BTS PenTesting Lab – a vulnerable web application to learn common vulnerabilities

The most common question from students who is learning website hacking techniques is “how to test my skills legally without getting into troubles?”. So, i always suggest them to use some vulnerable web application such as DVWA.

Ethical Hacking Certifications

However, i felt dvwa is not suitable for new and advanced techniques. Mutillidae is one of the best web application vulnerable app to date. However, I missed some techniques/features in Mutillidae. so i thought it is better develop our own app to teach the web application pentesting for my readers and students.

BTS PenTesting Lab is a vulnerable web application that allows you to learn from basic to advanced vulnerability techniques.

Currently, the app contains following vulnerability types:

SQL Injection
Cross Site scripting(XSS)
Cross Site request Forgery(CSRF)
Server Side Request Forgery(SSRF))
File Inclusion(RFI and LFI)
Command Execution

You can download our app from here:

How to run BTS PenTesting Lab?
1. Install XAMPP or WAMPP in your machine
2. Extract the bts_lab zip file into the htdocs folder.
3. Open the “http://localhost/bts_lab/setup.php” url in your browser.
4. Click the Setup.

That’s all Now you can start to use the app at “http://localhost/bts_lab” :)