Home

Awesome

Damn Vulnerable WordPress

Playground for WordPress hacking and wpscan testing.

DO NOT EXPOSE THIS TO INTERNET!

Installation

$ git clone https://github.com/vavkamil/dvwp.git
$ cd dvwp/
$ docker-compose up -d --build
$ docker-compose run --rm wp-cli install-wp

Usage

$ docker-compose up -d
$ docker-compose down

Shell

docker exec -ti dvwp_wordpress_1 /bin/bash

Interface

Credentials

Vulnerabilities

Feel free to contribute with pull requests ;)

Plugins

Otherz

TODO

  1. Add versions and description to each vulnerability in README.md
  2. Upload docker image to Docker Hub registry
  3. Get rid of the Dockerfile
  4. Run wp-cli automatically during build
  5. Use "svn co" or "wp-cli" to download vulnerable plugins directly
  6. Add more vulnerable plugins/themes
  7. Update WP and php to latest
  8. Add vulnerable phpmyadmin?
  9. Add script to pull access.log and error.log from container