Samurai Web Training Framework 5.0

This project is not a vulnerable application. It is a framework designed for quickly configuring training virtual machines with tools and vulnerable application targets. This of this as a base box with a specialized package manager. For example, an instructor could use SamuraiWTF to easily set up a classroom virtual machine image containing OWASP ZAP and OWASP Juice Shop, and then distribute it to each student.

This project includes and uses the Samurai Katana project to manage installation and running of tools and targets in the virtual environment.

Want to chat with us? Join us in either the OWASP Slack #project-samuraiwtf channel.

Want to Contribute? See here

NOTE: for getting started quickly you can follow the ova installation here

Art Credit: the above Samurai figure is the original work of Ben Faircloth, who has granted the OWASP SamuraiWTF project permission to use in the product and websites.

Initial Install

There are several options for the initial install, as follows:

Vagrant (Preferred)

Starting with version 5.0 of SamuraiWTF we now use an Ubuntu-based basebox that has most of the prerequisites pre-installed so you can get up and running quickly.

1. Make sure you have Oracle VirtualBox installed (see above OVA section)
2. Clone this repository.
3. From a command-line terminal in the root project folder, run the command vagrant up. Then sit back and wait for it to finish.

note: The login is samurai/samurai

OVA on Oracle VirtualBox

1. Make sure you have the Oracle VirtualBox installed, and if you are in Windows you should disable Hyper-V (Instructions from Microsoft).
2. Download the OVA to import a full virtual machine, here: https://tiny.si/samurai

note: The login is samurai/samurai

AWS Workspace

We have a method of bootstrapping SamuraiWTF into an AWS Workspace (running AWS Linux). This can be useful in situations an instructor wants to set up a remotely accessible SamuraiWTF environment.

1. Make sure you have an AWS account plus the AWS Workspaces client.
2. Create a Workspace with Amazon Linux and 4GB of RAM
3. Log in to the workspace and clone this GitHub repository.
4. Navigate into samuraiwtf/base/amazon-linux and run the bootstrap.sh shell script. This should set up the rest of what you need.

note: The login is your AWS Workspace username and password.

Lab Quick Setup

Once you log in to the environment, you can install tools and targets using katana either from the command line, or from a browser.

Command Line

Simply use the command katana list to see which packages are available, then install any package with katana install <package>. For example, to install ZAP and JuiceShop:

katana install zap
katana install juice-shop
katana start juice-shop

Web UI

The web UI can be seen in a browser by visiting http://katana.wtf.

If it is not running, you may first need to use the command line to install and start katana. This is done with the commands:

katana install katana
katana start katana

More detailed instructions on using Katana are available in the readme of the Samurai Katana GitHub project.

IMPORTANT: Be aware that Katana runs with root privileges and is not intended to be run in a secure or production environment.

Development

Most of the development in this repo is related to updating basebox provisioning scripts and supporting additional platforms.

• Our integration branch is the one called next. That's where all new features and bug fixes go for testing before a planned release. The main branch should be kept stable at all times.
• Larger changes should be done in separate feature branches. Make sure to merge next into your feature branch, then PR the feature branch to merge into next.
• If you break next or main, fix it (with help if necessary). It's best to run a full test build (i.e. vagrant destroy, vagrant up) and make sure tools ard targets are working before pushing changes.

Production VM Notes:

Once you load the VM, unless this was a AWS Workspace install the username and password are:

• Username: samurai
• Password: samurai

The menus are available in the top-left corner of the desktop.

Once you log in, there are a couple of things that might need to be adjusted manually.

Virtualbox Display

• To automatically adjust the display resolution, do the following:
  • Select Virtualbox Menu -> View
  • Click Auto-Resize Guest Display
  • Resize Virtualbox window and display should change to fit window size.
  • OR: Use the Menu -> View -> Virtual Screen 1 menu to adjust the screen dimensions (e.g. Resize to 1440x900; Scale to 200%).

License

The scripts and resources belonging directly to this project are licensed under the Lesser GNU Public License version 3 (LGPLv3). All software loaded into the VM, including the tools, targets, utilities, and operating system itself retain their original license agreements.

Contributors

Contributors are very welcome and the contribution process is standard:

• fork this project
• make your contribution
• submit a pull request

Substantial or Regular contributors may also be brought in as full team members. This includes those who have made substantial contributions to previous versions of SamuraiWTF with the assumption they will continue to do so.