Spin up vulnerable targets from your terminal 🎯
Caution
This project is in active development. Expect breaking changes with releases. Review the release changelog before updating. vt creates intentionally vulnerable environments - always run in isolated networks (VMs/sandboxes) and never expose to the internet.
- Features
- Installation
- Quick Start
- Usage
- Templates
- What can you do with vt?
- Documentation
- Community
- License
| Feature | Description | |
|---|---|---|
| 🐳 | Docker Compose | Container orchestration for vulnerable environments |
| 📦 | Templates | Community-curated vulnerable targets from vt-templates |
| 🏷️ | Tag Filtering | Find templates by vulnerability type (sqli, xss, ssrf, etc.) |
| 📊 | State Tracking | Track and manage running deployments |
| 🔄 | Auto-Update | Sync templates from remote repository |
- Go 1.24+
- Docker & Docker Compose
go install github.com/happyhackingspace/vt/cmd/vt@latestgit clone https://github.com/HappyHackingSpace/vt.git
cd vt
go build -o vt cmd/vt/main.go
mv vt /usr/local/bin/ # Optional: add to PATH# 1. Browse available templates
vt template --list
# 2. Start a vulnerable environment
vt start --id vt-dvwa
# 3. Access the target at http://localhost:80Command Reference
| Command | Description |
|---|---|
vt template --list |
List all available templates |
vt template --list --filter <tag> |
Filter templates by tag |
vt template --update |
Update templates from remote repository |
vt start --id <template-id> |
Start a vulnerable environment |
vt start --tags <tag1,tag2> |
Start all templates matching tags |
vt ps |
List running environments |
vt stop --id <template-id> |
Stop an environment |
vt stop --tags <tag1,tag2> |
Stop all templates matching tags |
vt -v debug <command> |
Run with debug verbosity |
# List templates with SQL injection vulnerabilities
vt template --list --filter sqli
# Start DVWA (Damn Vulnerable Web App)
vt start --id vt-dvwa
# Start all XSS-related labs
vt start --tags xss
# Check running environments
vt ps
# Stop a specific environment
vt stop --id vt-dvwaTemplates are automatically cloned to ~/vt-templates on first run.
| Template | Type | Description |
|---|---|---|
vt-dvwa |
Lab | Damn Vulnerable Web Application |
vt-juice-shop |
Lab | OWASP Juice Shop |
vt-webgoat |
Lab | OWASP WebGoat |
vt-bwapp |
Lab | Buggy Web Application |
vt-mutillidae-ii |
Lab | OWASP Mutillidae II |
Want more? Check out the vt-templates repository for all available templates and contribution guidelines.
| Use Case | Template |
|---|---|
| Practice SQL Injection | vt-dvwa |
| Learn XSS Exploitation | vt-dvwa |
| Test OWASP Top 10 | vt-juice-shop |
| Exploit Real CVEs | vt-2025-29927 |
| API Security Testing | vt-webgoat |
| Train Security Teams | vt-mutillidae-ii |
| Resource | Description | |
|---|---|---|
| 📦 | Templates | Browse all available templates |
| 🤝 | Contributing | Contribution guidelines |
| 🐛 | Issues | Report bugs or request features |
- 💬 Discord: Join our community
- 🐛 Issues: Report bugs
- 🤝 Contributing: Check out CONTRIBUTING.md
This project is licensed under the MIT License - see the LICENSE file for details.
Happy Hacking! 🎯