Looking for the latest version? Download Dojo-2.1.1.ova (1.8 GB)
Name Modified Size Downloads / Week Status
Totals: 13 Items   266.1 kB 9
Version_2.1 2015-08-25 192192 weekly downloads
Docs 2015-02-19 44 weekly downloads
Version_2.1-beta 2014-09-25 7272 weekly downloads
Build_Files 2013-08-02 11 weekly downloads
Version_2.0 2012-07-26 2020 weekly downloads
Beta_build_xss-labs 2012-03-07 11 weekly downloads
Version_1.2 2011-06-30 3737 weekly downloads
Version_1.1 2010-10-05 11 weekly downloads
Version_1.1rc1 2010-09-24 6565 weekly downloads
Version_1.0 2010-06-07 44 weekly downloads
Version_0.4 2010-02-02 11 weekly downloads
VirtualBoxInstall4Dojo.pdf 2015-05-04 262.6 kB 77 weekly downloads
README.textile 2015-02-19 3.5 kB 22 weekly downloads

Web Security Dojo

An open source self-contained training environment for Web Application Security penetration testing.
Tools + Targets = Dojo


Various web application security testing tools and vulnerable web applications were added to a clean install of xubuntu 12.04. Build scripts are available in git at Sourceforge.


For learning and practicing web app security testing techniques. It does not need a network connection since it contains both tools and targets. Therefore, it is ideal for self-study, training classes, and conferences. Also, this removes the possibility of remote attack on the targets, which are insecure by design.


See http://dojo.mavensecurity.com for more details and updates.


Sponsored by Maven Security Consulting. Open source, so contributions, suggestions, and collaboration is welcome.


Thanks go out to:

Ubuntu for making a really nice Linux
Splash screen and desktop background based on work by Flickr.com user “Lucio”
OWASP for various tools and information, and leading the industry as an educational institution.
PortSwigger for Burp Suite. Redistributed with permission
ethicalhack3r for DVWA
Foundstone for Hacme Casino
lcamtuf for Ratproxy
Bernardo Damele A. G. and Daniele Bellucci for sqlmap
Matthias Rohr for Skavenger
Chris Sullo for Davtest
James Fisher for dirbuster
Bruce Leban, Mugdha Bendre, and Parisa Tabriz for Gruyere
Lawrence Angrave for insecure web app
Ian de Villiers for J-Baah
Yiannis Pavlosoglou and Nathan Sportsman for jbrofuzz
HD Moore and the metasploit team for metasploit
The paros team for paros
Fortify Software, Inc for “RATS”: https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
lcamtuf for skipfish
Andres Riancho and the w3af project for w3af and the w3af test environment
Bruce Mayhew and the webgoat team for webgoat
Rogan Dawes for webscarab
GNUCITIZEN for websecurify
Tasos Zapotek Laskos for “Arachni:http://zapotek.github.com/arachni/
Psiinon and the ZAP team for OWASP Zed Attack Proxy
Andreas Schmidt for WATOBO
Shay Chen for WAVSEP
BeEF developers for BeEF
Many other open source/free software developers who have created great foundational tools

Source: README.textile, updated 2015-02-19