The most common question from students who is learning website hacking techniques is “how to test my skills legally without getting into troubles?”. So, i always suggest them to use some vulnerable web application such as DVWA.
However, i felt dvwa is not suitable for new and advanced techniques. Mutillidae is one of the best web application vulnerable app to date. However, I missed some techniques/features in Mutillidae. so i thought it is better develop our own app to teach the web application pentesting for my readers and students.
BTS PenTesting Lab is a vulnerable web application that allows you to learn from basic to advanced vulnerability techniques.
Currently, the app contains following vulnerability types:
SQL Injection
Cross Site scripting(XSS)
Cross Site request Forgery(CSRF)
Clickjacking
Server Side Request Forgery(SSRF))
File Inclusion(RFI and LFI)
Command Execution
You can download our app from here:
https://sourceforge .net/p/btslab/
or
https://github.com /breakthesec/btslab
How to run BTS PenTesting Lab?
1. Install XAMPP or WAMPP in your machine
2. Extract the bts_lab zip file into the htdocs folder.
3. Open the “ http://localhost /bts_lab/setup.php” url in your browser.
4. Click the Setup.
That’s all Now you can start to use the app at “http://localhost/bts_lab”
No comments:
Post a Comment