Web Security Dojo

Verze pro tiskPDF verze

Web Security Dojo is a turnkey web application security lab with tools, targets, and training materials built into a Virtual Machine(VM). It is ideal for both self-instruction and training classes since everything is pre-configured and no external network connection is needed. All tools and targets are configured to use non-conflicting ports and a Firefox proxy switcher is set up to match.

Web Security Dojo v1.0 is now available for free at

Web Security Dojo is an open source project built on Ubuntu and hosted at SourceForge. It is available in three flavors: a Virtualbox VM, VMWare VM, and a build script which can be used on a standard Ubuntu 9.10 install to produce the Dojo.
Collaboration and contributions are welcomed.

Major highlights:

* OWASP WebGoat
* Damn Vulnerable Web App
* Hacme Casino
* OWASP InsecureWebApp
* custom PHP scripts including REST and JSON labs

* Burp Suite (free version) [Thanks to Portswigger for permission to redistribute]
* w3af cvs version
* OWASP Skavenger
* OWASP Dirbuster
* Paros
* Webscarab
* Ratproxy
* sqlmap
* helpful Firefox add-ons

For a quick start grab the VM from http://dojo.mavensecurity.com and read the included Readme file and/or watch the intro video at http://www.youtube.com/watch?v=lum6bSsyJ38