{"id":2978,"date":"2015-05-22T23:03:14","date_gmt":"2015-05-22T15:03:14","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=2978"},"modified":"2015-09-09T19:36:37","modified_gmt":"2015-09-09T11:36:37","slug":"web-security-dojo-2-0-self-contained-web-hacking-training","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2015\/05\/web-security-dojo-2-0-self-contained-web-hacking-training\/","title":{"rendered":"Web Security Dojo 2.0 &#8211; Self-Contained Web Hacking Training"},"content":{"rendered":"<p>Web Security Dojo is a free open-source self-contained web hacking training environment for Web Application Security penetration testing. Tools + Targets = Dojo<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"http:\/\/farm9.staticflickr.com\/8777\/17771377620_136c936a0f.jpg\" alt=\"Web Security Dojo 2.0 - Self-Contained Web Hacking Training\" \/><\/p>\n<p><strong>What?<\/strong><\/p>\n<p>Various web application security testing tools and vulnerable web applications were added to a clean install of xubuntu 12.04. Build scripts are available in git at Sourceforge.<\/p>\n<p>Targets include:<\/p>\n<ul>\n<li>OWASP\u2019s WebGoat<\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2014\/12\/gruyere-learn-web-application-exploits-defenses\/\">Google\u2019s Gruyere<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2009\/07\/damn-vulnerable-web-app-learn-practise-web-hacking\/\">Damn Vulnerable Web App<\/a><\/li>\n<li>Hacme Casino<\/li>\n<li>OWASP InsecureWebApp<\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2011\/11\/w3af-v1-1-released-for-download-web-application-attack-audit-framework\/\">w3af<\/a>\u2019s test website<\/li>\n<li>Simple training targets by Maven Security (including REST and JSON)<\/li>\n<\/ul>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<p><strong>Why?<\/strong><\/p>\n<p>The Web Security Dojo is for learning and practising web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection since it contains both tools and targets. Also, this removes the possibility of remote attack on the targets, which are insecure by design. The Dojo contains everything needed to get started \u2013 tools, targets, and documentation.<\/p>\n<p>Tools included (starred = new this version):<\/p>\n<ul>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2011\/06\/burp-suite-free-edition-v1-4-web-application-security-testing-tool\/\">Burp Suite (free version)<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2011\/11\/w3af-v1-1-released-for-download-web-application-attack-audit-framework\/\">w3af<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2011\/04\/sqlmap-0-9-released-automatic-blind-sql-injection-tool\/\">SQLmap<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2014\/10\/arachni-v1-0-released-web-application-security-scanner-framework\/\">Arachni<\/a> *<\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2010\/07\/metasploit-framework-3-4-1-released-16-new-exploits-22-modules-11-meterpreter-scripts\/\">Metasploit<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2011\/06\/zed-attack-proxy-zaproxy-v1-3-0-released-integrated-penetration-testing-tool\/\">Zed Attack Proxy<\/a> *<\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2007\/11\/skavenger-source-code-auditing-tool\/\">OWASP Skavenger<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2011\/11\/dirbuster-brute-force-directories-files-names\/\">OWASP Dirbuster<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2006\/05\/paros-proxy-3212-released-mitm-http-and-https-proxy\/\">Paros<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2006\/07\/webscarab-web-application-analysis-new-version\/\">Webscarab<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2008\/07\/ratproxy-passive-web-application-security-audit-tool\/\">Ratproxy<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2011\/06\/skipfish-1-94b-released-active-web-application-security-reconnaissance-tool\/\">skipfish<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2011\/08\/websecurify-integrated-web-security-testing-environment\/\">websecurify<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2010\/04\/davtest-webdav-vulnerability-scanning-scanner-tool\/\">davtest<\/a><\/li>\n<li>J-Baah<\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2007\/03\/jbrofuzz-05-from-owasp-stateless-network-protocol-fuzzer\/\">JBroFuzz<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2010\/11\/watobo-the-web-application-toolbox\/\">Watobo<\/a> *<\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2009\/11\/rats-rough-auditing-tool-for-security\/\">RATS<\/a><\/li>\n<li>Helpful Firefox add-ons<\/li>\n<\/ul>\n<p>You can download Web Security Dojo v2.0 here:<\/p>\n<p><a href=\"http:\/\/sourceforge.net\/projects\/websecuritydojo\/files\/Version_2.0\/Web_Security_Dojo-2.0.ova\/download\">Web_Security_Dojo-2.0.ova<\/a><\/p>\n<p>Or read more <a href=\"https:\/\/www.mavensecurity.com\/web_security_dojo\/\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Web Security Dojo is a free open-source self-contained web hacking training environment for Web Application Security penetration testing. Tools + Targets = Dojo What? Various web application security testing tools and vulnerable web applications were added to a clean install of xubuntu 12.04. Build scripts are available in git at Sourceforge. Targets include: OWASP\u2019s WebGoat [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"Web Security Dojo is a self-contained web hacking training environment that provides targets, tools and documentation in a virtual image.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[9,15],"tags":[5238],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/2978"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=2978"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/2978\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=2978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=2978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=2978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}