{"id":13904496,"url":"https://github.com/garethr/pentesting-playground","last_synced_at":"2025-04-14T10:21:24.151Z","repository":{"id":8150764,"uuid":"9570743","full_name":"garethr/pentesting-playground","owner":"garethr","description":"Code for installing various security minded tools onto Vagrant powered virtual machines","archived":false,"fork":false,"pushed_at":"2014-07-21T21:15:12.000Z","size":202,"stargazers_count":171,"open_issues_count":5,"forks_count":31,"subscribers_count":20,"default_branch":"master","last_synced_at":"2025-04-13T02:13:37.992Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Puppet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/garethr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-04-20T21:14:20.000Z","updated_at":"2025-02-21T15:46:55.000Z","dependencies_parsed_at":"2022-09-25T06:40:46.751Z","dependency_job_id":null,"html_url":"https://github.com/garethr/pentesting-playground","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/garethr%2Fpentesting-playground","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/garethr%2Fpentesting-playground/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/garethr%2Fpentesting-playground/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/garethr%2Fpentesting-playground/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/garethr","download_url":"https://codeload.github.com/garethr/pentesting-playground/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248860006,"owners_count":21173344,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-06T23:00:56.176Z","updated_at":"2025-04-14T10:21:24.119Z","avatar_url":"https://github.com/garethr.png","language":"Puppet","readme":"# Penetration Testing Playground\n\nThere are lots of interesting tools for testing the security of web\napplications. Unfortunately many of them are unknown to most developers\nand poorly packaged (I don't want a separate distro thanks). This project aims to bring together some familiar developer tools (like Vagrant and Puppet) with as many interesting security tools as I can find.\n\nOnce you have have tools you want somewhere safe to test them out. This\nproject also contains a vulnerable web application running in a separate\nvirtual machine which can be used as a test bed.\n\n## Usage\n\nI'm assuming you already have Ruby and Vagrant installed. The we need to\ninstall the dependencies.\n\n    bundle install\n    bundle exec librarian-puppet install\n\nThis should fill your modules folder with puppet modules from the Puppet\nForge. Next up we can start our virtual machines.\n\n    vagrant up\n\nThis should launch two machines, one called attacker and the other\nvictim. Attacker gets lots of tools installed and victim gets a\nvulnerable web application setup.\n\nIf you want to test some of the tools out then you'll want to ssh into\nthe attacker virtual machine:\n\n    vagrant ssh attacker\n\nMany of the tools are not packages and these are simply installed into\n/opt. Just cd to the relevant directory and run the tools from there.\n\nIf you want to change anything on the victim virtual machine you can\naccess that with:\n\n    vagrant ssh victim\n\nIf you only wanted the attacker (or victim) virtual machine then you can\nuse either:\n\n   vagrant up attacker\n   vagrant up victim\n\n## Tools installed\n\n* [skipfish](http://code.google.com/p/skipfish/)\n* [nmap](http://nmap.org/)\n* [nikto](http://www.cirt.net/nikto2)\n* [w3af](http://w3af.org/)\n* [garmr](https://github.com/mozilla/Garmr)\n* [sslyze](https://github.com/iSECPartners/sslyze)\n* [wpscanner](https://github.com/metachris/wpscanner)\n* [owasp zap](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)\n* [arachni](http://arachni-scanner.com/)\n* [gauntlt](https://github.com/gauntlt/gauntlt)\n* [sqlmap](http://sqlmap.org/)\n* [wpscan](http://wpscan.org/)\n* [sslscan](http://sourceforge.net/projects/sslscan/)\n* [TLSSLed](http://blog.taddong.com/2013/02/tlssled-v13.html)\n* [slowhttptest](https://code.google.com/p/slowhttptest/)\n* [DIRB](http://dirb.sourceforge.net/)\n* [SQLiBF](http://sourceforge.net/projects/sqlibf/)\n\nIf you would like to add something else then please send a pull request\nor open an issue.\n\n## Disclaimer\n\nThese tools are designed to attack or find vulnerabilities in other\napplications. Testing for vulnerabilities is an important part of\nbuilding a secure web application, but please don't use this set of tools to\nattack other peoples site. It's probably illegal and definitely not very\npolite.\n","funding_links":[],"categories":["Puppet"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgarethr%2Fpentesting-playground","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgarethr%2Fpentesting-playground","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgarethr%2Fpentesting-playground/lists"}