https://github.com/trivediayush/dvwa-application

Damn Vulnerable Web Application (DVWA) on a local Kubernetes cluster using Minikube and then simulate common web application attacks.
https://github.com/trivediayush/dvwa-application

dvwa kubernetes minikube security-lab

Last synced: 5 months ago
JSON representation

Damn Vulnerable Web Application (DVWA) on a local Kubernetes cluster using Minikube and then simulate common web application attacks.

• Host: GitHub
• URL: https://github.com/trivediayush/dvwa-application
• Owner: trivediayush
• Created: 2025-04-16T08:58:58.000Z (about 1 year ago)
• Default Branch: master
• Last Pushed: 2025-04-16T09:11:08.000Z (about 1 year ago)
• Last Synced: 2025-05-27T00:43:21.451Z (about 1 year ago)
• Topics: dvwa, kubernetes, minikube, security-lab
• Homepage:
• Size: 1.08 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: Readme.md

Awesome Lists containing this project

README

          
🛡️ DVWA on Kubernetes - Local Security Lab

===========================================

This project demonstrates how to deploy **Damn Vulnerable Web Application (DVWA)** on a local Kubernetes cluster using **Minikube** and then simulate common web application attacks.

📸 Screenshots

--------------

*   Minikube Running:

*   

*   

*   

*   DVWA Deployment: 

*   

*   Command Injection Result:

*   

*   SQL Injection Result:

*   

*   Stored XSS Alert:

*   

*   

🛠 Setup Steps

--------------

### 1\. Start Minikube

    minikube start --driver=docker

### 2\. Create `dvwa.yaml`

### 3\. Apply the Configuration

    kubectl apply -f dvwa.yaml

### 4\. Access DVWA

    minikube service dvwa -n dvwa

Open the given URL (usually `http://192.168.49.2:30001`) in your browser.

### 5\. Login

*   Username: `admin`

*   Password: `password`

Go to **DVWA Security** tab and set security level to `LOW`.

🧪 Attack Demonstrations

------------------------

### 1️⃣ Command Injection

*   Go to: **DVWA → Command Injection**

*   Input: `127.0.0.1; whoami`

*   Result: Displays container user like `www-data`

### 2️⃣ SQL Injection

*   Go to: **DVWA → SQL Injection**

*   Input: `1' OR '1'='1`

*   Result: Database returns all users bypassing login filters

### 3️⃣ Stored Cross Site Scripting (XSS)

*   Go to: **DVWA → Stored XSS**

*   Input:

    

        alert('XSS attack!')

    

*   Result: Alert pops up when viewing the page

🧹 Cleanup

----------

To remove the deployment and stop the cluster:

    kubectl delete namespace dvwa

    minikube stop

📚 References

-------------

*   [DVWA GitHub](https://github.com/ethicalhack3r/DVWA)

*   [OWASP Attack References](https://owasp.org/www-community/attacks/)

* * *

Created for practicing security testing.

📌 Author

-------------

# Ayush Trivedi