Setting up a Vulnerable Web Server for API Pentest

DVWS Login Page

I searched high and low for a box to hone my skills in API pentesting, was very blessed that one of my colleagues shared with me this box. So today, I will share how to setup your own API pentesting lab.

**You will need to setup docker in your Kali Linux, I have setup docker in my Kali Linux VM (Nested VM will run well)

Setting Up Docker in Kali Linux

Install Docker Compose

Follow the steps inside for your relevant Operating System

For My Case — Kali Linux

Next clone this repository into a folder

git clone https://github.com/snoopysecurity/dvws-node.git

go to that folder

cd dvws-node

when you try to launch the docker with “docker-compose up” you might be facing this error.

It’s a DNS issue

This is caused by a DNS issue and you will need to add in these few lines into “/etc/resolv.conf”

# Use Google's public DNS servers.
nameserver 8.8.4.4
nameserver 8.8.8.8

Once done try running the same command it will start to download mongo and mysql

API ready to be tested

That’s it! Just navigate using your web browser you can start to learn how to pentest API.