Advertisement

🚀 Try NucleiFuzzer – Your Web VAPT Automation Tool

Supercharge your bug bounty or pentesting workflow! NucleiFuzzer automates XSS, LFI, RCE & more using Nuclei + Fuzzing Templates.

Free Cloud (Browser-based) Labs of DVWA and bWAPP

0xKayala December 10, 2023

Pentester Academy Labs

Pentester Academy labs are entirely browser-based, private, and include access to a Terminal/GUI-based Kali, Ubuntu, or other operating systems, with the necessary tools and scripts pre-installed. You will not need any other software to get started.

DVWA Interface

Image Source: DVWA

DVWA

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is intentionally vulnerable. It helps security professionals, developers, students, and educators learn and practice web application security in a legal and controlled environment.

DVWA allows practicing vulnerabilities with different difficulty levels and features a straightforward interface. It is licensed under GPLv3.

While DVWA can be downloaded and run locally, Pentester Academy offers a fully hosted version to save time and effort.

Sample vulnerabilities include:

  • Cross-Site Scripting (DOM/Reflected/Stored)
  • Command Injection
  • CSRF
  • Brute Force
  • Weak Session IDs
  • SQL Injection (Blind)
  • File Inclusion/Upload
  • Insecure CAPTCHA

Login credentials:

  • User: admin
  • Password: password

Access the labs:

bWAPP Interface

Image Source: bWAPP

bWAPP

bWAPP (Buggy Web Application) is a free, open-source PHP application deliberately made vulnerable. It is designed for educational purposes and helps developers, students, and security professionals learn how to identify and prevent web vulnerabilities.

bWAPP includes over 100 web bugs covering all OWASP Top 10 risks and more.

You can run bWAPP on Linux/Windows with Apache/IIS and MySQL, or use preconfigured packages like WAMP/XAMPP. A pre-installed Linux VM version called bee-box is also available.

Sample vulnerabilities include:

  • Arbitrary File Access
  • SQL Injection
  • Code Injection
  • Cross-Site Scripting
  • Cross-Site Request Forgery
  • Heartbleed
  • Shellshock

Login credentials:

  • User: bee
  • Password: bug

Access the labs:

Support & Follow

🙏 Thank you for reading this post!

If you found this helpful, consider supporting me by buying a cup of Coffee

Follow me:

Resources:

Tags
0xKayala

Posted by 0xKayala

Post a Comment

0 Comments