https://github.com/qeeqbox/pentest-labs

https://github.com/qeeqbox/pentest-labs

Last synced: 3 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/qeeqbox/pentest-labs
• Owner: qeeqbox
• License: agpl-3.0
• Created: 2020-12-22T23:15:16.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2020-12-28T18:46:15.000Z (over 4 years ago)
• Last Synced: 2025-01-16T05:55:51.019Z (5 months ago)
• Language: HTML
• Size: 205 KB
• Stars: 14
• Watchers: 3
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# pentest-labs (Still in progress)

```

├── authentication

│   ├── authentication-bypass.json

│   ├── brute-force

│   │   ├── credential-stuffing.json

│   │   ├── dictionary-attack.json

│   │   ├── hybrid-brute-force.json

│   │   ├── password-spraying.json

│   │   ├── reverse-brute-force.json

│   │   └── simple-brute-force.json

│   ├── captcha-bypass.json

│   ├── default-credential.json

│   ├── multi-factor-authentication-bypass.json

│   └── session

│       ├── cross-site-request-forgery.json

│       ├── cross-site-script-inclusion.json

│       ├── session-fixation.json

│       ├── session-hijacking.json

│       └── session-replay.json

├── authorization

│   ├── authorization-bypass.json

│   ├── horizontal-privilege-escalation.json

│   └── vertical-privilege-escalation.json

├── buffer-overflow

│   ├── heap-based-overflow.json

│   ├── seh-overflow.json

│   └── stack-based-overflow.json

├── clickjacking.json

├── client-side

│   └── cross-frame-scripting.json

├── cross-site-scripting

│   ├── cross-site-scripting.json

│   ├── dom-based-cross-site-scripting.json

│   ├── reflected-cross-site-scripting.json

│   └── stored-cross-site-scripting.json

├── file-inclusion

│   ├── local-file-inclusion.json

│   └── remote-file-inclusion.json

├── http-request-smuggling.json

├── information-disclosure

│   ├── directory-listing.json

│   ├── forced-browsing.json

│   ├── hardcoded-sensitive-data.json

│   ├── information-leakage.json

│   ├── insecure-direct-object-reference.json

│   └── path-traversal.json

├── injection

│   ├── client-template-injection.json

│   ├── formula-injection.json

│   ├── http-header-injection.json

│   ├── ldap-injection.json

│   ├── log-injection.json

│   ├── nosql-injection.json

│   ├── open-redirect.json

│   ├── os-command-injection.json

│   ├── reflection-injection.json

│   ├── server-side-template-injection.json

│   ├── sql-injection.json

│   ├── xpath-injection.json

│   ├── xslt-injection.json

│   └── xxe-injection.json

└── insecure-deserialization.json

```

## Install and run (docker)

```sh

git clone https://github.com/qeeqbox/pentest-labs.git

#Choose your lab (Each lab has run.sh)

cd pentest-labs/authentication/default-credential/

chmod +x run.sh

./run.sh

visit http://0.0.0.0:5142

```