxy:latest
docker pull bkimminich/juice-shop
docker pull citizenstig/nowasp
docker pull citizenstig/dvwa
docker pull wpscanteam/vulnerablewordpress

# Docker Config
docker network create vuln
docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro --name rev_proxy --net vuln --restart always jwilder/nginx-proxy
docker run -d -e VIRTUAL_HOST=juice.local --name juiceshop --net vuln --restart always bkimminich/juice-shop
docker run -d -e VIRTUAL_HOST=mutillidae.local --name mutillidae --net vuln --restart always citizenstig/nowasp
docker run -d -e VIRTUAL_HOST=dvwa.local --name dvwa --net vuln --restart always citizenstig/dvwa

This script above will setup Kali to download an install Docker.  It will then remove any existing version.  You can comment out that section if you already have Docker installed and configured correctly to your liking.  Since many different vulnerable web applications require different ports to be open or exposed I instead elected to use DNSmasq to setup a local DNS server that would forward anything with a .local address back to  After DNSmasq is installed you must restart networking for the DNS server to take over control.  

Now we can begin pulling down images from the Docker Hub.  The first image jwilder/nginx-proxy:latest is a Docker container that will help automate all of the domain name addressing for anything running in a Docker container.  So any requests that come into on port 80 or 443 will get forwarded to the appropriate Docker container.  What makes this especially interesting is that all of the forwarding and configuration of the Nginx reverse proxy is handled automatically by just passing an environment variable when starting the container.  The next three images that are pulled down are vulnerable web applications.  Juice Shop, Mutillidae, and the Damn Vulnerable Web Application (DVWA).  

In order to access these sites simply open your browser and navigate to one of the following:


Some extra setup might be necessary for Mutillidae and DVWA, but Juice Shop is up and running.  Good Luck!