Spin up vulnerable targets from your terminal π―
Caution
This project is in active development. Expect breaking changes with releases. Review the release changelog before updating. vt creates intentionally vulnerable environments - always run in isolated networks (VMs/sandboxes) and never expose to the internet.
- Features
- Installation
- Quick Start
- Usage
- Templates
- What can you do with vt?
- Documentation
- Star History
- Contributors
- Community
- License
| Feature | Description | |
|---|---|---|
| π³ | Docker Compose | Container orchestration for vulnerable environments |
| π¦ | Templates | Community-curated vulnerable targets from vt-templates |
| π | State Tracking | Track and manage running deployments |
| π | Auto-Update | Sync templates from remote repository |
- Go 1.24+
- Docker & Docker Compose
go install github.com/happyhackingspace/vt/cmd/vt@latestgit clone https://github.com/HappyHackingSpace/vt.git
cd vt
go build -o vt cmd/vt/main.go
mv vt /usr/local/bin/ # Optional: add to PATH# 1. Browse available templates
vt template --list
# 2. Start a vulnerable environment
vt start --id vt-dvwa
# 3. Access the target at http://localhost:80Command Reference
| Command | Description |
|---|---|
vt template --list |
List all available templates |
vt template --list --filter <tag> |
Filter templates by tag |
vt template --update |
Update templates from remote repository |
vt start --id <template-id> |
Start a vulnerable environment |
vt ps |
List running environments |
vt stop --id <template-id> |
Stop an environment |
vt -v debug <command> |
Run with debug verbosity |
# List templates with SQL injection vulnerabilities
vt template --list --filter sqli
# Start DVWA (Damn Vulnerable Web App)
vt start --id vt-dvwa
# Check running environments
vt ps
# Stop a specific environment
vt stop --id vt-dvwaTemplates are automatically cloned to ~/vt-templates on first run.
| Template | Type | Description |
|---|---|---|
vt-dvwa |
Lab | Damn Vulnerable Web Application |
vt-juice-shop |
Lab | OWASP Juice Shop |
vt-webgoat |
Lab | OWASP WebGoat |
vt-bwapp |
Lab | Buggy Web Application |
vt-mutillidae-ii |
Lab | OWASP Mutillidae II |
Want more? Check out the vt-templates repository for all available templates and contribution guidelines.
| Use Case | Template |
|---|---|
| Practice SQL Injection | vt-dvwa |
| Learn XSS Exploitation | vt-dvwa |
| Test OWASP Top 10 | vt-juice-shop |
| Exploit Real CVEs | vt-2025-29927 |
| API Security Testing | vt-webgoat |
| Train Security Teams | vt-mutillidae-ii |
| Resource | Description | |
|---|---|---|
| π¦ | Templates | Browse all available templates |
| π€ | Contributing | Contribution guidelines |
| π | Issues | Report bugs or request features |
Recep Gunes |
Dogan Can Bakir |
Omar Kurt |
Ahsen |
Atilla |
mirackayikci |
numan |
- π¬ Discord: Join our community
- π Issues: Report bugs
- π€ Contributing: Check out CONTRIBUTING.md
This project is licensed under the MIT License - see the LICENSE.md file for details.
Happy Hacking! π―