Running OWASP Security Shepherd with Docker compose on Kali 2019.4
17 Dec 2019
Explanation
OWASP Security Shepherd is a vulnerable web application for the practice.
Unlike other vulnerable webapp like DVWA, Juice Shop, WebGoat,
- has also challenges for mobile app security
- focuses on the vulnerability of web application “spec”. not like ordinary XSS, SQLi and so on.
- more focused on learning local proxy(like Burp Suite), request validation
We have several ways to set up this platform but this time Docker compose was used.
This is a personal memo for the setup procedure.
Environment
- OS: Kali linux 2019.4
- Docker: 19.03.4
- OWASP Security Shepherd: v3.2
Solution
1. Installing prerequisits
root@kali:~# apt-get install docker.io docker-compose default-jdk maven
---
root@kali:~# git clone https://github.com/OWASP/SecurityShepherd.git2. Initial setup
root@kali:~# cd SecurityShepherd/
root@kali:~/SecurityShepherd# mvn -Pdocker clean install -DskipTests
root@kali:~/SecurityShepherd# service docker start
root@kali:~/SecurityShepherd# docker-compose up -d # -d for get terminal back
---3. Login
We can use the following credential for login.
admin:passwordAfter that, change the current password.
Now we can start the challenges.
By clicking “Get Next Challenge”, we cam proceed to the challenges.
First challenge is for the HTTP request modification with local proxy.
4. Select Open Floor mode
To see all challenges, we have to change the mode to the “Open Floor mode”.
Click “Admin” and go to “Module Management” -> “Challenge Module Layout”.
Enable the “Open Floor mode” by clicking the button.
5. Remove Docker container
# stop all docker containers
root@kali:~/SecurityShepherd# docker-compose stop
# remove all docker containers
root@kali:~/SecurityShepherd# docker-compose down
# remove all docker containers and Security Shepherd images
root@kali:~/SecurityShepherd# docker-compose down --rmi all
# rebuild
root@kali:~/SecurityShepherd# docker-compose build
---
root@kali:~/SecurityShepherd# docker-compose up -d