README
ΒΆ
__ __ __ __ __
_ __ ____ __/ /____ ___ _______ _/ / / /_____ _/ /____ ____ _____ ____ / /_
| |/ // / // / // _ \/ -_) __/ _ `/ _ \ / __/ _ `/ __/ _ `/ -_) __/ _ `/ -_)/ __/
|___/\_,_/_//_//_//_/\__/_/ \_,_/_.__/ \__/\_,_/_/ \_, /\__/\__/\_, /\__/ \__/
/___/ /___/
Create intentionally vulnerable environments for security testing, education, and research
[!Important] This project is in active development. Expect breaking changes with releases. Review the release changelog before updating. vt creates intentionally vulnerable environments - always run in isolated networks (VMs/sandboxes) and never expose to the internet.
Table of Contents
- Features
- Installation
- Quick Start
- Usage
- Templates
- What can you do with vt?
- Documentation
- Community
- License
Features
| Feature | Description | |
|---|---|---|
| π³ | Docker Compose | Container orchestration for vulnerable environments |
| π¦ | Templates | Community-curated vulnerable targets from vt-templates |
| π·οΈ | Tag Filtering | Find templates by vulnerability type (sqli, xss, ssrf, etc.) |
| π | State Tracking | Track and manage running deployments |
| π | Auto-Update | Sync templates from remote repository |
Installation
Prerequisites
- Go 1.24+
- Docker & Docker Compose
Install with Go
go install github.com/happyhackingspace/vt/cmd/vt@latest
Build from Source
git clone https://github.com/HappyHackingSpace/vt.git
cd vt
go build -o vt cmd/vt/main.go
mv vt /usr/local/bin/ # Optional: add to PATH
Quick Start
# 1. Browse available templates
vt template --list
# 2. Start a vulnerable environment
vt start --id vt-dvwa
# 3. Access the target at http://localhost:80
Usage
Command Reference
| Command | Description |
|---|---|
vt template --list |
List all available templates |
vt template --list --filter <tag> |
Filter templates by tag |
vt template --update |
Update templates from remote repository |
vt start --id <template-id> |
Start a vulnerable environment |
vt start --tags <tag1,tag2> |
Start all templates matching tags |
vt ps |
List running environments |
vt stop --id <template-id> |
Stop an environment |
vt stop --tags <tag1,tag2> |
Stop all templates matching tags |
vt -v debug <command> |
Run with debug verbosity |
Examples
# List templates with SQL injection vulnerabilities
vt template --list --filter sqli
# Start DVWA (Damn Vulnerable Web App)
vt start --id vt-dvwa
# Start all XSS-related labs
vt start --tags xss
# Check running environments
vt ps
# Stop a specific environment
vt stop --id vt-dvwa
Templates
Templates are automatically cloned to ~/vt-templates on first run.
| Template | Type | Description |
|---|---|---|
vt-dvwa |
Lab | Damn Vulnerable Web Application |
vt-juice-shop |
Lab | OWASP Juice Shop |
vt-webgoat |
Lab | OWASP WebGoat |
vt-bwapp |
Lab | Buggy Web Application |
vt-mutillidae-ii |
Lab | OWASP Mutillidae II |
Want more? Check out the vt-templates repository for all available templates and contribution guidelines.
What can you do with vt?
| Use Case | Template |
|---|---|
| Practice SQL Injection | vt-dvwa |
| Learn XSS Exploitation | vt-dvwa |
| Test OWASP Top 10 | vt-juice-shop |
| Exploit Real CVEs | vt-2025-29927 |
| API Security Testing | vt-webgoat |
| Train Security Teams | vt-mutillidae-ii |
Documentation
| Resource | Description | |
|---|---|---|
| π | Wiki | Full documentation and guides |
| π¦ | Templates | Browse all available templates |
| π€ | Contributing | Contribution guidelines |
| π | Issues | Report bugs or request features |
Community
- π¬ Discord: Join our community
- π Issues: Report bugs
- π€ Contributing: Check out CONTRIBUTING.md
License
This project is licensed under the MIT License - see the LICENSE file for details.
Happy Hacking! π―
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
vt
command
Package main is the entry point for the vulnerable target application.
|
Package main is the entry point for the vulnerable target application. |
|
internal
|
|
|
app
Package app provides the application dependency container and configuration.
|
Package app provides the application dependency container and configuration. |
|
banner
Package banner provides ASCII art banner and colorful text utilities for the vulnerable target application.
|
Package banner provides ASCII art banner and colorful text utilities for the vulnerable target application. |
|
cli
Package cli provides command-line interface functionality for the vulnerable target application.
|
Package cli provides command-line interface functionality for the vulnerable target application. |
|
file
Package file provides file system utilities for the vulnerable target application.
|
Package file provides file system utilities for the vulnerable target application. |
|
logger
Package logger provides logging functionality for the vulnerable target application.
|
Package logger provides logging functionality for the vulnerable target application. |
|
state
Package state provides deployment management
|
Package state provides deployment management |
|
pkg
|
|
|
provider
Package provider defines interfaces and types for managing vulnerable target environments.
|
Package provider defines interfaces and types for managing vulnerable target environments. |
|
provider/dockercompose
Package dockercompose provides Docker Compose provider implementation for managing vulnerable target environments.
|
Package dockercompose provides Docker Compose provider implementation for managing vulnerable target environments. |
|
provider/registry
Package registry manages the collection of available providers.
|
Package registry manages the collection of available providers. |
|
store
Package store provides generic storage interfaces and factory functions for different storage backends
|
Package store provides generic storage interfaces and factory functions for different storage backends |
|
store/disk
Package disk provides configuration for disk-based storage implementations
|
Package disk provides configuration for disk-based storage implementations |
|
template
Package template provides functionality for loading and managing vulnerable target environment templates.
|
Package template provides functionality for loading and managing vulnerable target environment templates. |
Click to show internal directories.
Click to hide internal directories.