DVWA
DetectionLab
Our great sponsors
DVWA | DetectionLab | |
---|---|---|
35 | 31 | |
9,291 | 4,476 | |
- | - | |
7.7 | 4.4 | |
8 days ago | about 1 year ago | |
PHP | HTML | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
DVWA
-
If you're looking for resources pertaining to hands-on practical demonstrations of learned skills and tools/techniques, look no further.
There's also a bunch of intentionally vulnerable Webapps and VMs aimed at demonstrating potential footholds and common exploits leading to owning of the host including but not limited to: bWAPP, Damn Vulnerable Web App, WebGoat, Metasploitable 3, Mutillidae, Juice Shop
-
[Question] Best practices and protecting ubuntu
I'd suggest you to download for example a VM of Damn Vulnerable Web Application (https://github.com/digininja/DVWA), learn and practice the attacks, and then try to protect the host from these attacks to prevent or limit access to the system.
-
Web penetration practice
I deployed a Damn Vulnerable Web Application (DVWA) for you, I DM'ed the url and creds. It's a controlled sandbox, intentionally vulnerable app for you to try out your hackerman skills. Go nuts, have fun dude.
-
I am setting up a pen testing lab , I want to generate some vulnerabilities on a windows server 2019 (VM)
For app security check out the damn vulnerable web app: https://github.com/digininja/DVWA
-
Novice question in regards to using some tools.
A fresh install laptop is probably going to be a frustrating first place to start as it is unlikely to be exposing any services for you to scan or test. You could install some vulnerable services, like the damn vulnerable web application here which has good setup instructions and many, many walkthroughs.
-
Vulnerability Management Practice Lab
You could spin up a version of dvwa and scan that. https://github.com/digininja/DVWA
-
Let's see what we got here
sudo git clone https://github.com/digininja/DVWA/git
-
Best login page or example for kids to hack away on and be able to "guess" the login
DVWA is a pretty solid educational, training application that is meant for this purpose. There are a bunch of different modules, but one is bruteforcing passwords.
-
Do you know any vulnerable websites that is free to use as a target for a website scanner POC?
Damn Vulnerable Web App
- Website or App for virtual hacking
DetectionLab
-
Cyber Lab Design
I would tell someone they should use a cloud lab like Clong's "Detection Lab" which gives them not only the security aspect but the cloud and engineering aspects as well.
- Home Virtual SIEM Lab Suggestions?
- malware analysis
- Sandbox suggestions for VM isolation & investigations?
- I am kind a lost
-
Work setup
Detection Lab Link: https://github.com/clong/DetectionLab
-
learning splunk. is there a way to "play" with it?
Not sure what your goal with splunk is but I'd recommend Detection lab! Once you get the pre reqs setup, building and tearing down is super easy and you get a pre-baked ad environment to generate logs for you. https://github.com/clong/DetectionLab
-
Tool that automatically generates a realistic office scenario of vms?
I found a great starting point at the repo of DetectionLab : https://github.com/clong/DetectionLab
-
I'm a noob with expensive equipment
While it's true what most are saying, that you don't need a powerful system to learn hacking....... You DO have a valid point that a powerful system enables things a weaker system may not. For example with 64GB of RAM you can run a full network lab simulation such as https://github.com/clong/DetectionLab additionally a solid high end graphics card will let you run things like hashcat a lot faster. In theory you could make a rainbow table. You still need a lot of time to understand all the basics but yeah there's a few cool things you can do with more power it's not ENTIRELY unneeded. I wish I knew about the local defcon group long ago. They're welcoming and some have capture the flags you can play. Understand the various job roles there are in security and figure out which one you like. You get paid to do specific things not just learn about hacking.
-
where does one get experience with SIEM tools
Github DetectioLab
What are some alternatives?
WebGoat - WebGoat is a deliberately insecure application
DetectionLabELK - DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
mutillidae - OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
vulnerable-AD - Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
security-onion - Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Vulnerable-Web-Application - OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
Adaz - :wrench: Deploy customizable Active Directory labs in Azure - automatically.
PHPSecLib - PHP Secure Communications Library
HELK - The Hunting ELK
PHP SSH - An experimental object oriented SSH api in PHP
GOAD - game of active directory