From previous posts I have talked extensively on the magical powers that is Docker. This is a script I created to help setup a fresh Kali image with multiple vulnerable web apps for training or practice purposes.
#!/bin/bash # Install Docker curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - echo 'deb https://download.docker.com/linux/debian stretch stable' > /etc/apt/sources.list.d/docker.list apt-get update apt-get remove docker docker-engine docker.io -y apt-get install docker-ce -y systemctl start docker systemctl enable docker # Install Dnsmasq apt-get install dnsmasq -y echo "# New Changes listen-address=127.0.0.1 bind-interfaces address=/.local/127.0.0.1" >> /etc/dnsmasq.conf echo "prepend domain-name-servers 127.0.0.1;" >> /etc/dhcp/dhclient.conf systemctl enable dnsmasq # Restart networking dhclient systemctl restart dnsmasq service network-manager restart # Docker Pull down docker pull jwilder/nginx-proxy:latest docker pull bkimminich/juice-shop docker pull citizenstig/nowasp docker pull citizenstig/dvwa docker pull wpscanteam/vulnerablewordpress # Docker Config docker network create vuln docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro --name rev_proxy --net vuln --restart always jwilder/nginx-proxy docker run -d -e VIRTUAL_HOST=juice.local --name juiceshop --net vuln --restart always bkimminich/juice-shop docker run -d -e VIRTUAL_HOST=mutillidae.local --name mutillidae --net vuln --restart always citizenstig/nowasp docker run -d -e VIRTUAL_HOST=dvwa.local --name dvwa --net vuln --restart always citizenstig/dvwa
This script above will setup Kali to download an install Docker. It will then remove any existing version. You can comment out that section if you already have Docker installed and configured correctly to your liking. Since many different vulnerable web applications require different ports to be open or exposed I instead elected to use DNSmasq to setup a local DNS server that would forward anything with a
.local address back to 127.0.0.1. After DNSmasq is installed you must restart networking for the DNS server to take over control.
Now we can begin pulling down images from the Docker Hub. The first image
jwilder/nginx-proxy:latest is a Docker container that will help automate all of the domain name addressing for anything running in a Docker container. So any requests that come into 127.0.0.1 on port 80 or 443 will get forwarded to the appropriate Docker container. What makes this especially interesting is that all of the forwarding and configuration of the Nginx reverse proxy is handled automatically by just passing an environment variable when starting the container. The next three images that are pulled down are vulnerable web applications. Juice Shop, Mutillidae, and the Damn Vulnerable Web Application (DVWA).
In order to access these sites simply open your browser and navigate to one of the following:
http://juice.local http://mutillidae.local http://dvwa.local
Some extra setup might be necessary for Mutillidae and DVWA, but Juice Shop is up and running. Good Luck!