MCPcopy Index your code
hub / github.com/HappyHackingSpace/vt

github.com/HappyHackingSpace/vt @v0.0.11

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.0.11 ↗ · + Follow
124 symbols 353 edges 26 files 78 documented · 63%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

vt logo

Spin up vulnerable targets from your terminal 🎯

Go Version License Release Discord

[!CAUTION] This project is in active development. Expect breaking changes with releases. Review the release changelog before updating. vt creates intentionally vulnerable environments - always run in isolated networks (VMs/sandboxes) and never expose to the internet.


Table of Contents


Features

Feature Description
🐳 Docker Compose Container orchestration for vulnerable environments
📦 Templates Community-curated vulnerable targets from vt-templates
📓 Playbooks Group multiple templates into training scenarios and run them together
📊 State Tracking Track and manage running deployments
🔍 Inspect View detailed info (CVE, CVSS, CWE, PoC, remediation) for any template or playbook
🔄 Auto-Update Sync templates from remote repository

Installation

Prerequisites

  • Go 1.25.6+
  • Docker & Docker Compose

Install with Go

go install github.com/happyhackingspace/vt/cmd/vt@latest

Build from Source

git clone https://github.com/HappyHackingSpace/vt.git
cd vt
go build -o vt cmd/vt/main.go
mv vt /usr/local/bin/  # Optional: add to PATH

Quick Start

# 1. Browse available templates
vt template --list

# 2. Start a vulnerable environment
vt start --id vt-dvwa

# 3. Access the target at http://localhost:80

Usage

Command Reference

Templates

Command Description
vt template --list List all available templates
vt template --list --filter <tag> Filter templates by tag
vt template --update Update templates from remote repository

Environments

Command Description
vt start --id <template-id> Start a vulnerable environment
vt stop --id <template-id> Stop an environment
vt ps List all running environments
vt inspect --id <template-id> Show full details for a template

Playbooks

Command Description
vt playbook list List all available playbooks
vt playbook run --id <playbook-id> Start all templates in a playbook
vt playbook stop --id <playbook-id> Stop all templates in a playbook

Global Flags

Flag Values Description
-v, --verbosity debug info warn error fatal panic Set log verbosity (default: info)

Examples

# List templates with SQL injection vulnerabilities
vt template --list --filter sqli

# Start DVWA (Damn Vulnerable Web App)
vt start --id vt-dvwa

# Inspect a template — see CVE, CVSS, CWE, PoC, and remediation steps
vt inspect --id vt-dvwa

# Check running environments
vt ps

# Stop a specific environment
vt stop --id vt-dvwa

# Run an entire playbook (multiple targets at once)
vt playbook run --id vt-pb-1

# List all available playbooks
vt playbook list

# Stop all targets in a playbook
vt playbook stop --id vt-pb-1

Templates

Templates are automatically cloned to ~/vt-templates on first run.

Template Type Description
vt-dvwa Lab Damn Vulnerable Web Application
vt-juice-shop Lab OWASP Juice Shop
vt-webgoat Lab OWASP WebGoat
vt-bwapp Lab Buggy Web Application
vt-mutillidae-ii Lab OWASP Mutillidae II

Want more? Check out the vt-templates repository for all available templates and contribution guidelines.


Playbooks

Playbooks let you start multiple vulnerable targets in one command — useful for structured training sessions or red-team labs that require several services running simultaneously.

# See what playbooks are available
vt playbook list

# Launch every target in a playbook
vt playbook run --id vt-pb-1

# Tear down the whole playbook when done
vt playbook stop --id vt-pb-1

Playbooks are defined as YAML files in the playbooks/ directory of the templates repository. Each playbook specifies an ordered list of template IDs. If one template fails to start, vt skips it, continues with the rest, and reports a summary of failures at the end.


What can you do with vt?

Use Case Template
Practice SQL Injection vt-dvwa
Learn XSS Exploitation vt-dvwa
Test OWASP Top 10 vt-juice-shop
Exploit Real CVEs vt-2025-29927
API Security Testing vt-webgoat
Train Security Teams vt-mutillidae-ii

Documentation

Resource Description
📦 Templates Browse all available templates
🤝 Contributing Contribution guidelines
🐛 Issues Report bugs or request features

Star History

<img alt="Star History Chart" src="https://api.star-history.com/svg?repos=HappyHackingSpace/vt&type=Date" />


Contributors

recepgunes1 Recep Gunes dogancanbakir Dogan Can Bakir omarkurt Omar Kurt ahsentekd Ahsen atiilla Atilla mirackayikci mirackayikci
numanturle numan

Community


License

This project is licensed under the MIT License - see the LICENSE.md file for details.


Happy Hacking! 🎯

Extension points exported contracts — how you extend this code

Provider (Interface)
Provider defines the interface for managing vulnerable target environments. [1 implementers]
pkg/provider/provider.go

Core symbols most depended-on inside this repo

Name
called by 21
pkg/provider/provider.go
String
called by 16
pkg/template/playbook.go
moveCursor
called by 8
internal/banner/banner.go
flush
called by 7
internal/banner/banner.go
isTemplateDirectory
called by 6
pkg/template/loader.go
formatList
called by 6
pkg/template/template.go
printColored
called by 6
internal/banner/banner.go
createDockerCLI
called by 5
pkg/provider/dockercompose/utils.go

Shape

Function 78
Method 30
Struct 15
Interface 1

Languages

Go100%

Modules by API surface

internal/banner/banner.go19 symbols
pkg/template/template.go12 symbols
pkg/template/loader_test.go9 symbols
pkg/provider/dockercompose/utils.go9 symbols
pkg/provider/dockercompose/dockercompose.go8 symbols
pkg/template/playbook_test.go7 symbols
pkg/template/playbook.go7 symbols
pkg/provider/provider.go7 symbols
internal/logger/logger.go7 symbols
pkg/template/loader.go6 symbols
internal/cli/cli.go5 symbols
internal/app/app.go5 symbols

For agents

$ claude mcp add vt \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact