Hi, this is the main page of PentestLab. Pentestlab is a part of PentestBox project, it is basically a collection of vulnerable web applications pre configured. Below is the list of all vulnerable web application provided with this lab. It also list out default credentials if any required by the applications.
Note: Make sure you do not run this environment on any computer which can be accessed from the internet, otherwise that can lead to compromise your system because these web applications have high severity vulnerabilities.
Below are the credentials for mysql Username: root Password : Yes, there is no password for the mysql user root.
bWAPP - bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
bWAPP prepares one to conduct successful penetration testing and ethical hacking projects.
bWAPP Username: bee bWAPP Password: bug
dvwa - Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
dvwa Username: admin dvwa Password: password
DVWS - Damn Vulnerable Web Services is a vulnerable testing environment that can be used to learn real world web service vulnerabilities. The aim of this project is to aid security professionals in testing their skills and tools in a legal environment.
No Username and Password required.
Mutillidae - OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest.
No Username and Password required.
XVWA - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
No Username and Password Required.