Vuln-Tronic Labs

A curated Docker Compose collection bundling intentionally vulnerable web applications and APIs for security practice. Designed for bug bounty hunters, penetration testers, and students to safely explore OWASP vulnerabilities in controlled environments.

Tech Stack

Core Technologies

• Docker & Docker Compose v2
• GNU Make for automation
• Shell scripting for orchestration
• Multi-container networking

Requirements

• Docker Engine ≥20.x
• Docker Compose v2
• Git (for submodules)

Included Vulnerable Applications

Key Features

• ⚡ Single-command startup via make up
• 🎯 Docker Compose profiles for selective service activation
• 🗄️ Self-contained databases with auto-initialization
• 🔒 Localhost-only binding (not internet-exposed)
• 🛠️ Burp Suite integration for proxy testing
• 📦 Submodule architecture for resource-heavy labs
• 🔄 Internal loopback proxies for realistic database connectivity

Use Cases

Perfect for:

• Bug bounty practice and skill development
• Penetration testing training
• Security certification preparation (OSCP, CEH, etc.)
• Learning OWASP Top 10 vulnerabilities
• API security testing practice
• Teaching web application security concepts

Security Notice

All applications are intentionally vulnerable and should never be exposed to the internet. The platform binds to localhost only and is designed exclusively for educational purposes in controlled environments.

Project Links

• GitHub Repository

Quick Start

# Clone with submodules
git clone --recurse-submodules https://github.com/GitAddRemote/vuln-tronic-labs

# Start all services
make up

# Start specific labs
docker compose --profile dvwa up