Docker containers necessary to run dwpa locally or publicly.
To run a worker, please have a look at dwpa-worker-docker.
Clone the repository:
git clone --recursive https://github.com/iganev/dwpa-web-docker.git
Go inside the folder:
cd dwpa-web-docker
If you forgot --recursive
during clone:
git submodule update --init --remote
Copy the example env file:
cp .env.example .env
Open the env file and edit all necessary variables:
vim .env
Either prepare your own dictionary set as .txt.gz
files in dict
or run this to get the official/original instance dictionaries:
./download_dicts.sh
After making sure you have all necessary dictionaries gzipped and ready, run this to generate SQL INSERTS for your specific dictionary setup:
./gen_dicts_sql.sh
Finally, run this to compile a full database migration file that will consist of the base schema, additional stats default data, your dictionaries and your default API key (matches the boss key):
./prepare_db.sh
If you want to run a local instance of dwpa, after completing the Setup steps you need to just:
docker compose up -d
If you want to run a public instance then you need to override the default docker-compose.yml
with the provided docker-compose.proxy.yml
to add TLS (using LetsEncrypt) and prevent auto-login in phpMyAdmin:
docker composer -f docker-compose.yml -f docker-compose.proxy.yml up -d
During first run the database will be created and the file db.sql
will be imported. This is done only once during first initialization. Therefore if you need to add dictionaries at a later stage, or you want (and you should definitely) to add special dictionary rules to be passed to the worker (hashcat) you need to do that through phpMyAdmin by updating or inserting rows in the dicts
table.
By default the setup script inserts all dictionaries with just the :
rule which means "passthrough". This is usually not enough to perform successful audits! To improve your results, either update the rules
column of each row in dicts
or alternatively you setup your dwpa-worker-docker to load extra rules from a file. For example, one rule to rule them all, or another good set of hashcat rules.
The default (original) dwpa public instance as of time of writing uses more or less the following rules:
:
$a
^a
u
T0
$0
$1
$3
$7
$9
$6$9
$1$2$3
$2$0$2$4
so0
si1
se3
]
]]
Read more here about hashcat rules.
DWPA_VIRTUAL_HOST
: The virtual host to be used. localhost
for local deployments. A valid domain pointing to that IP address for public deployments.
DWPA_PUBLIC_URL
: The virtual host + protocol to be used for dictionary links. http://localhost
for local deployments. https
+ valid domain name for public deployments.
DWPA_VIRTUAL_HOST_PMA
: The virtual host to be used for PHPMyAdmin. Use localhost
for local deployments. Use a subdomain for public deployments.
DWPA_DB_NAME
: Database name
DWPA_DB_USER
: Database user
DWPA_DB_PASS
: Database user password
DWPA_DB_ROOT
: Database root password
DWPA_BOSS_KEY
: DWPA boss key; also used to create a default user for personal use.
DWPA_MAIL_HOST
: SMTP hostname. Leave empty for local deployments.
DWPA_MAIL_PORT
: SMTP port. 587
by default.
DWPA_MAIL_USER
: SMTP username
DWPA_MAIL_PASS
: SMTP password
DWPA_MAIL_NAME
: Mail from name
DWPA_MAIL_FROM
: Mail from email
DWPA_RECAPTCHA_PUBLIC_KEY
: Recaptcha public key. Leave empty for local deployments.
DWPA_RECAPTCHA_PRIVATE_KEY
: Recaptcha private key. Leave empty for local deployments.
DWPA_WIGLE_API_KEY
: Wigle API Key. Optional.