Did you know that you can navigate the posts by swiping left and right?

Installing DVWA in Kali linux

02 Apr 2017 . category: tech . Comments
#redteam #kali #dvwa

What’s Damn Vulnerable Web Application (DVWA)?

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

The aim of DVWA is to practice some of the most common web vulnerability, with various difficultly levels, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerability with this software. This is intentional. You are encouraged to try and discover as many issues as possible.

So let’s set it up in our Kali installation!

DVWA needs apache and mysql, and Kali comes with those two installed. So let’s download the source code, start these two services and start the web application:

# Download and unzip DVWA
wget https://github.com/ethicalhack3r/DVWA/archive/master.zip -O dvwa.zip
unzip dvwa.zip

# start apache and mysql
service apache2 start
service mysql start

# Move dvwa to /var/www/html and setup permissions
mv DVWA-master /var/www/html/dvwa
cd /var/www/html
chmod -R 755 dvwa/

Almost done! Now let’s setup your mysql’s password in the DVWA configuration file, so it can create its ‘dvwa’ database:


Now you should be seeing the login page under


In the #redteam series of posts we’ll start with the low-hanging fruits, so don’t forget to set the security level of DVWA to ‘low’, under the ‘DVWA Security’ tab :wink:

Don’t forget to always reset the security level to ‘impossible’ and of course you should never expose this web application in a non-private network.


Panos is a founder of two failed start-ups, has 2 approved patents and several scientific publications in first tier conferences and journals. Loves connecting business requirements with technology and building teams that deliver on time, with quality and within budget. Currently he is on a mission to modernize personal finance 🤖💰