I am in no way an expert in this field, but I thought it might prove interesting to setup a small project for developers to use a “learning by doing” approach to understanding cybersecurity.


The project using Vagrant to build two VirtualBox Virtual Machines. The first of these Virtual Machines has some common tooling that I have used to identify vulnerabilities, the second is setup as a victim with known vulnerabilities to exploit.

The examples in the repository are scripts that you run either on the tooling Virtual Machine to enact the attack, or on the victim Virtual Machine to see the result.

Tools introduced:

ToolUse Case
dnsmapDomain name discovery
dnsreconDomain name discovery
ncrackAuthentication attack
nmapPort and IP scans/enumeration
slowhttptestDenial of service attacks
hping3Denial of service attacks
ab (Apache Bench)Denial of service attacks
digDenial of service attacks
mz (Mausezahn)Denial of service attacks
mitmproxyMan in the middle
theHarvesterUser information harvesting
arachniSecurity reconnaissance
skipfishSecurity reconnaissance
htcapSecurity reconnaissance
wapitiSecurity reconnaissance

I hope the project proves interesting.