This program is a standalone web server hosting apps vulnerable to a number of commmon web bugs. I made this to introduce those new or interested in information security to classes of web vulnerabilities.
** Current Modules **
- XSS (HTML injection, filter bypass, AngularJS injection)
- SQL Injection (basic, UNION attack, filter bypass)
- SSRF (PDF generation with wkhtmltopdf,weasyprint,headless Chrome)
- Weak Cryptography (AES ECB information leak)
- Command Injection
To begin, ensure python3 is installed on the target computer, then run the following commands:
- git clone https://www.github.com/caryhooper/vulndemoserver
- cd vulndemoserver/
- Install the requirements and run in Python. 3a) python -m pip install -r requirements.txt 3b) python vulndemoserver.py
- Alternately, install within a pipenv with the following commands 4a) pipenv install -r requirements.txt 4b) pipenv run python vulndemoserver.py
- Navigate to http://127.0.0.1:31337/
- Happy hacking!
Feel free to contribute by testing, sending me feedback, or pull request.
- Cary Hooper - caryhooper
This project is licensed under the MIT License - see the LICENSE.txt file for details
- Thanks to Andy Acer for introducing me to CherryPy.
- Special thanks to friends and colleagues who helped me test.