{"id":15089125,"url":"https://github.com/alekrish-12/dvwa-k8s-setup","last_synced_at":"2026-01-05T01:15:33.880Z","repository":{"id":254905070,"uuid":"847912630","full_name":"Alekrish-12/DVWA-k8s-Setup","owner":"Alekrish-12","description":"DVWA Setup to Deploy a local k8s cluster using minikube, k3s and demo of the attack vectors.","archived":false,"fork":false,"pushed_at":"2024-08-27T08:34:07.000Z","size":46,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-26T09:42:23.614Z","etag":null,"topics":["deployment","dvwa","kubectl","kubernetes","minikube","service","setup-script","sql-injection","xss-attacks","yaml"],"latest_commit_sha":null,"homepage":"https://github.com/Alekrish-12/DVWA-k8s-Setup","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Alekrish-12.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-26T19:29:34.000Z","updated_at":"2024-08-27T08:35:18.000Z","dependencies_parsed_at":"2024-09-29T23:00:29.928Z","dependency_job_id":"b60eb255-f60d-42fa-b99a-30e456660d1b","html_url":"https://github.com/Alekrish-12/DVWA-k8s-Setup","commit_stats":{"total_commits":26,"total_committers":1,"mean_commits":26.0,"dds":0.0,"last_synced_commit":"3cf18df1ffaf21ca4d0d2ecf3936e7cfba905a15"},"previous_names":["alekrish-12/kubernetes-dvwa-setup","alekrish-12/dvwa-k8s-setup"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Alekrish-12%2FDVWA-k8s-Setup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Alekrish-12%2FDVWA-k8s-Setup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Alekrish-12%2FDVWA-k8s-Setup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Alekrish-12%2FDVWA-k8s-Setup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Alekrish-12","download_url":"https://codeload.github.com/Alekrish-12/DVWA-k8s-Setup/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244811374,"owners_count":20514276,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deployment","dvwa","kubectl","kubernetes","minikube","service","setup-script","sql-injection","xss-attacks","yaml"],"created_at":"2024-09-25T08:40:48.923Z","updated_at":"2026-01-05T01:15:33.847Z","avatar_url":"https://github.com/Alekrish-12.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DVWA-K8s cluster \n\nThis repository provides a setup for deploying a local Kubernetes cluster with DVWA (Damn Vulnerable Web Application) using Minikube. It also includes instructions for demonstrating common web vulnerabilities.\n\n## Table of Contents\n\n1. [Setup Instructions](#setup-instructions)\n    - [Install Minikube](#install-minikube)\n    - [Start Minikube](#start-minikube)\n    - [Install kubectl](#install-kubectl)\n  \n![Screenshot (121)](https://github.com/user-attachments/assets/9cbd2957-69ce-4894-8c80-e927f687ca91)\n\n      \n2. [Deploy DVWA](#deploy-dvwa)\n    - [Create Deployment and Service Files](#create-deployment-and-service-files)\n    - [Deploy DVWA](#deploy-dvwa)\n    - [Access DVWA](#access-dvwa)\n3. [Demonstrate Attack Vectors](#demonstrate-attack-vectors)\n    - [SQL Injection](#sql-injection)\n    - [Cross-Site Scripting (XSS)](#cross-site-scripting-xss)\n    - [Command Injection](#command-injection)\n4. [Cleanup](#cleanup)\n\n## Setup Instructions\n\n### Install Minikube\n\nTo install Minikube, run the following script:\n\nbash setup-scripts/install-minikube.sh\n\nStart Minikube-Start Minikube to create a local Kubernetes cluster: \nbash setup-scripts/start-minikube.sh\n\nInstall kubectl-To install kubectl, run the following script:\nbash setup-scripts/install-kubectl.sh\n\nVerify the installation with:\nkubectl version --client\n\n![Screenshot (122)](https://github.com/user-attachments/assets/f2ff50ab-727f-43d8-a004-260bdd3c8ea8)\n\n### Deploy DVWA\nCreate Deployment and Service Files\nCreate a file named dvwa-deployment.yaml with the following content:\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: dvwa\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: dvwa\n  template:\n    metadata:\n      labels:\n        app: dvwa\n    spec:\n      containers:\n      - name: dvwa\n        image: vulnerables/web-dvwa\n        ports:\n        - containerPort: 80\n\nDeploy DVWA\nApply the deployment with:\nkubectl apply -f dvwa-deployment.yaml\n\nAccess DVWA\nTo access DVWA, use the Minikube service command:\nminikube service dvwa-service\nThis will open a browser window with the DVWA login page.\n\n\n![Screenshot (123)](https://github.com/user-attachments/assets/7d2e7e80-9ec0-4b1f-afb6-e9d8007b9814)\n\n\n\n### Demonstrate Attack Vectors\nSQL Injection\nAttack Vector: SQL Injection\n\nSteps:\nOpen the DVWA login page in your browser (provided by Minikube service command).\nIn the login form, enter the following payload in the username field: ' OR 1=1 --.\nLeave the password field empty.\nClick \"Login.\"\nObservation: The payload bypasses authentication, indicating an SQL Injection vulnerability.\n\n![Screenshot (125)](https://github.com/user-attachments/assets/c45e8ef8-9bab-4c76-bda0-ef41b09065e9)\n\n\nCross-Site Scripting (XSS)\nAttack Vector: Cross-Site Scripting (XSS)\n\nSteps:\nNavigate to the “XSS (Stored)” section in DVWA.\nIn the message field, enter the following payload: \u003cscript\u003ealert('XSS')\u003c/script\u003e.\n\n![Screenshot (129)](https://github.com/user-attachments/assets/5451766e-3cc1-4f71-85c6-d28a1b35eb54)\n\n\nSubmit the form.\nObservation: An alert box pops up when the page is loaded, indicating an XSS vulnerability.\n\nCommand Injection\nAttack Vector: Command Injection\n\nSteps:\nNavigate to the “Command Injection” section in DVWA.\nIn the input field, enter the following payload: ; ls -la.\n\n![Screenshot (128)](https://github.com/user-attachments/assets/16516cf3-a4a8-4865-a6eb-3a94c6e521e9)\n\n\nSubmit the form.\nObservation: The directory listing of the server is displayed, indicating a command injection vulnerability.\n\nhttps://github.com/Alekrish-12/DVWA-k8s-Setup\n\n\n### 📄 License\n\n### MIT License\n\nCopyright (c) 2024 [Kubernetes DVWA Setup]\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falekrish-12%2Fdvwa-k8s-setup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falekrish-12%2Fdvwa-k8s-setup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falekrish-12%2Fdvwa-k8s-setup/lists"}