{"id":13649779,"url":"https://github.com/oliverwiegers/pentest_lab","last_synced_at":"2025-04-22T15:30:54.303Z","repository":{"id":52795569,"uuid":"277592112","full_name":"oliverwiegers/pentest_lab","owner":"oliverwiegers","description":"Local penetration testing lab using docker-compose.","archived":false,"fork":false,"pushed_at":"2023-06-07T13:53:48.000Z","size":11348,"stargazers_count":160,"open_issues_count":0,"forks_count":49,"subscribers_count":8,"default_branch":"prod","last_synced_at":"2024-02-15T11:35:34.940Z","etag":null,"topics":["bug-bounty","bugbounty","docker","docker-compose","penetration-testing","pentest"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oliverwiegers.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-07-06T16:22:07.000Z","updated_at":"2024-02-02T10:57:22.000Z","dependencies_parsed_at":"2024-01-13T12:37:02.707Z","dependency_job_id":null,"html_url":"https://github.com/oliverwiegers/pentest_lab","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oliverwiegers%2Fpentest_lab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oliverwiegers%2Fpentest_lab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oliverwiegers%2Fpentest_lab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oliverwiegers%2Fpentest_lab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oliverwiegers","download_url":"https://codeload.github.com/oliverwiegers/pentest_lab/tar.gz/refs/heads/prod","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223900372,"owners_count":17222028,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty","bugbounty","docker","docker-compose","penetration-testing","pentest"],"created_at":"2024-08-02T02:00:25.068Z","updated_at":"2024-11-10T00:31:47.965Z","avatar_url":"https://github.com/oliverwiegers.png","language":"Shell","funding_links":[],"categories":["OWASP Top 10","Labs"],"sub_categories":[],"readme":"# Pentest Lab\n\n**I'm not actively developing on this anymore, but will fix bugs and look at\nissues and pull requests.** Help is appreciated :)\n\nThis local pentest lab leverages docker compose to spin up multiple victim\nservices and an attacker service running Kali Linux.  If you run this lab for\nthe first time it will take some time to download all the different docker\nimages.\n\n## Screencast\n\n\u003ca href=\"https://asciinema.org/a/VebTHWt6nZvTYJpvqWZja2kVb\" target=\"_blank\"\u003e\n    \u003cimg\n            src=\"https://asciinema.org/a/VebTHWt6nZvTYJpvqWZja2kVb.svg\"\n            align=right\n            width=400px/\u003e\n\u003c/a\u003e\n\n**Executed commands:**\n\n- `./lab.sh --help`\n- `./lab.sh --check-dependencies`\n- `./lab.sh --up --all-services`\n- `./lab.sh --info`\n- `./lab.sh --overview all`\n- `ssh root@kali -o \"UserKnownHostsFile /dev/null\"`\n- `./lab.sh --down`\n\n## Usage\n\nThe lab should work out of the box if all needed dependencies are installed.\nAt startup the lab will run a dependency check.\n\n### Start the lab\n\n```bash\ngit clone https://github.com/oliverwiegers/pentest_lab\ncd pentest_lab\n./lab.sh -u\n```\n\nBy default the lab will start all victim services and one red team service.\nOther services can be started and added. More information on this down on this\nbelow.\n\nFor further usage information consider reading the help message shown by\n`./lab.sh -h | --help`.\n\n### Dependencies\n\n- bash\n- find\n- sed\n- yq (The Python version. Not yq-go.)\n- docker\n- docker-compose\n\nThe lab has a build in dependency check which runs at startup. This also can be\nrun manually `./lab.sh -C`.\n\n### Heimdall\n\n\u003cimg src=\"./screenshots/heimdall.png\" alt=\"img\" align=\"left\" width=\"400px\"\u003e\n\nFor ease of use a [Heimdall](https://github.com/linuxserver/Heimdall) interface\nwas added that is exposed to `localhost:7000`.\nAll services that are exposed to your local machine and can be accessed via\nbrowser are listed there.\nChanges that will be made to the interface are automatically saved in\n`./etc/heimheimdall`. This directory is than turned into `./etc/heimdall.tar`\nwhile stopping the lab. This tar archive will be extracted on starup. Both\n`./etc/heimdall.tar` and `./etc/heimdall` are ignored by git by default.\n\nUsed wallpaper can be found [here](https://wallpapercave.com/w/wp6241750).\n\n## Services\n\nThis lab knows the following four types of services.\n\n- red_team\n- blue_team\n- victim\n- monitoring\n\nThe default red team service - the Kali service - is a pretty basic Kali\ninstance. Nonetheless `kali-tools-web` metapackage is installed. For a web\napplication testing lab the basic web testing tools seem to be useful.\nThis can be changed by editing the Dockerfile from which the image is\nbuild. This is located at `./dockerfiles/kali`.\nThe kali service installs these\n[dotfiles](https://github.com/oliverwiegers/dotfiles) by default. This is also\nchangable by tweaking the Dockerfile.\n\n### Victim services\n\n- [juice-shop](https://github.com/bkimminich/juice-shop)\n- [hackazon](https://github.com/rapid7/hackazon)\n- [tiredful-api](https://github.com/payatu/Tiredful-API)\n- [WebGoat](https://owasp.org/www-project-webgoat/)\n- [bwapp](http://www.itsecgames.com/)\n- [DVWA](https://dvwa.co.uk/)\n- [XVWA](https://github.com/s4n7h0/xvwa)\n- [ninjas](https://umbrella.cisco.com/blog/security-ninjas-an-open-source-application-security-training-program)\n\n### Monitoring services\n\n\u003cimg src=\"./screenshots/grafana.png\" alt=\"img\" align=\"right\" width=\"400px\"\u003e\n\u003cimg src=\"./screenshots/grafana_frontpage.png\" alt=\"img\" align=\"right\" width=\"400px\"\u003e\n\nEven though monitoring services are blue_team services as well these are split\nup in a different category.\n\nThis stack provides log and performance observation functionality.\n\nFor further information on single instances see below.\n\nCurrently the monitoring setup is made of the following services:\n\n- [Grafana](https://grafana.com/oss/grafana/) - Visualize logs and metrics.\n- [Loki](https://grafana.com/oss/loki/) - Ship docker logs to grafana.\n- [Prometheus](https://grafana.com/oss/prometheus/) - Ship metrics to grafana.\n- [cAdvisor](https://github.com/google/cadvisor) - Gather container ressource\n  usage and metrics and ship to prometheus.\n\n#### Grafana\n\nThe Grafana instance provides two dashboards one for logs and one for metrics.\n\n- [Logs dashboard](https://grafana.com/grafana/dashboards/12611)\n- [Metrics dashboard](https://grafana.com/grafana/dashboards/14282)\n\nThese are pretty basic. One could add more by adding dashboards via the Grafana\ninterface. These dashboards will be lost when the grafana volume is deleted. To\npermanently add dashboards consult the [Provisioning\nDocs](https://grafana.com/docs/grafana/latest/administration/provisioning/) by\nGrafana. Used directories for provisioning are located at `./etc/grafana/`.\n\nTo change settings via Grafana interface one must login as `admin`. The\ncredentials are the default ones: `admin:admin`. #hacktheplanet\n\n#### Loki\n\nFor Loki beeing able to gather docker logs this lab installs the [Loki Docker\nDriver](https://grafana.com/docs/loki/latest/clients/docker-driver/) as Docker\nplugin.\n\n#### Prometheus / cAdvisor\n\nFor Prometheus beeing able to access performance metrics of the containers\nrunning in the cluster cAdvisor is used.\n\n### Adding services\n\nTo add additional services a little knowledge of `docker-compose.yml` files is\nneeded. The `docker-compose.yml` in the root of this repository is auto\ngenerated when the lab starts. This process uses the yaml files located unter\n`./etc/services`.\n\n```bash\n➜  pentest_lab tree ./etc/services\n./etc/services\n├── blue_team\n│   └── endlessh.yml\n├── default.yml\n├── monitoring\n│   ├── cadvisor.yml\n│   ├── grafana.yml\n│   ├── loki.yml\n│   └── prometheus.yml\n├── red_team\n└── victim\n    ├── beginner\n    │   ├── bwapp.yml\n    │   ├── dvwa.yml\n    │   ├── hackazon.yml\n    │   ├── tiredful.yml\n    │   ├── webgoat.yml\n    │   └── xvwa.yml\n    ├── expert\n    │   └── juice-shop.yml\n    └── intermediate\n        └── ninjas.yml\n```\n\nWhich services will be started is controlled by invoking `./lab.sh` with the\ncorresponding options. To permanently disable a service remove the `.yml` file\nextension.\n\nAn example of a victim service would be:\n\n```yaml\nbwapp:\n  labels:\n    class: 'victim'\n    cluster: 'pentest_lab'\n    level: 'beginner'\n  image: raesene/bwapp\n  ports:\n    - '8080:80'\n  networks:\n    pentest_lab:\n      ipv4_address: 10.5.0.100\n  hostname: bwapp\n  volumes:\n    - bwapp-data:/var/lib/mysql\n```\n\nNote: If a service requires some kind of installation at first usage use\n`docker inspect \u003cimage_name\u003e` to find out where the docker image stores the data\nand add a volume pointing to this directory. In the example above this is:\n\n```yaml\n  volumes:\n    - bwapp-data:/var/lib/mysql\n```\n\nThis ensures that you don't have to setup the service again every time you\nrestart the lab. But if you want to reset the lab and completely start over\nagain you can use `./lab.sh -p | --prune`. This will delete all resources owned by\nthe lab.\n\n#### IP ranges\n\nThe reason we used static IP addresses is that the Kali box needs to have an IP\naddress that doesn't change to simplify SSH login. More in information in the\nTips/Tricks section down below.\n\n- Red team services start at 10.5.0.5\n    - The Kali service has 10.5.0.5.\n- Blue team services start at 10.5.0.50\n- Victim services start at 10.5.0.100\n- Monitoring services start at 10.5.0.200\n\n#### Service Info\n\nIf you add services and there is additional information that is useful for\nanyone running this lab you can add this information to `./etc/services_info`.\nContent of this file will be printed as is line by line by running\n`./lab.sh -i`.\n\n## Tips/Tricks\n\n### SSH\n\nFor an easy connect to the Kali service one could add the following to\n`$HOME/.ssh/cofig`:\n\n```ssh-config\nHost kali\n    User root\n    Hostname 10.5.0.5\n    UserKnownHostsFile /dev/null\n    StrictHostKeyChecking accept-new\n```\n\nSo instead of `ssh root@10.5.0.5 -o \"UserKnownHostsFile /dev/null\"` one could\nrun `ssh kali`.\n\nFor tmux users the following will attach to a tmux session automatically:\n\n```ssh-config\nHost kali\n    User root\n    Hostname 10.5.0.5\n    UserKnownHostsFile /dev/null\n    StrictHostKeyChecking accept-new\n    RequestTTY yes\n    RemoteCommand tmux -L tmux new-session -As hacktheplanet\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foliverwiegers%2Fpentest_lab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foliverwiegers%2Fpentest_lab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foliverwiegers%2Fpentest_lab/lists"}