GithubHelp home page GithubHelp logo

toshi-snyk / go-dvwa Goto Github PK

View Code? Open in Web Editor NEW

This project forked from sqreen/go-dvwa

0.0 0.0 0.0 10.63 MB

Go Damn Vulnerable Web App

License: MIT License

JavaScript 12.83% PHP 0.16% Go 0.74% CSS 35.73% Makefile 0.07% HTML 35.26% Dockerfile 0.02% SCSS 15.19%

go-dvwa's Introduction

Sqreen's Go Damn Vulnerable Web App

This Go web server is a vulnerable application demonstration, protected by Sqreen.

It currently includes the following vulnerabilities:

  • SQL injection: /products accepts a URL-query parameter category that is injected into the SQL query (eg. /products?category=all%27%20UNION%20SELECT%20*%20FROM%20user%27) .
  • Shell injection
  • NoSQL injection
  • Server-Side Request Forgery

The web app comes with Sqreen for Go which can be enabled by running a valid Sqreen configuration that can be obtained at https://my.sqreen.com/. Once enabled, the agent should protect the application according to the application security configuration you enabled.

Quick Start

The pre-compiled go-dvwa docker image can be used to simply run the web application. The HTTP server listens the TCP address 0.0.0.0:8080 so you can expose it with docker:

$ docker run -it -p 8080:8080 go-dvwa

The vulnerable web app starts regardless of Sqreen's agent. It will start when having a valid configuration with Sqreen credentials you can get at https://my.sqree.com/. You can pass them using container's environment variables:

$ docker run -it -p 8080:8080 -e SQREEN_TOKEN=<token> -e SQREEN_APP_NAME="Go DVWA" go-dvwa

The web app vulnerabilities should be now blocked by Sqreen :-)

Sqreen for Go

Compile from sources

With docker builder

The simplest way to build this repository is by using the latest docker builder which can take a git repository source. Simply run the following command to build the latest go-dvwa docker image of this repository:

$ docker builder build github.com/sqreen/go-dvwa.git

Once built, you can simply run the image and pass the Sqreen configuration to the container via environment variables:

$ docker run -e SQREEN_TOKEN=<token> -e SQREEN_APP_NAME="Go DVWA" -p 8080:8080 go-dvwa

The Go web application is now running and you can access it at http://127.0.0.1:8080/.

From sources

Clone the repository and use the Makefile:

$ make

Once compiled, you can execute the binary file dvwa. Sqreen's agent configuration can then be passed by file or environment variable.

$ ./dvwa

The Go web application is now running and you can access it at http://127.0.0.1:8080/.

Note that the docker image can be also built using the Makefile:

$ make image

Cf. the previous docker image instructions to read how to start the container.

go-dvwa's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.