reddit hackernews mail facebook facebook linkedin
Samurai WTF

Samurai WTF

The best security training environment for developers and AppSec professionals.

OWASP SamuraiWTF is a complete linux desktop for use in application security training. It is free and open-source, distributed both as pre-built VMs and as source code. The source is consisting of a Vagrantfile, static assets, and build scripts. During the build process, it retrieves a variety of tools and training targets. Most of these are open-source projects managed by their own respective teams and contributors.

Some examples are:
- OWASP Juice Shop
- OWASP Zed Attack Proxy
- Mutillidae
- SQLMap

It also includes some proprietary software, such as the Community Edition of PortSwigger's Burp Suite.

This project is not a vulnerable application. It is a framework designed for quickly configuring training virtual machines with tools and vulnerable application targets. For example, an instructor could use SamuraiWTF to easily set up a virtual machine image containing OWASP ZAP and OWASP Juice Shop, and then distribute it to each student as a training lab environment.

This project includes and uses the Samurai Katana project to manage installation and running of tools and targets in the virtual environment.