Vulnerable Web Application Test Envrionment

From previous posts I have talked extensively on the magical powers that is Docker. This is a script I created to help setup a fresh Kali image with multiple vulnerable web apps for training or practice purposes.  

#!/bin/bash

# Install Docker
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
echo 'deb https://download.docker.com/linux/debian stretch stable' > /etc/apt/sources.list.d/docker.list
apt-get update
apt-get remove docker docker-engine docker.io -y 
apt-get install docker-ce -y 
systemctl start docker
systemctl enable docker

# Install Dnsmasq
apt-get install dnsmasq -y 
echo "# New Changes
listen-address=127.0.0.1
bind-interfaces
address=/.local/127.0.0.1" >> /etc/dnsmasq.conf
echo "prepend domain-name-servers 127.0.0.1;" >> /etc/dhcp/dhclient.conf
systemctl enable dnsmasq

# Restart networking
dhclient
systemctl restart dnsmasq
service network-manager restart

# Docker Pull down
docker pull jwilder/nginx-proxy:latest
docker pull bkimminich/juice-shop
docker pull citizenstig/nowasp
docker pull citizenstig/dvwa
docker pull wpscanteam/vulnerablewordpress

# Docker Config
docker network create vuln
docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro --name rev_proxy --net vuln --restart always jwilder/nginx-proxy
docker run -d -e VIRTUAL_HOST=juice.local --name juiceshop --net vuln --restart always bkimminich/juice-shop
docker run -d -e VIRTUAL_HOST=mutillidae.local --name mutillidae --net vuln --restart always citizenstig/nowasp
docker run -d -e VIRTUAL_HOST=dvwa.local --name dvwa --net vuln --restart always citizenstig/dvwa

This script above will setup Kali to download an install Docker.  It will then remove any existing version.  You can comment out that section if you already have Docker installed and configured correctly to your liking.  Since many different vulnerable web applications require different ports to be open or exposed I instead elected to use DNSmasq to setup a local DNS server that would forward anything with a .local address back to 127.0.0.1.  After DNSmasq is installed you must restart networking for the DNS server to take over control.  

Now we can begin pulling down images from the Docker Hub.  The first image jwilder/nginx-proxy:latest is a Docker container that will help automate all of the domain name addressing for anything running in a Docker container.  So any requests that come into 127.0.0.1 on port 80 or 443 will get forwarded to the appropriate Docker container.  What makes this especially interesting is that all of the forwarding and configuration of the Nginx reverse proxy is handled automatically by just passing an environment variable when starting the container.  The next three images that are pulled down are vulnerable web applications.  Juice Shop, Mutillidae, and the Damn Vulnerable Web Application (DVWA).  

In order to access these sites simply open your browser and navigate to one of the following:

http://juice.local
http://mutillidae.local
http://dvwa.local

Some extra setup might be necessary for Mutillidae and DVWA, but Juice Shop is up and running.  Good Luck!