Web Security Dojo 2.0 – Self-Contained Web Hacking Training


Web Security Dojo is a free open-source self-contained web hacking training environment for Web Application Security penetration testing. Tools + Targets = Dojo

Web Security Dojo 2.0 - Self-Contained Web Hacking Training

What?

Various web application security testing tools and vulnerable web applications were added to a clean install of xubuntu 12.04. Build scripts are available in git at Sourceforge.

Targets include:


Why?

The Web Security Dojo is for learning and practising web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection since it contains both tools and targets. Also, this removes the possibility of remote attack on the targets, which are insecure by design. The Dojo contains everything needed to get started – tools, targets, and documentation.

Tools included (starred = new this version):

You can download Web Security Dojo v2.0 here:

Web_Security_Dojo-2.0.ova

Or read more here.

Posted in: Hacking Tools, Web Hacking


Latest Posts:


tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.


Comments are closed.