OTG-Lab is a lab for beginners that need to practice to perform Web Application Penetration Testing with CTF style, follow OTGv4.

• Docker
• Docker Compose

The challenge order is in the README.md file in each lab directory. You can read the challenge order by click into each lab directory in this git repository.

Almost all the labs can launch by docker compose. Just clone this git repository and cd into each folder and run docker-compse up -d such as follow:

$ git clone https://github.com/oszo/OTG-Lab.git
$ cd OTG-Lab
$ cd "02. Configuration and Deploy Management Testing" # Go to the lab directory you want to do.
$ cd docker
$ docker-compose up -d

After playing the labs. cd into each folder and run docker-compse rm -f -s to stop and clean all services, such as follow:

$ cd OTG-Lab
$ cd "02. Configuration and Deploy Management Testing" # Go to the lab directory you want to stop.
$ cd docker
$ docker-compose rm -f -s

CTFd is CTF platform for submit flags of each lab. User the following command for start the CTFd application:

$ cd OTG-Lab
$ cd "CTFd"
$ docker-compose up -d

• 1. Information Gathering
• 2. Configuration and Deploy Management Testing
• 3. Identity Management Testing
• 4. Authentication Testing
• 5. Authorization Testing
• 6. Session Management Testing
• 7. Input Validation Testing
• 8. Error Handling
• 9. Cryptography
• 10. Business Logic Testing
• 11. Client Side Testing
• Update to WSTG 4.2

Your contributions and suggestions are welcome.

This work is licensed under a Creative Commons Attribution 4.0 International License