Merge pull request #9 from lmoroz/add-docker

Add Docker

Dockerfile

@@ -0,0 +1,11 @@
+FROM php:7.4-apache
+RUN apt-get update && apt-get install -y iputils-ping dnsutils
+RUN docker-php-ext-install mysqli pdo pdo_mysql
+RUN a2enmod rewrite
+COPY ./bWAPP /var/www/html/bWAPP
+RUN chown -R www-data:www-data /var/www/html/bWAPP
+RUN chmod 777 /var/www/html/bWAPP/passwords/
+RUN chmod 777 /var/www/html/bWAPP/images/
+RUN chmod 777 /var/www/html/bWAPP/documents/
+RUN chmod 777 /var/www/html/bWAPP/logs/
+EXPOSE 8080

README.md

@@ -0,0 +1,68 @@
+
+# bWAPP latest modification for PHP7.4 bundled into Docker container
+## No preparation needed
+
+1. Run docker container with following command:
+
+`docker-compose up -d`
+
+or using Docker Desktop
+2. Open [http://localhost:8080/bWAPP/install.php](http://localhost:8080/bWAPP/install.php), press `here` link on the page
+3. Go to [http://localhost:8080/bWAPP/login.php](http://localhost:8080/bWAPP/login.php)
+4. Enjoy
+
+--------------
+bWAPP - README
+--------------
+
+bWAPP, or a buggy web application, is a deliberately insecure web application.
+bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
+It prepares one to conduct successful penetration testing and ethical hacking projects.
+What makes bWAPP so unique? Well, it has over 100 web bugs!
+bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project!
+It is for security-testing and educational purposes only.
+
+It includes:
+
+* Injection vulnerabilities like SQL, SSI, XML/XPath, JSON, LDAP, HTML, iFrame, OS Command and SMTP injection
+* Cross-Site Scripting (XSS), Cross-Site Tracing (XST) and Cross-Site Request Forgery (CSRF)
+* Unrestricted file uploads and backdoor files
+* Authentication, authorization and session management issues
+* Arbitrary file access and directory traversals
+* Local and remote file inclusions (LFI/RFI)
+* Server Side Request Forgery (SSRF)
+* XML External Entity Attacks (XXE)
+* Heartbleed vulnerability (OpenSSL)
+* Shellshock vulnerability (CGI)
+* Drupal SQL injection (Drupageddon)
+* Configuration issues: Man-in-the-Middle, cross-domain policy file, information disclosures,...
+* HTTP parameter pollution and HTTP response splitting
+* Denial-of-Service (DoS) attacks
+* HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues
+* Unvalidated redirects and forwards
+* Parameter tampering
+* PHP-CGI vulnerability
+* Insecure cryptographic storage
+* AJAX and Web Services issues (JSON/XML/SOAP)
+* Cookie and password reset poisoning
+* Insecure FTP, SNMP and WebDAV configurations
+* and much more...
+
+bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux and Windows using Apache/IIS and MySQL. It can be installed with WAMP or XAMPP.
+
+It's also possible to download our bee-box, a custom VM pre-installed with bWAPP.
+
+This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education. 
+IT security, ethical hacking, training and fun... all mixed together.
+You can find more about the ITSEC GAMES and bWAPP projects on our blog.
+
+We offer a 2-day comprehensive web security course 'Attacking & Defending Web Apps with bWAPP'.
+This course can be scheduled on demand, at your location!
+More info: http://goo.gl/ASuPa1 (pdf)
+
+Enjoy!
+
+Cheers
+
+Malik Mesellem
+Twitter: @MME_IT

bWAPP/admin/settings.php

@@ -17,7 +17,7 @@
 */
 
 // Database connection settings
-$db_server = "localhost";
+$db_server = "db";
 $db_username = "root";
 $db_password = "";
 $db_name = "bWAPP";

bWAPP/commandi_blind.php

@@ -146,7 +146,7 @@ function commandi($data)
                 // echo "Windows!";
 
                 // Increasing the PING count will slow down your web scanner!
-                shell_exec("ping -n 1 " . commandi($target));
+              echo '<pre>'.shell_exec("ping -n 1 " . commandi($target)).'</pre>';
 
             }
 
@@ -157,7 +157,7 @@ function commandi($data)
                 // echo "Not Windows!";
 
                 // Increasing the PING count will slow down your web scanner!
-                shell_exec("ping -c 1 " . commandi($target));
+              echo '<pre>'.shell_exec("ping -c 1 " . commandi($target)).'</pre>';
 
             }
 

docker-compose.yml

@@ -0,0 +1,25 @@
+version: '3.8'
+
+services:
+  web:
+    build: .
+    image: bwapp-php7:20240402
+    ports:
+      - "8080:80"
+    depends_on:
+      - db
+    environment:
+      - MYSQL_HOST=db
+      - MYSQL_USER=root
+
+  db:
+    image: mysql:5.7
+    environment:
+      - MYSQL_ALLOW_EMPTY_PASSWORD=yes
+    ports:
+      - "3306:3306"
+    volumes:
+      - db_data:/var/lib/mysql
+
+volumes:
+  db_data: