Setting up a Vulnerable Web Server for API Pentest
I searched high and low for a box to hone my skills in API pentesting, was very blessed that one of my colleagues shared with me this box. So today, I will share how to setup your own API pentesting lab.
**You will need to setup docker in your Kali Linux, I have setup docker in my Kali Linux VM (Nested VM will run well)
Setting Up Docker in Kali Linux
Follow the steps inside for your relevant Operating System
Next clone this repository into a folder
git clone https://github.com/snoopysecurity/dvws-node.git
go to that folder
cd dvws-node
when you try to launch the docker with “docker-compose up” you might be facing this error.
This is caused by a DNS issue and you will need to add in these few lines into “/etc/resolv.conf”
# Use Google's public DNS servers.
nameserver 8.8.4.4
nameserver 8.8.8.8
Once done try running the same command it will start to download mongo and mysql
That’s it! Just navigate using your web browser you can start to learn how to pentest API.