security-lab/read at master · AlphaDevelopmental/security-lab · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<!-- Optional banner: add an image at assets/banner.png and this will show -->
<!-- Example: assets/banner.png should be a 1200×300 PNG or SVG for best results -->
<!-- To add a banner, create the folder 'assets' and put banner.png inside it -->

<!-- Banner image (uncomment if you add assets/banner.png) -->
<!--
<p align="center">
  <img src="assets/banner.png" alt="AlphaDevelopmental Security Lab" width="100%" />
</p>
-->

# 🧠 AlphaDevelopmental — Dockerized Security Lab

[![Build](https://github.com/AlphaDevelopmental/security-lab/actions/workflows/build-vuln-bank.yml/badge.svg)](https://github.com/AlphaDevelopmental/security-lab/actions)
[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](./LICENSE)
[![Docker Ready](https://img.shields.io/badge/Docker-Ready-blue.svg)](#)
[![Author](https://img.shields.io/badge/Author-AJANI%20TAIWO%20MICHEAL-blue.svg)](https://github.com/AlphaDevelopmental)

A modular, dockerized **vulnerable environment** designed for hands-on learning, teaching, and demonstrating web & API security vulnerabilities — including SQL injection, authentication flaws, insecure file handling, and business-logic flaws.

**Author:** Ajani Taiwo Micheal (AlphaDevelopmental)
**Repo:** https://github.com/AlphaDevelopmental/security-lab

---

## 🚀 Quick highlights

- ✅ Profile-based `docker-compose.yml` (start only what you need)
- ⚠️ Intentionally vulnerable apps for training (DO NOT expose publicly)
- 🧰 Includes DVWA, Juice Shop, WebGoat, Mutillidae, VulnBank (Flask), API labs, and more
- 🧩 `docker-maintenance.sh` helper script for build / start / stop / clean
- 📦 `.env.example` provided — **never commit** your `.env`

---

## 🧱 Included apps (short list)

- **Juice Shop** — OWASP Top 10 practice (Port `3000`)
- **DVWA** — classic PHP vuln app (Port `8082`)
- **Mutillidae / NOWASP** (Port `8083`)
- **WebGoat / WebWolf** — guided lessons (Ports `8080` / `9090`)
- **VulnBank** — custom Flask banking app (Port `5000`)
- **DVGA / Pixi / DVRA / SSRF app** — API & GraphQL practice
- **Portainer** — local Docker UI (bound to `localhost`)

See `docker-compose.yml` for the full list and enabled profiles.

---

## ⚙️ Prerequisites

- Docker (Engine) — latest stable release
- Docker Compose v2 (recommended)
- 4+ GB RAM available (recommended when running multiple services)

---

## 🔧 Quick start

```bash
# 1) clone
git clone https://github.com/AlphaDevelopmental/security-lab.git
cd security-lab

# 2) create local .env from example (edit values if you want)
cp .env.example .env

# 3) start a useful subset (web basics) or everything
docker compose --profile web-basics up -d
# or
docker compose --profile all up -d

# 4) check running containers
docker compose ps

# 5) stop when finished
docker compose down