![[The AI Show Episode 143]: ChatGPT Revenue Surge, New AGI Timelines, Amazon’s AI Agent, Claude for Education, Model Context Protocol & LLMs Pass the Turing Test](https://www.marketingaiinstitute.com/hubfs/ep%20143%20cover.png)
![From Accountant to Data Engineer with Alyson La [Podcast #168]](https://cdn.hashnode.com/res/hashnode/image/upload/v1744420903260/fae4b593-d653-41eb-b70b-031591aa2f35.png?#)
.png?#)
![Apple Watch SE 2 On Sale for Just $169.97 [Deal]](https://www.iclarified.com/images/news/96996/96996/96996-640.jpg)
![Apple Posts Full First Episode of 'Your Friends & Neighbors' on YouTube [Video]](https://www.iclarified.com/images/news/96990/96990/96990-640.jpg)
Explore Pentesting the Easy Way: Using Nmap and Docker
In Part 1, we learned how to scan a server and interpret basic Nmap output. Now it’s time to simulate a real pentest — from detecting services to running actual vulnerability scans — all in a safe, legal, and local environment using Docker. No signup. No cost. Just you, your terminal, and some powerful open-source tools. What We'll Do We'll spin up a deliberately insecure web application (DVWA) using Docker and use Nmap to: Find which ports are open on a computer or server See what programs (services) are running and which versions they are Look for known security issues (vulnerabilities) Understand and make sense of the scan results like a real ethical hacker Step 1: Set Up the Vulnerable App (DVWA) We’re using DVWA (Damn Vulnerable Web Application), a popular training ground for beginner pentesters. Requirements: Docker installed on your machine Nmap installed Start DVWA with Docker: docker run -d -p 8888:80 vulnerables/web-dvwa This command will: Download the DVWA image (if not already present) Run it inside a container Expose the web app on your local machine at http://localhost:8888 When opening http://localhost:8888 you will see something like this Step 2: Identify the Service and Version Let’s start with a basic scan to see what’s running: nmap -sV -p 8888 127.0.0.1 This command tells Nmap to: -sV: Detect service versions -p 8888: Focus only on port 8888 (where our app runs) Sample Output: PORT STATE SERVICE VERSION 8888/tcp open http Apache httpd 2.4.25 ((Debian)) From the above output we can understand: What is running: a web server Which server: Apache Which version: 2.4.25 (Debian build)
In Part 1, we learned how to scan a server and interpret basic Nmap output. Now it’s time to simulate a real pentest — from detecting services to running actual vulnerability scans — all in a safe, legal, and local environment using Docker.
No signup. No cost. Just you, your terminal, and some powerful open-source tools.
What We'll Do
We'll spin up a deliberately insecure web application (DVWA) using Docker and use Nmap to:
- Find which ports are open on a computer or server
- See what programs (services) are running and which versions they are
- Look for known security issues (vulnerabilities)
- Understand and make sense of the scan results like a real ethical hacker
Step 1: Set Up the Vulnerable App (DVWA)
We’re using DVWA (Damn Vulnerable Web Application), a popular training ground for beginner pentesters.
Requirements:
- Docker installed on your machine
- Nmap installed
Start DVWA with Docker:
docker run -d -p 8888:80 vulnerables/web-dvwa
This command will:
- Download the DVWA image (if not already present)
- Run it inside a container
- Expose the web app on your local machine at
http://localhost:8888
When opening http://localhost:8888 you will see something like this
Step 2: Identify the Service and Version
Let’s start with a basic scan to see what’s running:
nmap -sV -p 8888 127.0.0.1
This command tells Nmap to:
-
-sV: Detect service versions -
-p 8888: Focus only on port 8888 (where our app runs)
Sample Output:
PORT STATE SERVICE VERSION
8888/tcp open http Apache httpd 2.4.25 ((Debian))
From the above output we can understand:
- What is running: a web server
- Which server: Apache
- Which version: 2.4.25 (Debian build)
