𝕴 𝖉𝖔 𝖒𝖆𝖌𝖎𝖈

Build your own web vulnerability practice platform, suitable for users of all levels.

Preface: Learning some theory and skills, how can we lack practice? Let's build our own vulnerability practice platform.


Using the Pikachu Vulnerability Playground System, I can't find the official website...
Pikachu is a web application system with vulnerabilities, which includes common web security vulnerabilities. If you are a web penetration testing learner and are worried about not having a suitable playground for practice, then Pikachu may be just right for you.

The vulnerability types on Pikachu are listed below:

    Burt Force (Brute Force Vulnerability)
    XSS (Cross-Site Scripting Vulnerability)
    CSRF (Cross-Site Request Forgery)
    SQL-Inject (SQL Injection Vulnerability)
    RCE (Remote Command/Code Execution)
    Files Inclusion Vulnerability
    Unsafe file downloads
    Unsafe file uploads
    Over Permission Vulnerability
    ../../../ (Directory Traversal)
    I can see your ABC (Sensitive Information Disclosure)
    PHP Deserialization Vulnerability
    XXE (XML External Entity attack)
    Insecure URL Redirection
    SSRF (Server-Side Request Forgery)
    More... (Look for it?.. There are Easter eggs!)
    The management tool provides a simple XSS management background for you to test phishing and steal cookies~
    More new vulnerabilities will be continuously updated, and you are also welcome to submit vulnerability cases to me. Please pay attention to the latest version of pikachu.

Author's GitHub link: https://github.com/zhuifengshaonianhanlu
Each vulnerability category is further divided into different subclasses based on different situations.


The database used is mysql, so to run Pikachu, you need to install the basic environment of "PHP+MYSQL+middleware (such as apache, nginx, etc.)" in advance. It is recommended to use some integrated software to build these basic environments directly in your test environment, such as XAMPP, WAMP, etc.
--> Put the downloaded pikachu folder in the root directory of the web server;
--> Modify the database connection configuration in inc/config.inc.php according to the actual situation;
--> Access http://x.x.x.x/pikachu, there will be a passionate prompt in red "Welcome to use, pikachu has not been initialized, click to initialize installation!", click to complete the installation.

It's not difficult to build it at home by yourself. You need a Raspberry Pi or other hardware with minimal requirements. If not, a virtual machine will also work.

Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.