• Stars
    star
    159
  • Rank 235,916 (Top 5 %)
  • Language
    PHP
  • Created over 4 years ago
  • Updated almost 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Damn Vulnerable WordPress

Damn Vulnerable WordPress

Playground for WordPress hacking and wpscan testing.

DO NOT EXPOSE THIS TO INTERNET!

Installation

$ git clone https://github.com/vavkamil/dvwp.git
$ cd dvwp/
$ docker-compose up -d --build
$ docker-compose run --rm wp-cli install-wp

Usage

$ docker-compose up -d
$ docker-compose down

Shell

docker exec -ti dvwp_wordpres_1 /bin/bash

Interface

Credentials

  • Wordpress: admin/admin
  • MySQL: root/password

Vulnerabilities

Feel free to contribute with pull requests ;)

Plugins

Otherz

  • Directory listing
  • display_errors
  • info.php
  • dump.sql
  • adminer.php
  • search-replace-db
  • cross-domain

TODO

  1. Add versions and description to each vulnerability in README.md
  2. Upload docker image to Docker Hub registry
  3. Get rid of the Dockerfile
  4. Run wp-cli automatically during build
  5. Use "svn co" or "wp-cli" to download vulnerable plugins directly
  6. Add more vulnerable plugins/themes
  7. Update WP and php to latest
  8. Add vulnerable phpmyadmin?
  9. Add script to pull access.log and error.log from container

More Repositories

1

awesome-bugbounty-tools

A curated list of various bug bounty tools
4,081
star
2

awesome-vulnerable-apps

Awesome Vulnerable Applications
974
star
3

xss2png

PNG IDAT chunks XSS payload generator
Python
166
star
4

XFFenum

X-Forwarded-For [403 forbidden] enumeration
Python
88
star
5

wp-update-confusion

WordPress Plugin Update Confusion
Python
66
star
6

dkimsc4n

Asynchronous wordlist based DKIM scanner
Python
54
star
7

XSSwagger

A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks
Python
53
star
8

bugbountytip.com

Flask powered website to display tweets with a hashtag #bugbountytip
HTML
16
star
9

BBClip

Bug Bounty Clipboard
JavaScript
16
star
10

h1_2_nuclei

Scan any HackerOne program with Nuclei
Python
10
star
11

wp2burp

Intercept WordPress requests with Burp Suite
Shell
9
star
12

old-repos-backup

Back-up of my old unmaintained GitHub repositories
Perl
8
star
13

SpyPortal

Sniffing & geolocating saved SSIDs
Python
7
star
14

XSSworm.dev

Self-replication contest
CSS
6
star
15

web-security-notify

Telegram bot to notify about new Web Security Academy labs
Python
5
star
16

bb_tldr_bot

tldr; bot for r/bugbounty
Python
4
star
17

openvpn_proton

OpenVPN / ProtonVPN
Python
4
star
18

API-Keys-Snitch

Burp extension to detect & report exposed API keys as an Informative issue
Python
4
star
19

xml-rpc-settings

Configure XML-RPC methods to increase the security of your website
PHP
4
star
20

dvnc

Damn Vulnerable Nginx Config
Dockerfile
3
star
21

vavkamil

https://news.ycombinator.com/item?id=23807881
2
star
22

r-bugbounty-automod

reddit.com/r/bugbounty AutoModerator config
2
star
23

vavkamil.cz

My personal blog
HTML
2
star
24

securitytxt.cz

https://securitytxt.cz/
TSQL
1
star