Educational Exploitable Web Application
Python Makefile
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
mac_task/mac
.travis.yml
LICENSE
Makefile
README.md
THANKS
badguy.svg
db.data
favicon.png
set_content.py
setup.cfg
traversalfs.tar.bz2
vulnsrv.py

README.md

vulnsrv is a web applications that allows students to exploit various common security vulnerabilites.

All vulnerabilities are only simulated; vulnsrv is intended to be 100% safe. However, vulnsrv may contain bugs and security vulnerabilities, like every other program. Note that vulnsrv reproduces user-supplied content, which can be rude/in violation of local laws restricting speech. By default, it accepts only connections from the local machine. Due to the simulated security vulnerabilities, vulnsrv must not be mapped in(proxied) in a regular domain, as doing so would expose the domain and super-domains to Cross-Site Scripting vulnerabilties.

vulnsrv was originally written to provide excercises for a German computer security lecture. vulnsrv is intended to be easier to use and simpler than Google Gruyere, and used in an educational context.

Running vulnsrv

You can either run it yourself or use the web service at vulnsrv.net (TODO: Not yet deployed, see issue #11).

  1. Download vulnsrv.py.
  2. Execute it with python vulnsrv.py

System Requirements

For running vulnsrv yourself: Python 2.5, 2.6, 2.7, or 3.2+ . For development or the service mode, 2.6+.

For the user, any web browser will do, although a modern web browser that includes developer tools is certainly a good idea.

Developing vulnsrv

Development goals in the near future are translation and a service mode for deployment on vulnsrv.net. If you can translate vulnsrv (about 30 lines of text), feel free to contact Philipp Hagemeister.