BreakingLab

Bash script to manage insecure web apps using docker and hosts aliases for pentest practice

Generate Convert Improve

Install / Use

/learn @TiiZss/BreakingLab

About this skill

Quality Score

0/100

README

BreakingLab

GitHub release (latest by date) GitHub License GitHub all releases

BreakingLab is a powerful Bash script to manage vulnerable web applications using Docker. It simplifies the process of setting up, running, and stopping various security testing labs locally or exposing them to a network.

Inspiration: Originally inspired by pentestlab.

🚀 Features (v2.1)

Modular Architecture: Clean separation of code (breakinglab.sh), configuration (config/), and libraries (lib/).
GitHub Import: Import Docker projects directly from GitHub URLs with Auto-Sanitization and conflict resolution.
Dynamic Menus: Interactive 2-column menu system with search-by-name/number and status indicators ([ON]/[OFF]).
Public Exposure: start_public command to easily expose containers to your LAN (great for classrooms/CTFs).
Stack Grouping: All containers automatically grouped under "BreakingLab" in Docker Desktop.
Cross-Platform: Fully compatible with Linux (Kali/Ubuntu) and Windows (WSL2).
Safety: Built with set -euo pipefail and extensive dependency checking.

🛠 Installation

Clone the repository:

git clone https://github.com/TiiZss/BreakingLab.git
cd BreakingLab

Run the installer (Optional): This ensures you have all dependencies (docker, git, curl, nc) and links the script globally.
```
chmod +x install.sh
./install.sh
```
Or just run it directly:
```
chmod +x breakinglab.sh
./breakinglab.sh
```

📖 Usage

You can use BreakingLab interactively via the menu or by passing arguments directly.

🖥️ Interactive Mode (Recommended)

Simply run the script with no arguments to launch the dashboard.

./breakinglab.sh

From here you can search for projects, start/stop them, and check their status using the number or name.

⚡ CLI Mode (Advanced)

1. List Projects

View all available Docker and Online labs.

./breakinglab.sh list

2. Start a Lab (Localhost)

This will download the image, configure /etc/hosts (for WSL/Linux), and launch the container mapped to 127.x.x.x.

# Syntax: ./breakinglab.sh start [project_name]
./breakinglab.sh start bwapp
./breakinglab.sh start web4pentester

Note: The browser will open automatically. If not, click the URL shown in the terminal.

3. Expose a Lab (Public/LAN)

Want to host a lab for a class or CTF? Use startpublic.

# Syntax: ./breakinglab.sh startpublic [project_name] [bind_ip] [bind_port]

# Example: Bind bWAPP to all interfaces on port 8080
./breakinglab.sh startpublic bwapp 0.0.0.0 8080

Students can now access http://YOUR_LAN_IP:8080.

4. Stop a Lab

Stops and removes the container to free up resources.

./breakinglab.sh stop bwapp

5. Check Status

See which labs are currently running (green for ON, red for OFF).

./breakinglab.sh status

6. Delete a Lab

Permanently removes the project configuration and cleans up associated resources (containers, hosts entries).

./breakinglab.sh delete <project_name>

7. Open Online Labs

Launches strictly online resources (like PortSwigger Academy or RedTiger).

./breakinglab.sh online portswigger

📦 Available Projects

BreakingLab includes a curated list of vulnerable apps configured to run out-of-the-box.

🐳 Docker Projects

OWASP: bWAPP, WebGoat (7.1, 8.0, 8.1), Juice Shop, Mutillidae II, Bricks, Security Shepherd.
PentesterLab: Web For Pentester I.
Injection: SQLi Labs (Audi, OxNinja), NoSQLi Lab, GraphQL API.
CMS: Vulnerable WordPress, Drupal (via simple label).
Others: DVWA, Altoro Mutual, Security Ninjas, Java Vulnerable Lab, Vulnado, SSRF-Lab, Damn Vulnerable RESTaurant, BTS Lab, exploit.co.il, Vulpy.

🌐 Online Labs

PortSwigger Academy, TryHackMe, HackTheBox, VulnHub, RedTiger, Root-Me, and more.

🔮 Next Machines / Steps

Include Drunk Admin Web Hacking Challenge
Include OWASP Broken Web Applications Project
Include GameOver
Include Damn Vulnerable Web Services
Include VulHub project
Include CSPF ASP Vulnerable Lab
Include CSPF PHP Vulnerable Lab
Include CSPF Android Vulnerable Lab

🤝 Contributing

Contributions are welcome!

Fork the repository.
Create a feature branch (git checkout -b feature/AmazingFeature).
Add a new Project:
- Copy config/projects.d/_template.conf.example to config/projects.d/docker_yourproject.conf.
- Fill in the details (Image, IP, Port, etc.).
- (Optional) If you need custom startup commands, create scripts/hooks/yourproject_pre.sh or yourproject_post.sh.
Commit your changes.
Open a Pull Request.

Top Collaborators:

📄 License

Distributed under the MIT License. See LICENSE for more information.

Related Skills

healthcheck

350.1k

Host security hardening and risk-tolerance configuration for OpenClaw deployments

node-connect

350.1k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

prose

350.1k

OpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.

frontend-design

109.9k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

TiiZss

View profile

View on GitHub

GitHub Stars39

CategoryDevelopment

Updated8d ago

Forks3

TiiZss/BreakingLab

Languages

Shell

Security Score

95/100

Audited on Mar 30, 2026

No findings