Penetration Testing Labs & Reports

This repository contains a collection of penetration testing labs and reports that I have completed for practice and learning.
The labs cover web application security, network and system exploitation, post-exploitation, and mobile application security.

Labs Overview

01 – OWASP Juice Shop (Web Application Pentest)

Target: https://ginandjuice.shop
Focus: Black/Grey-box web application penetration testing using Burp Suite.
Key findings: SQL Injection, HTTP header injection, reflected XSS, client-side template injection, SSRF-like external interaction, vulnerable JS dependencies, missing HSTS, etc.
Folder: 01-OWASP-Juice-Shop

02 – DVWA (Web Application Pentest)

Target: Damn Vulnerable Web Application (DVWA) in a local lab environment.
Focus: Practicing common web vulnerabilities such as SQLi, XSS, command injection, CSRF, and authentication/authorization weaknesses.
Folder: 02-DVWA

03 – WebGoat (Web Application Pentest)

Target: WebGoat – an intentionally insecure web application by OWASP.
Focus: Realistic web security scenarios, including injection attacks, access control issues, business logic flaws, and more.
Folder: 03-WebGoat

04 – Metasploitable2 (Network & Post-Exploitation Lab)

Target: Metasploitable2 vulnerable Linux server.
Focus: Service enumeration, credential brute forcing, exploitation with Metasploit, privilege escalation to root, persistence, and basic detection avoidance.
Folder: 04-Metasploitable2-Post-Exploitation

05 – Android Application Pentest (Mobile Security)

Target: Android mobile application in a controlled lab environment.
Focus: Insecure data storage, insecure communication, authentication and authorization issues, reverse engineering, and code tampering.
Folder: 05-Android-App-Pentest

Tools & Technologies

Web Pentesting : Burp Suite, OWASP ZAP, browser dev tools
Network & System : Nmap, Hydra, Metasploit Framework
Mobile Security : Android Emulator/Device, APKTool, adb, Burp Suite
Platforms : Linux (Kali, Ubuntu), Windows, Android

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Penetration Testing Labs & Reports

Labs Overview

01 – OWASP Juice Shop (Web Application Pentest)

02 – DVWA (Web Application Pentest)

03 – WebGoat (Web Application Pentest)

04 – Metasploitable2 (Network & Post-Exploitation Lab)

05 – Android Application Pentest (Mobile Security)

Tools & Technologies

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
01-OWASP-Juice-Shop		01-OWASP-Juice-Shop
02-DVWA		02-DVWA
03-WebGoat		03-WebGoat
04-Metasploitable2-Post-Exploitation		04-Metasploitable2-Post-Exploitation
05-Android-App-Pentest		05-Android-App-Pentest
README.md		README.md

Folders and files

Latest commit

History

Repository files navigation

Penetration Testing Labs & Reports

Labs Overview

01 – OWASP Juice Shop (Web Application Pentest)

02 – DVWA (Web Application Pentest)

03 – WebGoat (Web Application Pentest)

04 – Metasploitable2 (Network & Post-Exploitation Lab)

05 – Android Application Pentest (Mobile Security)

Tools & Technologies

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Packages