× Help save net neutrality! Learn more.
Looking for the latest version? Download Dojo-3.3.ova (2.7 GB)
Home / Beta_build_xss-labs
Name Modified Size Downloads / Week Status
Parent folder
dojo2.0-pre-xss_labs.ova 2012-03-07 1.4 GB 0
Totals: 1 Item   1.4 GB

Web Security Dojo

An open source self-contained training environment for Web Application Security penetration testing.
Tools + Targets = Dojo


Various web application security testing tools and vulnerable web applications were added to a clean install of xubuntu 12.04. Build scripts are available in git at Sourceforge.


For learning and practicing web app security testing techniques. It does not need a network connection since it contains both tools and targets. Therefore, it is ideal for self-study, training classes, and conferences. Also, this removes the possibility of remote attack on the targets, which are insecure by design.


See http://dojo.mavensecurity.com for more details and updates.


Sponsored by Maven Security Consulting. Open source, so contributions, suggestions, and collaboration is welcome.


Thanks go out to:

Ubuntu for making a really nice Linux
Splash screen and desktop background based on work by Flickr.com user “Lucio”
OWASP for various tools and information, and leading the industry as an educational institution.
PortSwigger for Burp Suite. Redistributed with permission
ethicalhack3r for DVWA
Foundstone for Hacme Casino
lcamtuf for Ratproxy
Bernardo Damele A. G. and Daniele Bellucci for sqlmap
Matthias Rohr for Skavenger
Chris Sullo for Davtest
James Fisher for dirbuster
Bruce Leban, Mugdha Bendre, and Parisa Tabriz for Gruyere
Lawrence Angrave for insecure web app
Ian de Villiers for J-Baah
Yiannis Pavlosoglou and Nathan Sportsman for jbrofuzz
HD Moore and the metasploit team for metasploit
The paros team for paros
Fortify Software, Inc for “RATS”: https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
lcamtuf for skipfish
Andres Riancho and the w3af project for w3af and the w3af test environment
Bruce Mayhew and the webgoat team for webgoat
Rogan Dawes for webscarab
GNUCITIZEN for websecurify
Tasos Zapotek Laskos for “Arachni:http://zapotek.github.com/arachni/
Psiinon and the ZAP team for OWASP Zed Attack Proxy
Andreas Schmidt for WATOBO
Shay Chen for WAVSEP
BeEF developers for BeEF
Many other open source/free software developers who have created great foundational tools

Source: README.textile, updated 2015-02-19

Thanks for helping keep SourceForge clean.

Screenshot instructions:
Red Hat Linux   Ubuntu

Click URL instructions:
Right-click on ad, choose "Copy Link", then paste here →
(This may not be possible with some types of ads)

More information about our ad policies

Briefly describe the problem (required):

Upload screenshot of ad (required):
Select a file, or drag & drop file here.

Please provide the ad click URL, if possible:

Get latest updates about Open Source Projects, Conferences and News.

No, Thank you