🏦 CMPT782 Security Lab - VulnBank
A deliberately vulnerable banking system designed for cybersecurity education and training. This project demonstrates common security vulnerabilities in web applications and AI-powered systems.
THIS SYSTEM IS FOR EDUCATIONAL PURPOSES ONLY
- Contains INTENTIONAL security vulnerabilities
- DO NOT USE IN PRODUCTION
- Designed for cybersecurity training and research
- Use only in isolated, controlled environments
BankLLMAgent is a comprehensive educational platform that simulates a banking system with multiple attack vectors:
- Vulnerable REST API with SQL injection, authentication bypasses, and data exposure
- AI-Powered Chatbot with prompt injection and jailbreak vulnerabilities
- Web Interface built with Streamlit for interactive testing
- SQLite Database with intentionally weak security practices
BankLLMAgent/
├── api_server.py # FastAPI backend with
├── streamlit_app.py # Streamlit web interface
├── chatbot_llm.py # AI chatbot with Groq
├── database.py # SQLite database manager
├── models.py # Pydantic data models
├── run_server.py # Main server launcher
├── requirements.txt # Python dependencies
└── README.md # This file
- Python 3.8+ AND Python < 3.13
- Groq API key (for AI chatbot functionality)
-
Clone the repository:
git clone <repository-url> cd BankLLMAgent
-
Install dependencies:
pip install -r requirements.txt
-
Run the application:
python run_server.py
-
Access the application:
- Web Interface: http://localhost:8501
- API Documentation: http://localhost:8000/docs
- Get your API key from Groq Console
- Enter the API key in the Streamlit interface when prompted
The system comes pre-populated with sample users:
- alice_johnson / password123 (Account: 1001)
- bob_smith / securepass (Account: 1002)
- charlie_brown / mypassword (Account: 1003)
- diana_prince / wonderwoman (Account: 1004)
- eve_adams / easypass (Account: 1005)
- CMPT782 - Cybersecurity Lab 1