Photo by JESHOOTS.COM on Unsplash

Lab setup for Vulnerability Assessment and Penetration Testing

Over the years, I have dedicated myself to testing and exploring more efficient tools and scripts to simplify the process of initiating VAPT on a target. In this article, I aim to share the collection of scripts and tools that currently play a significant role in my professional life. These resources have been invaluable in enhancing my capabilities and optimizing my workflow for successful VAPT engagements.

What the setup is capable of?

At present, the setup only requires the domain name to initiate the process. It can effectively identify open and vulnerable ports, detect missing security headers, assess cryptographic strengths, locate hidden files and directories, and even discover subdomains, among various other capabilities. More tools and scripts will be added in the coming future. The toolkit can be easily used on any operating system which supports docker.

Setup lab on your local system

As mentioned earlier, it is designed to run on any system compatible with Docker. Therefore, the initial step involves installing Docker on your system. The installation process varies depending on your operating system, and you can find detailed instructions here: https://docs.docker.com/get-docker

After Docker is successfully installed, proceed to pull the scanner image from my repository on Docker Hub.

docker pull geniwazir/scanner

The provided command downloads and installs the required tools and configurations. After that, you can run the scanner by specifying the website URL.

To utilize the scanner, obtain shell access to the container, and then initiate the scanner.

docker run -it geniwazir/scanner /bin/bash

# After getting the shell execute this command
python3 scanner.py -u <URL>

The output is presented in the terminal, and concurrently, a PDF file encapsulating all scan details for the specified URL is generated. To acquire the PDF report on the host system, execute the following command in a new terminal without closing the previous terminal.

sudo docker cp {container_id}:/opt/scanner/{domain_name}.pdf ~/Documents

You now have a PDF report containing the results of the automated scan. This report can be easily shared with other team members. After reviewing the report, you can proceed to manual testing, for which you should have the listed tools configured on your system.

1. Burp (Professional)
2. Foxyproxy
3. ExifTool
4. John
5. Metasploit
6. SQLMap

You also have the option to utilize alternative tools based on your preference. Your primary objective should be to identify and address all vulnerabilities, thereby ensuring the security of the website or the target.