Pre-configured Vulnerable Web Applications built on open source software
The Web Attack and Exploitation Distro (WAED) is a lightweight virtual machine based on Debian Distribution. WAED is pre-configured with various real-world vulnerable web applications in a sandboxed environment. It includes pentesting tools that aid in finding web application vulnerabilities. The main motivation behind this project is to provide a practical environment to learn about web application's vulnerabilities without the hassle of dealing with complex configurations. Currently, there are around 18 vulnerable applications installed in WAED.
WAED can be installed in a VMWare, Virtual box, or any other virtual appliance. The majority of the applications in WAED runs in its container with a dedicated database, file system and web server. Therefore, It’s easy to scale and deploy more applications as this distro matures. It's easy to start, stop and restore applications without having to reinstall, which makes it a great tool for learning.
Go ahead and download, install and have fun hacking few websites in a legal way!
Watch the tutorials section to get started with the distro. Please send in your comments/feedback to Raj at firstname.lastname@example.org.