__ __ __ __ __
_ __ ____ __/ /____ ___ _______ _/ / / /_____ _/ /____ ____ _____ ____ / /_
| |/ // / // / // _ \/ -_) __/ _ `/ _ \ / __/ _ `/ __/ _ `/ -_) __/ _ `/ -_)/ __/
|___/\_,_/_//_//_//_/\__/_/ \_,_/_.__/ \__/\_,_/_/ \_, /\__/\__/\_, /\__/ \__/
/___/ /___/
Important
This project is in active development. Expect breaking changes with releases. Review the release changelog before updating. vt creates intentionally vulnerable environments - always run in isolated networks (VMs/sandboxes) and never expose to the internet.
- Features
- Installation
- Quick Start
- Usage
- Templates
- What can you do with vt?
- Documentation
- Community
- License
| Feature | Description | |
|---|---|---|
| π³ | Docker Compose | Container orchestration for vulnerable environments |
| π¦ | Templates | Community-curated vulnerable targets from vt-templates |
| π·οΈ | Tag Filtering | Find templates by vulnerability type (sqli, xss, ssrf, etc.) |
| π | State Tracking | Track and manage running deployments |
| π | Auto-Update | Sync templates from remote repository |
- Go 1.24+
- Docker & Docker Compose
go install github.com/happyhackingspace/vt/cmd/vt@latestgit clone https://github.com/HappyHackingSpace/vt.git
cd vt
go build -o vt cmd/vt/main.go
mv vt /usr/local/bin/ # Optional: add to PATH# 1. Browse available templates
vt template --list
# 2. Start a vulnerable environment
vt start --id vt-dvwa
# 3. Access the target at http://localhost:80Command Reference
| Command | Description |
|---|---|
vt template --list |
List all available templates |
vt template --list --filter <tag> |
Filter templates by tag |
vt template --update |
Update templates from remote repository |
vt start --id <template-id> |
Start a vulnerable environment |
vt start --tags <tag1,tag2> |
Start all templates matching tags |
vt ps |
List running environments |
vt stop --id <template-id> |
Stop an environment |
vt stop --tags <tag1,tag2> |
Stop all templates matching tags |
vt -v debug <command> |
Run with debug verbosity |
# List templates with SQL injection vulnerabilities
vt template --list --filter sqli
# Start DVWA (Damn Vulnerable Web App)
vt start --id vt-dvwa
# Start all XSS-related labs
vt start --tags xss
# Check running environments
vt ps
# Stop a specific environment
vt stop --id vt-dvwaTemplates are automatically cloned to ~/vt-templates on first run.
| Template | Type | Description |
|---|---|---|
vt-dvwa |
Lab | Damn Vulnerable Web Application |
vt-juice-shop |
Lab | OWASP Juice Shop |
vt-webgoat |
Lab | OWASP WebGoat |
vt-bwapp |
Lab | Buggy Web Application |
vt-mutillidae-ii |
Lab | OWASP Mutillidae II |
Want more? Check out the vt-templates repository for all available templates and contribution guidelines.
| Use Case | Template |
|---|---|
| Practice SQL Injection | vt-dvwa |
| Learn XSS Exploitation | vt-dvwa |
| Test OWASP Top 10 | vt-juice-shop |
| Exploit Real CVEs | vt-2025-29927 |
| API Security Testing | vt-webgoat |
| Train Security Teams | vt-mutillidae-ii |
| Resource | Description | |
|---|---|---|
| π | Wiki | Full documentation and guides |
| π¦ | Templates | Browse all available templates |
| π€ | Contributing | Contribution guidelines |
| π | Issues | Report bugs or request features |
- π¬ Discord: Join our community
- π Issues: Report bugs
- π€ Contributing: Check out CONTRIBUTING.md
This project is licensed under the MIT License - see the LICENSE file for details.
Happy Hacking! π―