CSecGoat - Java Web vulnerability experiment application platform, funded by CSecGroup.
CSecGoat developed by spring boot and mysql。install like this:
mvn install
cd target
java -jar goat.jar
For further details, check out the source code on the main site, github.com/CSecGroup/CSecGoat.
It has a number of vulnerability.
- 命令执行
- 反序列化漏洞
- 任意文件读取
- groovy exec
- ssrf
- XXE
- sql注入
- url重定向
- xss
- ...
More information about the services that I offer at Code Security Group.