When you want to practise OWASP Top 10 API , then someday you need to setup this machine for practise purpose.
I am writing this article just to help you with installation steps.
davinder@Davinders-MacBook-Air ~ % ls
Applications Personal Work
Desktop Pictures api
Documents Projects bugbounty
Downloads Public codeql
Library PycharmProjects go
Movies Sites nuclei-templates
Music Study sonarqube
First I created a folder name api and switched inside that folder
davinder@Davinders-MacBook-Air ~ % cd api
After that I created another folder and go inside that lab folder
davinder@Davinders-MacBook-Air api % cd lab
Now we will clone the required machine files as:
davinder@Davinders-MacBook-Air lab % git clone https://github.com/roottusk/vapi.git
Cloning into 'vapi'...
remote: Enumerating objects: 8832, done.
remote: Counting objects: 100% (804/804), done.
remote: Compressing objects: 100% (424/424), done.
remote: Total 8832 (delta 376), reused 734 (delta 340), pack-reused 8028
Receiving objects: 100% (8832/8832), 24.34 MiB | 8.47 MiB/s, done.
Resolving deltas: 100% (2441/2441), done.
Updating files: 100% (7326/7326), done.
Now we switch the vapi directory
davinder@Davinders-MacBook-Air lab % cd vapi
Now run the following commands:
davinder@Davinders-MacBook-Air vapi % sudo docker-compose up -d
Password:
WARN[0000] The "APP_NAME" variable is not set. Defaulting to a blank string.
WARN[0000] The "PUSHER_APP_KEY" variable is not set. Defaulting to a blank string.
WARN[0000] The "PUSHER_APP_CLUSTER" variable is not set. Defaulting to a blank string.
WARN[0000] /Users/davinder/api/lab/vapi/docker-compose.yml: `version` is obsolete
[+] Running 31/31
✔ phpmyadmin Pulled 24.8s
✔ faef57eae888 Pull complete 2.8s
✔ 989a1d6c052e Pull complete 1.1s
✔ 0705c9c2f22d Pull complete 4.4s
✔ 621478e043ce Pull complete 2.1s
✔ 98246dcca987 Pull complete 4.7s
✔ bfed8c155cb6 Pull complete 4.6s
✔ 7a7c2e908867 Pull complete 6.6s
✔ d176994b625c Pull complete 6.0s
✔ 2d8ace6a2716 Pull complete 5.6s
✔ c70df516383c Pull complete 7.1s
✔ 15e1b44fe4c7 Pull complete 7.1s
✔ 65e50d44e95a Pull complete 7.6s
✔ 77f68910bc0a Pull complete 8.0s
✔ 605dd3a6e332 Pull complete 8.2s
✔ 99ce27188f07 Pull complete 8.6s
✔ 74d64e32c5d5 Pull complete 9.4s
✔ ef5fc9928b9f Pull complete 9.4s
✔ 163f3256e112 Pull complete 9.6s
✔ db Pulled 50.3s
✔ c6a0976a2dbe Pull complete 10.9s
✔ ae691a8c1b16 Pull complete 9.7s
✔ 8fe011e50abc Pull complete 10.1s
✔ c5c88c8fbaa8 Pull complete 11.0s
✔ 25d028b2b1f1 Pull complete 11.2s
✔ a2cbeb759403 Pull complete 11.9s
✔ e8ceebeb4e87 Pull complete 13.5s
✔ 70daaf3f7c42 Pull complete 12.4s
✔ 01f4c19f9b85 Pull complete 14.9s
✔ 0c347df2d48a Pull complete 43.5s
✔ 8903dbcded2d Pull complete 14.6s
[+] Building 105.2s (17/17) FINISHED docker:desktop-linux
=> [www internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 580B 0.0s
=> [www internal] load metadata for docker.io/library/composer:latest 3.7s
=> [www internal] load metadata for docker.io/library/php:7.4-apache 3.6s
=> [www auth] library/php:pull token for registry-1.docker.io 0.0s
=> [www auth] library/composer:pull token for registry-1.docker.io 0.0s
=> [www internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [www stage-0 1/8] FROM docker.io/library/php:7.4-apache@sha256:c9d7e608f73832673479770d66aacc8100011ec751d1905ff63fae3fe2e0ca6d 37.0s
=> => resolve docker.io/library/php:7.4-apache@sha256:c9d7e608f73832673479770d66aacc8100011ec751d1905ff63fae3fe2e0ca6d 0.0s
=> => sha256:c9d7e608f73832673479770d66aacc8100011ec751d1905ff63fae3fe2e0ca6d 1.86kB / 1.86kB 0.0s
=> => sha256:f3ac85625e767ee0ec42b5a2ef93880251cd973b86f77124c4ed39bccd2f8bf9 30.06MB / 30.06MB 1.3s
=> => sha256:cef99caa15fe8fdcd9b6edce648170b984bb470cb4fd7c3470a8677cbf70ccf6 3.04kB / 3.04kB 0.0s
=> => sha256:fe6d1ba7ae23775176ca857c2af51839443b978af2b711a771f4e8457dcef9d6 12.52kB / 12.52kB 0.0s
=> => sha256:52c4af7a39c39eedcaf52194d52f333a71017ffe436a4e3725ebeb10f91baccf 86.93MB / 86.93MB 3.8s
=> => sha256:826c69643efc7a2fa413b41d83553f587c092a532d2d6582de3caf323e79a005 226B / 226B 1.3s
=> => sha256:48bbb37a166bb998d4d6855dd70df915916376afc2a7eb0646a4453bbd43e8d6 19.17MB / 19.17MB 2.8s
=> => extracting sha256:f3ac85625e767ee0ec42b5a2ef93880251cd973b86f77124c4ed39bccd2f8bf9 9.2s
=> => sha256:946bbe7211684bcd10ae8486cd441fc15f18504b0795e1bbc3b0687b492b215e 269B / 269B 1.9s
=> => sha256:c5ba13601c856716cb7971ee60f01f0138236c05cadff15fd387bd5308610f98 475B / 475B 2.5s
=> => sha256:e63b292a06a12240a013c7c7fc0ccc4117d2e75937b72ec7aa64b77333157619 510B / 510B 3.1s
=> => sha256:ac2e4aa724ec9f16deec3d76b47c10c6416bdc26682dcbd436831f789ef66ab5 10.76MB / 10.76MB 4.0s
=> => sha256:60f3998c5ba63dc3318a94cdcd5edb313a1d9f325e5be9fef1e36a83db40ab1c 493B / 493B 3.9s
=> => sha256:988fd8f2e2a7cea48d53220bcfd81139bcdf83c3d7390a6e621f0490748a0762 10.00MB / 10.00MB 4.6s
=> => sha256:dc1c2b16275e20d87f9de7355eda30f5d6a84fea15e01fdac4600fa3d0f7a45a 2.46kB / 2.46kB 4.3s
=> => sha256:a0a2e1d76bfef0e3b37afb36c4e1ff0398f1f92988f2b1cacc63e953fd4e203d 244B / 244B 4.4s
=> => sha256:3a667e35f6ca703bb8fed26fbcdb5dc8c6819a82112f6c4da8dd9441e6c222c3 891B / 891B 4.7s
=> => extracting sha256:826c69643efc7a2fa413b41d83553f587c092a532d2d6582de3caf323e79a005 0.0s
=> => extracting sha256:52c4af7a39c39eedcaf52194d52f333a71017ffe436a4e3725ebeb10f91baccf 17.0s
=> => extracting sha256:946bbe7211684bcd10ae8486cd441fc15f18504b0795e1bbc3b0687b492b215e 0.0s
=> => extracting sha256:48bbb37a166bb998d4d6855dd70df915916376afc2a7eb0646a4453bbd43e8d6 4.2s
=> => extracting sha256:c5ba13601c856716cb7971ee60f01f0138236c05cadff15fd387bd5308610f98 0.0s
=> => extracting sha256:e63b292a06a12240a013c7c7fc0ccc4117d2e75937b72ec7aa64b77333157619 0.0s
=> => extracting sha256:ac2e4aa724ec9f16deec3d76b47c10c6416bdc26682dcbd436831f789ef66ab5 0.5s
=> => extracting sha256:60f3998c5ba63dc3318a94cdcd5edb313a1d9f325e5be9fef1e36a83db40ab1c 0.0s
=> => extracting sha256:988fd8f2e2a7cea48d53220bcfd81139bcdf83c3d7390a6e621f0490748a0762 1.8s
=> => extracting sha256:dc1c2b16275e20d87f9de7355eda30f5d6a84fea15e01fdac4600fa3d0f7a45a 0.0s
=> => extracting sha256:a0a2e1d76bfef0e3b37afb36c4e1ff0398f1f92988f2b1cacc63e953fd4e203d 0.0s
=> => extracting sha256:3a667e35f6ca703bb8fed26fbcdb5dc8c6819a82112f6c4da8dd9441e6c222c3 0.0s
=> [www internal] load build context 4.2s
=> => transferring context: 37.89MB 4.1s
=> [www] FROM docker.io/library/composer:latest@sha256:ee4676ef56f97c82f11b421717386bcf9353a53bee9276c414ad80a0a4dc0e02 24.6s
=> => resolve docker.io/library/composer:latest@sha256:ee4676ef56f97c82f11b421717386bcf9353a53bee9276c414ad80a0a4dc0e02 0.0s
=> => sha256:ee4676ef56f97c82f11b421717386bcf9353a53bee9276c414ad80a0a4dc0e02 1.65kB / 1.65kB 0.0s
=> => sha256:f6fee97370fbde11b86c2a571f1788aefc29e29672dbb8ceeb66785dc62b5de0 11.61kB / 11.61kB 0.0s
=> => sha256:84daa36296e4131baa878696b156f234bdbba14d45c098d535a7977d133cc2c9 3.25kB / 3.25kB 0.0s
=> => sha256:af252c8885a7ef2b1e85bce006efb30a7c8fb938ae8b50557ac99f551db6347d 2.82MB / 2.82MB 5.2s
=> => sha256:41380dbb2574885d6efd5d44c03067af395ce0303f74e6aa7a08b639904dfb09 1.26kB / 1.26kB 5.3s
=> => sha256:3a0a53e1b8079d8de445a7d2739eb1b065a4df2f537d45e8ceaeeb4469bc61a2 268B / 268B 5.5s
=> => extracting sha256:af252c8885a7ef2b1e85bce006efb30a7c8fb938ae8b50557ac99f551db6347d 0.4s
=> => sha256:83a1cb08c153498a9be7caaa2185c10e49058066ae96cb5f9a71d928b5b615a5 499B / 499B 5.6s
=> => sha256:e047714a905aeb3085f24804f128f996f8652475104aabeccc96d46e2b5d8741 12.49MB / 12.49MB 6.1s
=> => sha256:a823bdce6d4900de117ddad0572b8f58c795e051543a1ffcbdf9d23626dea6e4 19.65MB / 19.65MB 8.6s
=> => sha256:0a5912cb7b33d5cc4c747e9c6e85606d780d02ed0db3eb60130baa080178dce3 2.45kB / 2.45kB 6.1s
=> => extracting sha256:41380dbb2574885d6efd5d44c03067af395ce0303f74e6aa7a08b639904dfb09 0.0s
=> => sha256:00793d4382f7a2149912ef9897d9923ba0894f13a9bc62438ba9dded2b9bdba1 19.11kB / 19.11kB 6.5s
=> => sha256:c7a2a6c176a1976be48907ffc0136b5aa7728f82e5ba4107f3627aeb9953c878 33.24MB / 33.24MB 7.4s
=> => extracting sha256:3a0a53e1b8079d8de445a7d2739eb1b065a4df2f537d45e8ceaeeb4469bc61a2 0.0s
=> => extracting sha256:e047714a905aeb3085f24804f128f996f8652475104aabeccc96d46e2b5d8741 0.5s
=> => sha256:12daba0c8ab18c465f6334989a062567fadd24887fe1b1b1b49494c843ec3768 263B / 263B 7.0s
=> => sha256:ec67af609aee28b376fa933d6b9f9dd83e49c9ea1d3cf9c985ca37771d7ab785 15.98MB / 15.98MB 8.1s
=> => extracting sha256:83a1cb08c153498a9be7caaa2185c10e49058066ae96cb5f9a71d928b5b615a5 0.0s
=> => sha256:6b2b5ac8f88d87baa1de849a80f12e9e5640dfdeaeb9f4c9c1d930ed41a6e709 418B / 418B 8.0s
=> => sha256:c551c33f70b76b959018ace3055ab9852ce783f34744811ef215a57d56f5ac26 124B / 124B 8.4s
=> => extracting sha256:a823bdce6d4900de117ddad0572b8f58c795e051543a1ffcbdf9d23626dea6e4 2.1s
=> => extracting sha256:0a5912cb7b33d5cc4c747e9c6e85606d780d02ed0db3eb60130baa080178dce3 0.0s
=> => extracting sha256:00793d4382f7a2149912ef9897d9923ba0894f13a9bc62438ba9dded2b9bdba1 0.0s
=> => extracting sha256:c7a2a6c176a1976be48907ffc0136b5aa7728f82e5ba4107f3627aeb9953c878 5.7s
=> => extracting sha256:12daba0c8ab18c465f6334989a062567fadd24887fe1b1b1b49494c843ec3768 0.0s
=> => extracting sha256:ec67af609aee28b376fa933d6b9f9dd83e49c9ea1d3cf9c985ca37771d7ab785 5.6s
=> => extracting sha256:6b2b5ac8f88d87baa1de849a80f12e9e5640dfdeaeb9f4c9c1d930ed41a6e709 0.0s
=> => extracting sha256:c551c33f70b76b959018ace3055ab9852ce783f34744811ef215a57d56f5ac26 0.0s
=> [www stage-0 2/8] RUN docker-php-ext-install mysqli pdo_mysql 35.9s
=> [www stage-0 3/8] RUN apt-get update && apt-get install -y libzip-dev && apt-get install -y zlib1g-dev && rm -rf /var/lib/apt/lists/* && docker-php-ext-install zip 21.1s
=> [www stage-0 4/8] COPY --from=composer:latest /usr/bin/composer /usr/local/bin/composer 0.1s
=> [www stage-0 5/8] COPY ./vapi /var/www/html/vapi 3.6s
=> [www stage-0 6/8] RUN rm /var/www/html/vapi/.env 0.4s
=> [www stage-0 7/8] RUN echo "flag{ssrf_e0pgt3az9zeqdd4fhatc}" > /flag.txt 0.4s
=> [www stage-0 8/8] RUN php /var/www/html/vapi/artisan config:cache 1.1s
=> [www] exporting to image 1.6s
=> => exporting layers 1.5s
=> => writing image sha256:c5c7f8b275de7c0a59ffd1988ba18581ef120e17f11a4aadedf002741dcb467f 0.0s
=> => naming to docker.io/library/vapi-www 0.0s
[+] Running 6/5
✔ Network vapi_default Created 0.1s
✔ Volume "vapi_persistent" Created 0.0s
✔ Container vapi-db-1 Created 0.2s
✔ Container vapi-phpmyadmin-1 Create... 0.2s
✔ Container vapi-www-1 Created 0.1s
! phpmyadmin The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested 0.0s
⠋ Container vapi-db-1 Starting 0.0s
Error response from daemon: Ports are not available: exposing port TCP 0.0.0.0:3306 -> 0.0.0.0:0: listen tcp 0.0.0.0:3306: bind: address already in use
davinder@Davinders-MacBook-Air vapi % sudo docker-compose up -d
WARN[0000] The "PUSHER_APP_CLUSTER" variable is not set. Defaulting to a blank string.
WARN[0000] The "APP_NAME" variable is not set. Defaulting to a blank string.
WARN[0000] The "PUSHER_APP_KEY" variable is not set. Defaulting to a blank string.
WARN[0000] /Users/davinder/api/lab/vapi/docker-compose.yml: `version` is obsolete
[+] Running 3/3
✔ Container vapi-db-1 Started 0.2s
✔ Container vapi-phpmyadmin-1 Started 0.3s
✔ Container vapi-www-1 Started 0.2s
davinder@Davinders-MacBook-Air vapi %
After successful installation. You will see something like this:
Posts
