Share
## https://sploitus.com/exploit?id=27887232-9A9A-5E48-80EA-169E1B8C9BB7
# Web Application Security Testing โ€” DVWA Lab

End-to-end web app penetration test on DVWA (SQLi): report, evidence, and scripts.

## Contents
- `pentest-report.pdf` โ€” final professional PDF report
- `pentest-report.md` โ€” editable markdown report template
- `screenshots/` โ€” proof images (manual SQLi, sqlmap output, scans)

## Summary
This repository contains an educational Vulnerability Assessment & Penetration Test (VAPT) of the Damn Vulnerable Web Application (DVWA) performed in a controlled lab. The assessment demonstrates reconnaissance, scanning, SQL Injection exploitation (manual + automated), evidence capture, and recommendations.

## How to reproduce (lab)
> **NOTE:** Only run this in an isolated lab environment (VMs you own).

1. Setup:
   - Attacker: Kali Linux
   - Target: DVWA running in a local VM (host-only or NAT)
2. Recon:
   - `sudo nmap -sS -sV -p- -T4  -oA scans/_full`
   - `nikto -h http://192.168.204.149 -output nikto_reports/192.168.204.149_nikto.txt`
3. Directory/enum:
   - `gobuster dir -u http://192.168.204.149 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt`
4. Manual SQLi:
   - Login to DVWA (default `admin`/`password`), set Security = Low.
   - Visit `/dvwa/vulnerabilities/sqli/` and test payload: `' OR '1'='1`
5. Automated SQLi:
   - `./scripts/sqlmap_commands.sh  `
6. Capture evidence: save screenshots into `screenshots/` and raw outputs into `scans/`.

## Key findings (short)
- **SQL Injection (High)** โ€” `/dvwa/vulnerabilities/sqli/` allowed data retrieval. See `screenshots/dvwa_sqli_manual.png`.
- Other informational findings from Nikto and Gobuster โ€” see raw outputs in `scans/` and `nikto_reports/`.

## Disclaimer
This repository is for **educational purposes only**. Do NOT use the tools, scripts, or techniques contained here against systems you do not own or have explicit permission to test.


## Author / Contact
Logesh โ€” cybersecurity enthusiast  
logeswaran4000@gmail.com
+91 7397519594