DVWA vagrant

DVWA vagrant

This is a short post on how to setup a dvwa vagrant box for your testing. I recommend this method when installing and testing new tools (and even for developing tools of your own) – there are known vulnerabilities in this system, so you can use the scientific method while building and testing to properly evaluate your choices.

1) install vagrant

    #install virtualbox
    brew install virtualbox
    apt install vagrant
    yum install vagrant
    brew install vagrant
    # install the extension-pack
    brew install caskroom/cask/virtualbox-extension-pack

2) there are a lot of projects out there that wrap dvwa and have bootstrapping done for us already,
the one I am going to use for now is https://app.vagrantup.com/jaxmetalmax/boxes/dvwa-debian

3) clone and setup

mkdir vagrant-dvwa
cd vagrant-dvwa
vagrant init jaxmetalmax/dvwa-debian --box-version 1.0

4) we now have an image of DVWA on our local machine.
we might (if we know the risks) want to open it up to our local network
– eg if you have one machine for running your vagrant images and another for running your tests
from my Vagrant with NFS and public_network post:

Fortunately you can define more than one network in a vagrant machine (as you can in a real machine)
Modify your vagrantfile (making sure to use the correct adaptor in your bridge):

# original private_network needed for NFS
  config.vm.network "private_network", ip: "192.168.100.100"
  config.vm.network "public_network", bridge: "en0: Wi-Fi (AirPort)", ip: "192.168.1.20"

This will add two networks to your vagrant machine. it will be available on your network as http://192.168.1.20 from the example above

5) start her up!

vagrant up
vagrant ssh