WebVM: a Linux virtual machine that lives inside your browser

Share on Pinterest Share on LinkedIn Share on WhatsApp
Share on Pinterest Share on LinkedIn Share on WhatsApp

While half the world is moving workloads to the cloud, there’s a very interesting front going in the opposite direction: bringing full execution environments into the browser, without servers, without installation, and without plugins. That’s exactly where WebVM fits in: an open source project that lets you run a full x86 Linux distribution directly in your browser using WebAssembly.

This is not a “fake terminal” or a limited demo: it’s a real Linux virtual machine, based on Debian, running in an isolated way on the client and capable of executing unmodified x86 binaries.

What exactly is WebVM?

WebVM is a 100% client-side virtual environment, written in HTML5/WebAssembly, designed to be Linux ABI compatible.

In practice, this means:

  • It runs in any modern browser.
  • It doesn’t need a backend for execution (there’s no server processing your commands).
  • It loads a disk image (for example, a “mini” Debian) and runs it on a virtualization engine compiled to WebAssembly.
  • You can use native development tools (compilers, utilities, shells…) as if you were on a real Linux machine.

The key piece is CheerpX, the virtualization engine developed by Leaning Technologies, which includes:

  • An x86 → WebAssembly JIT compiler.
  • A block-based virtual file system.
  • A Linux syscall emulator.

On top of this, WebVM provides the web interface, terminal, and the rest of the components around that VM “embedded” in the browser.

Networking in the browser: integration with Tailscale (and headscale)

One of the big challenges of running virtual machines inside the browser is network connectivity, because browsers don’t allow direct use of TCP/UDP.

WebVM solves this by integrating with Tailscale, a VPN network based on WireGuard that, in this case, leverages WebSockets as a transport layer. The flow is:

  1. You open the “Networking” panel in WebVM.
  2. You click “Connect to Tailscale”.
  3. You sign in with your Tailscale account (or use an auth key).
  4. Once connected, the VM running in your browser becomes part of your Tailscale network.

With this approach you can:

  • Access machines in your own private Tailscale network.
  • Route traffic to the public Internet through an exit node.
  • Use headscale, the open source implementation of the Tailscale control server, by adding #controlUrl=<your-url> to the WebVM URL.

To automate joining, you can also append an authKey in the URL fragment:

https://webvm.io/#authKey=<your-key>
Code language: JavaScript (javascript)

(It’s recommended to use an ephemeral key.)

In other words, your “browser Linux” can talk to your real infrastructure in a controlled and secure way.

Fork, deploy, and customize: WebVM on your own infrastructure

Although there is a public instance at webvm.io, the project is designed so anyone can clone, deploy, and customize it easily:

  1. Fork the GitHub repo leaningtech/webvm.
  2. Enable GitHub Pages with the built-in Actions workflow.
  3. Run the “Deploy” workflow to build and publish the site.
  4. From there, you can change:
    • The Dockerfiles (for example, dockerfiles/debian_mini).
    • The disk image in use.
    • The default command that runs inside the VM.

If you want to go further, you can download and serve a local Debian “mini” disk image:

  • Download the .ext2 image.
  • Edit config_public_terminal.js to point to your local path (/disk-images/...ext2) and change the disk type to "bytes".
  • Build the frontend with npm install + npm run build.
  • Configure Nginx to serve both the build and disk images.

The result: your own local WebVM instance, accessible for example at http://127.0.0.1:8081.

Practical example: turning WebVM into a Python REPL

One big advantage of the Dockerfile-based design is that you can specialize the VM for specific use cases by changing the default command.

The README provides a simple example: turning the VM into a Python 3 REPL. You just need to modify the CMD line in the Debian mini Dockerfile, going from:

CMD [ "/bin/bash" ]
Code language: CSS (css)

to:

CMD [ "/usr/bin/python3" ]
Code language: CSS (css)

With that change, the WebVM console stops opening a Bash shell and instead launches a ready-to-use Python 3 interpreter. It’s ideal for:

  • Teaching programming in a fully isolated environment.
  • Offering interactive labs without local installation.
  • Embedding live demos into websites or educational platforms.

Claude AI integration from WebVM

Another interesting point is that WebVM already documents how to integrate Claude AI (Anthropic) from its own interface:

  1. The user obtains an API key from the Anthropic Console.
  2. Inside WebVM, they open the integration panel (robot icon).
  3. They paste the key, which is stored only in the user’s browser.
  4. From there, they can launch tasks such as:

“Solve the CTF challenge at /home/user/chall1.bin. Note that the binary reads from stdin.”

This way, the combination of WebVM + Claude enables scenarios like:

  • CTF and security training, where the AI helps analyze binaries inside the VM.
  • Coding assistants that work directly against the Linux environment in the browser.

All of that while keeping keys and logic on the client side.

Use cases: from education to controlled hacking

WebVM opens up a very attractive range of use cases for developers, educators, and security teams:

  • Educational labs
    Linux, scripting, networking, or compilation workshops without asking students to install anything. Just a modern browser.
  • CTFs and security challenges
    Distribute binaries, challenges, and tools inside a browser VM with strong isolation, without exposing your own infrastructure.
  • Live technical demos and documentation
    Show executable examples directly from docs or technical landing pages: “open this terminal and try it”.
  • Homelabs and quick tests
    Spin up a mini Debian environment from your browser to test commands, tools, or scripts without touching your host system.
  • Enterprise experimentation
    Let employees experiment with Linux tools without granting them access to internal servers.

Licensing and usage model

WebVM is distributed under the Apache 2.0 license, which allows you to:

  • Use the code.
  • Modify it.
  • Redistribute it, including in commercial products, as long as you respect the license terms.

However, the public deployment of CheerpX (the virtualization engine underneath) has important caveats:

  • The public instance is provided “as is” for technological exploration, testing, and individual use.
  • Any other use by organizations (companies, universities, public sector, etc.) requires a commercial license.
  • Downloading a CheerpX build to host it elsewhere is not allowed without that license.

If you want to build a product on top of CheerpX/WebVM, Leaning Technologies invites you to contact them directly at: [email protected].

A “pocket Linux” in every tab

At a time when browsers are practically an operating system inside the operating system, WebVM shows how far you can go with WebAssembly and client-side virtualization: a full Linux system, running real x86 binaries, in a single browser tab.

For developers, educators, or security teams, it’s an elegant way to deploy reproducible, isolated, and easily accessible environments, keeping control over the code and without compromising the local machine. It’s definitely a project to watch closely if you’re exploring new ways to distribute tools and technical labs on the web.

Try online WebVM.

Share on Pinterest Share on LinkedIn Share on WhatsApp

SUBSCRIBE TO THE
SYSADMINS NEWSLETTER!

Related articles

Scroll to Top