The interactive file manager requires Javascript. Please enable it or use sftp or scp.
You may still browse the files here.

Name	Modified	Size	InfoDownloads / Week
Version_3.4.1	2020-03-04		197
Build_Files	2017-08-28		0
Docs	2015-02-19		0
Version_2.0	2012-07-26		2
Version_1.0	2010-06-07		1
VirtualBoxInstall4Dojo.pdf	2015-05-04	262.6 kB	3
README.textile	2015-02-19	3.5 kB	1
Totals: 7 Items		266.1 kB	204

Web Security Dojo

An open source self-contained training environment for Web Application Security penetration testing.
Tools + Targets = Dojo

What?

Various web application security testing tools and vulnerable web applications were added to a clean install of xubuntu 12.04. Build scripts are available in git at Sourceforge.

Why?

For learning and practicing web app security testing techniques. It does not need a network connection since it contains both tools and targets. Therefore, it is ideal for self-study, training classes, and conferences. Also, this removes the possibility of remote attack on the targets, which are insecure by design.

Where?

See http://dojo.mavensecurity.com for more details and updates.

Who?

Sponsored by Maven Security Consulting. Open source, so contributions, suggestions, and collaboration is welcome.

Credits

Thanks go out to:

Ubuntu for making a really nice Linux
Splash screen and desktop background based on work by Flickr.com user “Lucio“
OWASP for various tools and information, and leading the industry as an educational institution.
PortSwigger for Burp Suite. Redistributed with permission
ethicalhack3r for DVWA
Foundstone for Hacme Casino
lcamtuf for Ratproxy
Bernardo Damele A. G. and Daniele Bellucci for sqlmap
Matthias Rohr for Skavenger
Chris Sullo for Davtest
James Fisher for dirbuster
Bruce Leban, Mugdha Bendre, and Parisa Tabriz for Gruyere
Lawrence Angrave for insecure web app
Ian de Villiers for J-Baah
Yiannis Pavlosoglou and Nathan Sportsman for jbrofuzz
HD Moore and the metasploit team for metasploit
The paros team for paros
Fortify Software, Inc for “RATS”: https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
lcamtuf for skipfish
Andres Riancho and the w3af project for w3af and the w3af test environment
Bruce Mayhew and the webgoat team for webgoat
Rogan Dawes for webscarab
GNUCITIZEN for websecurify
Tasos Zapotek Laskos for “Arachni:http://zapotek.github.com/arachni/
Psiinon and the ZAP team for OWASP Zed Attack Proxy
Andreas Schmidt for WATOBO
Shay Chen for WAVSEP
BeEF developers for BeEF
Many other open source/free software developers who have created great foundational tools

Source: README.textile, updated 2015-02-19

Web Security Dojo Files

Virtual training environment to learn web app ethical hacking.