{"id":13626218,"url":"https://github.com/SamuraiWTF/samuraiwtf","last_synced_at":"2025-04-16T11:31:32.983Z","repository":{"id":4052601,"uuid":"51807032","full_name":"SamuraiWTF/samuraiwtf","owner":"SamuraiWTF","description":"The main SamuraiWTF collaborative distro repo.","archived":false,"fork":false,"pushed_at":"2025-03-10T13:44:32.000Z","size":23051,"stargazers_count":501,"open_issues_count":21,"forks_count":128,"subscribers_count":35,"default_branch":"main","last_synced_at":"2025-04-14T22:19:02.705Z","etag":null,"topics":["burpsuite","pentest-tool","samurai","vagrant"],"latest_commit_sha":null,"homepage":"https://owasp.org/www-project-samuraiwtf/#SamuraiWTF_Project","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SamuraiWTF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-02-16T04:07:17.000Z","updated_at":"2025-04-13T10:48:51.000Z","dependencies_parsed_at":"2024-01-14T07:13:17.683Z","dependency_job_id":"bb358323-6974-4fff-8303-c3aac3f6471d","html_url":"https://github.com/SamuraiWTF/samuraiwtf","commit_stats":{"total_commits":359,"total_committers":14,"mean_commits":"25.642857142857142","dds":0.7325905292479109,"last_synced_commit":"1dceefe06d5c7c61439f728e3cacb37c3919dd6a"},"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamuraiWTF%2Fsamuraiwtf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamuraiWTF%2Fsamuraiwtf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamuraiWTF%2Fsamuraiwtf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SamuraiWTF%2Fsamuraiwtf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SamuraiWTF","download_url":"https://codeload.github.com/SamuraiWTF/samuraiwtf/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249235070,"owners_count":21235143,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burpsuite","pentest-tool","samurai","vagrant"],"created_at":"2024-08-01T21:02:13.163Z","updated_at":"2025-04-16T11:31:32.976Z","avatar_url":"https://github.com/SamuraiWTF.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"SamuraiWTF Logo\" src=\"http://tiny.si/images/owasp_samurai_v3.png\"  height=\"400\"/\u003e\n\u003c/p\u003e\n\n## Samurai Web Training Framework 6.0\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/SamuraiWTF/samuraiwtf/releases\"\u003e \u003cimg alt=\"Github\" src=\"https://img.shields.io/github/downloads/SamuraiWTF/samuraiwtf/total.svg?label=Github%20Downloads\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/SamuraiWTF/samuraiwtf\"\u003e \u003cimg alt=\"SourceForge\" src=\"https://img.shields.io/sourceforge/dt/samurai.svg?label=%28Deprecated%29%20%20SourceForge%20Downloads\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/SamuraiWTF/samuraiwtf/releases\"\u003e \u003cimg alt=\"Latest version\" src=\"https://img.shields.io/github/release/SamuraiWTF/samuraiwtf.svg\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/SamuraiWTF/samuraiwtf/blob/master/LICENSE\" \u003e \u003cimg alt=\"License\" src=\"https://img.shields.io/badge/license-GPLv3-blue.svg\" /\u003e\u003c/a\u003e \n\u003c/p\u003e\n\n----\n\nThis project is not a vulnerable application. It is a framework designed for quickly configuring training virtual machines with tools and vulnerable application targets. \nFor example, an instructor could use SamuraiWTF to easily set up a virtual machine image containing ZAP and OWASP Juice Shop, and then distribute it to each student as a training lab environment.\n\nThis project includes and uses the [Samurai Katana][samurai-katana-url] project to manage installation and running of tools and targets in the virtual environment. \n\n**Reference Implementation**\nCurrently the reference implementation for this project is built on top of Ubuntu 22.04 (look in the ubuntu-22 subfolder).\n\n**Important Notes**\n- All targets installed with Katana will be configured in the `.test` primary domain\n- All targets will use port 8443 for HTTPS connections\n\n**Want to chat with us? Join us in either the OWASP Slack #project-samuraiwtf channel.**\n\n**Want to Contribute? See [here](#Contributors)**\n\n**Art Credit:** the above Samurai figure is the original work of Ben Faircloth, who has granted the OWASP SamuraiWTF project permission to use in the product and websites. \n\n## How to set up Samurai WTF\nThere are several options available to you. The quickest option is to download a pre-built virtual machine and then use Katana (already installed) to configure it with the targets you want to use.\n\n### Option 1: Download Pre-Built OVA (for Oracle VirtualBox)\nThis option works best if you are not using Windows, or if you are using Windows without Hyper-V running.\n\n[Download SamuraiWTF for VirtualBox](https://downloads-samuraiwtf-com.s3.us-west-2.amazonaws.com/SamuraiWTF.ova)\n* MD5: `1da174a13218ad60080d4666f305124d`\n* SHA256: `92490a0f16584644ad681d94a3b144778fcb837a845a4f5f63d252e71d98ed4d`\n\nFor more information on removing or disabling Hyper-V, see [these instructions from Microsoft](https://support.microsoft.com/en-us/help/3204980/virtualization-applications-do-not-work-together-with-hyper-v-device-g).\n\n### Option 2: Download Pre-Built VHDX (for Hyper-V)\nThis option works best if you are running Windows 10 or higher and already have Hyper-V installed. If you use the Windows Linux Subsystem (WLS), then you have Hyper-V installed.\n\n[Download SamuraiWTF for Hyper-V](https://downloads-samuraiwtf-com.s3.us-west-2.amazonaws.com/SamuraiWTF_HyperV.zip)\n* MD5: `B7B406D70956574CE29A83344CD59E97`\n* SHA256: `9FD30B272A20CD3CA1003BAC0CEB180D18202F0A448FCFDEB0EDE52CA65DDA74`\n\nOnce it is downloaded, you will want to unzip the file and then create a new VM in Hyper-V. Attach the .hvdx drive and set the RAM to at least 4096.\n\n### Option 3: Build an Amazon Workspace (DEPRECATED)\nThis option is now deprecated due to ongoing issues with AWS Workspaces provisioning. Historical documentation can be found at [/amazon-linux/README.md](https://github.com/SamuraiWTF/samuraiwtf/blob/main/amazon-linux/README.md).\n\n### Build on Hyper-V or VirtualBox with Vagrant\nCurrently, the most stable Vagrant build is the one for Ubuntu 22.04. Details are in the file [/ubuntu-22/README.md](https://github.com/SamuraiWTF/samuraiwtf/blob/main/ubuntu-22/README.md).\n\n## Default Password\nThere is a default user and password for the SamuraiWTF environment: `samurai` / `samurai`\nThis is the same for every build except the AWS Workspace, where you will instead use your workspace username and password.\n\n## Root Certificate Authority\nDuring the build process, SamuraiWTF generates a local Root Certificate Authority (CA) that is used to secure internal training targets. To properly simulate real-world pentesting scenarios, you'll need to import this CA into your browser:\n\n1. The Root CA certificate is located at `/opt/samurai/SamuraiWTF_Root_CA.crt`\n2. To import in Firefox:\n   - Go to Settings (or Preferences)\n   - Search for \"certificates\"\n   - Click \"View Certificates\"\n   - Go to the \"Authorities\" tab\n   - Click \"Import\" and select the Root CA file\n   - Check \"Trust this CA to identify websites\"\n\n⚠️ **SECURITY WARNING**: This Root CA should ONLY be trusted in browsers used for training within the SamuraiWTF VM. Never import this certificate on browsers used outside the VM or for regular web browsing, as it could compromise your browser security.\n\n## Lab Quick Setup\nOnce you log in to the environment, you can install tools and targets using katana either from the command line, or from a browser.\n\n### Command Line\nSimply use the command `katana list` to see which packages are available, then install any package with `katana install \u003cpackage\u003e`. For example, to install ZAP and JuiceShop:\n\n```shell script\nkatana install zap\nkatana install juice-shop\nkatana start juice-shop\n```\n\n## Web UI\nThe web UI can be seen in a browser by visiting `https://katana.test`.\n\nIf it is not running, you may first need to use the command line to install and start katana. This is done with the commands:\n```shell script\nkatana install katana\nkatana start katana\n```\n\nMore detailed instructions on using Katana are available in the readme of the [Samurai Katana][samurai-katana-url] GitHub project.\n\n**IMPORTANT**: Be aware that Katana runs with root privileges and is not intended to be run in a secure or production environment.\n\n## Development\nMost of the development in this repo is related to updating basebox provisioning scripts and supporting additional platforms.\n\n\n- Our integration branch is the one called `next`. That's where all new features and bug fixes go for testing before a planned release.  The `main` branch should be kept stable at all times.\n- Larger changes should be done in separate feature branches.  Make sure to merge `next` into your feature branch, then PR the feature branch to merge into `next`.\n- If you break `next` or `main`, fix it (with help if necessary). It's best to run a full test build (i.e. `vagrant destroy`, `vagrant up`) and make sure tools ard targets are working before pushing changes.\n\n## Production VM Notes:\nOnce you load the VM, unless this was a AWS Workspace install the username and password are:\n\n- Username: samurai\n- Password: samurai\n\nThe menus are available in the top-left corner of the desktop.\n\nOnce you log in, there are a couple of things that might need to be adjusted manually.\n\n## Virtualbox Display\n- To automatically adjust the display resolution, do the following:\n\t- Select Virtualbox `Menu -\u003e View`\n\t- Click Auto-Resize Guest Display\n\t- Resize Virtualbox window and display should change to fit window size.\n\t- OR: Use the `Menu -\u003e View -\u003e Virtual Screen 1` menu to adjust the screen dimensions (e.g. Resize to 1440x900; Scale to 200%). \n\n# License\nThe scripts and resources belonging directly to this project are licensed under the Lesser GNU Public License version 3 (LGPLv3).\nAll software loaded into the VM, including the tools, targets, utilities, and operating system itself retain their original license agreements.\n\n\n# Contributors\nContributors are very welcome and the contribution process is standard:\n\n  * fork this project\n  * make your contribution\n  * submit a pull request\n  \nSubstantial or *Regular* contributors may also be brought in as full team members. This includes those who have made substantial contributions to previous versions of SamuraiWTF with the assumption they will continue to do so.\n\n[samurai-katana-url]: https://github.com/SamuraiWTF/katana\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSamuraiWTF%2Fsamuraiwtf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSamuraiWTF%2Fsamuraiwtf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSamuraiWTF%2Fsamuraiwtf/lists"}