This is a short post on how to setup a dvwa vagrant box for your testing. I recommend this method when installing and testing new tools (and even for developing tools of your own) – there are known vulnerabilities in this system, so you can use the scientific method while building and testing to properly evaluate your choices.
1) install vagrant
#install virtualbox brew install virtualbox apt install vagrant yum install vagrant brew install vagrant # install the extension-pack brew install caskroom/cask/virtualbox-extension-pack
2) there are a lot of projects out there that wrap dvwa and have bootstrapping done for us already,
the one I am going to use for now is https://app.vagrantup.com/jaxmetalmax/boxes/dvwa-debian
3) clone and setup
mkdir vagrant-dvwa cd vagrant-dvwa vagrant init jaxmetalmax/dvwa-debian --box-version 1.0
4) we now have an image of DVWA on our local machine.
we might (if we know the risks) want to open it up to our local network
– eg if you have one machine for running your vagrant images and another for running your tests
from my Vagrant with NFS and public_network post:
Fortunately you can define more than one network in a vagrant machine (as you can in a real machine)
Modify your vagrantfile (making sure to use the correct adaptor in your bridge):
# original private_network needed for NFS config.vm.network "private_network", ip: "192.168.100.100" config.vm.network "public_network", bridge: "en0: Wi-Fi (AirPort)", ip: "192.168.1.20"
This will add two networks to your vagrant machine. it will be available on your network as http://192.168.1.20 from the example above
5) start her up!
vagrant up vagrant ssh