README
ΒΆ
Spin up vulnerable targets from your terminal π―
[!CAUTION] This project is in active development. Expect breaking changes with releases. Review the release changelog before updating. vt creates intentionally vulnerable environments - always run in isolated networks (VMs/sandboxes) and never expose to the internet.
Table of Contents
- Features
- Installation
- Quick Start
- Usage
- Templates
- Playbooks
- What can you do with vt?
- Documentation
- Star History
- Contributors
- Community
- License
Features
| Feature | Description | |
|---|---|---|
| π³ | Docker Compose | Container orchestration for vulnerable environments |
| π¦ | Templates | Community-curated vulnerable targets from vt-templates |
| π | Playbooks | Group multiple templates into training scenarios and run them together |
| π | State Tracking | Track and manage running deployments |
| π | Inspect | View detailed info (CVE, CVSS, CWE, PoC, remediation) for any template or playbook |
| π | Auto-Update | Sync templates from remote repository |
Installation
Prerequisites
- Go 1.25.6+
- Docker & Docker Compose
Install with Go
go install github.com/happyhackingspace/vt/cmd/vt@latest
Build from Source
git clone https://github.com/HappyHackingSpace/vt.git
cd vt
go build -o vt cmd/vt/main.go
mv vt /usr/local/bin/ # Optional: add to PATH
Quick Start
# 1. Browse available templates
vt template --list
# 2. Start a vulnerable environment
vt start --id vt-dvwa
# 3. Access the target at http://localhost:80
Usage
Command Reference
Templates
| Command | Description |
|---|---|
vt template --list |
List all available templates |
vt template --list --filter <tag> |
Filter templates by tag |
vt template --update |
Update templates from remote repository |
Environments
| Command | Description |
|---|---|
vt start --id <template-id> |
Start a vulnerable environment |
vt stop --id <template-id> |
Stop an environment |
vt ps |
List all running environments |
vt inspect --id <template-id> |
Show full details for a template |
Playbooks
| Command | Description |
|---|---|
vt playbook list |
List all available playbooks |
vt playbook run --id <playbook-id> |
Start all templates in a playbook |
vt playbook stop --id <playbook-id> |
Stop all templates in a playbook |
Global Flags
| Flag | Values | Description |
|---|---|---|
-v, --verbosity |
debug info warn error fatal panic |
Set log verbosity (default: info) |
Examples
# List templates with SQL injection vulnerabilities
vt template --list --filter sqli
# Start DVWA (Damn Vulnerable Web App)
vt start --id vt-dvwa
# Inspect a template β see CVE, CVSS, CWE, PoC, and remediation steps
vt inspect --id vt-dvwa
# Check running environments
vt ps
# Stop a specific environment
vt stop --id vt-dvwa
# Run an entire playbook (multiple targets at once)
vt playbook run --id vt-pb-1
# List all available playbooks
vt playbook list
# Stop all targets in a playbook
vt playbook stop --id vt-pb-1
Templates
Templates are automatically cloned to ~/vt-templates on first run.
| Template | Type | Description |
|---|---|---|
vt-dvwa |
Lab | Damn Vulnerable Web Application |
vt-juice-shop |
Lab | OWASP Juice Shop |
vt-webgoat |
Lab | OWASP WebGoat |
vt-bwapp |
Lab | Buggy Web Application |
vt-mutillidae-ii |
Lab | OWASP Mutillidae II |
Want more? Check out the vt-templates repository for all available templates and contribution guidelines.
Playbooks
Playbooks let you start multiple vulnerable targets in one command β useful for structured training sessions or red-team labs that require several services running simultaneously.
# See what playbooks are available
vt playbook list
# Launch every target in a playbook
vt playbook run --id vt-pb-1
# Tear down the whole playbook when done
vt playbook stop --id vt-pb-1
Playbooks are defined as YAML files in the playbooks/ directory of the templates repository. Each playbook specifies an ordered list of template IDs. If one template fails to start, vt skips it, continues with the rest, and reports a summary of failures at the end.
What can you do with vt?
| Use Case | Template |
|---|---|
| Practice SQL Injection | vt-dvwa |
| Learn XSS Exploitation | vt-dvwa |
| Test OWASP Top 10 | vt-juice-shop |
| Exploit Real CVEs | vt-2025-29927 |
| API Security Testing | vt-webgoat |
| Train Security Teams | vt-mutillidae-ii |
Documentation
| Resource | Description | |
|---|---|---|
| π¦ | Templates | Browse all available templates |
| π€ | Contributing | Contribution guidelines |
| π | Issues | Report bugs or request features |
Star History
Contributors
Recep Gunes |
Dogan Can Bakir |
Omar Kurt |
Ahsen |
Atilla |
mirackayikci |
numan |
Community
- π¬ Discord: Join our community
- π Issues: Report bugs
- π€ Contributing: Check out CONTRIBUTING.md
License
This project is licensed under the MIT License - see the LICENSE.md file for details.
Happy Hacking! π―
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
vt
command
Package main is the entry point for the vulnerable target application.
|
Package main is the entry point for the vulnerable target application. |
|
internal
|
|
|
app
Package app provides the application dependency container and configuration.
|
Package app provides the application dependency container and configuration. |
|
banner
Package banner provides ASCII art banner and colorful text utilities for the vulnerable target application.
|
Package banner provides ASCII art banner and colorful text utilities for the vulnerable target application. |
|
cli
Package cli provides command-line interface functionality for the vulnerable target application.
|
Package cli provides command-line interface functionality for the vulnerable target application. |
|
file
Package file provides file system utilities for the vulnerable target application.
|
Package file provides file system utilities for the vulnerable target application. |
|
logger
Package logger provides logging functionality for the vulnerable target application.
|
Package logger provides logging functionality for the vulnerable target application. |
|
pkg
|
|
|
provider
Package provider defines interfaces and types for managing vulnerable target environments.
|
Package provider defines interfaces and types for managing vulnerable target environments. |
|
provider/dockercompose
Package dockercompose provides Docker Compose provider implementation for managing vulnerable target environments.
|
Package dockercompose provides Docker Compose provider implementation for managing vulnerable target environments. |
|
provider/registry
Package registry manages the collection of available providers.
|
Package registry manages the collection of available providers. |
|
template
Package template provides functionality for loading and managing vulnerable target environment templates.
|
Package template provides functionality for loading and managing vulnerable target environment templates. |
Click to show internal directories.
Click to hide internal directories.