Skip to content
/ ThreatByte Public

ThreatByte is a vulnerable Python (Flask) web application designed to demonstrate some Web Application and API Security risks.

License

MIT license
4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

anotherik/ThreatByte

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63 Commits
.github/workflows
.github/workflows
 
 
client
client
 
 
db
db
 
 
server
server
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
run.py
run.py
 
 

Repository files navigation

ThreatByte

MIT License Python Docker

ThreatByte is a deliberately vulnerable web application designed to demonstrate some Web and API security risks. It serves as a learning platform for security professionals and developers to explore common vulnerabilities in a controlled environment.

๐Ÿš€ Features

The ThreatByte application aims to represent a simple online file-storing and sharing platform. It is developed in Python and uses the Flask framework. Currently it has the following features:

  • User Authentication: Users can sign up, log in, and log out.
  • Dashboard: Users have a personalized dashboard to view and manage their uploaded files.
  • File Upload: Users can upload files to the application.
  • File Download: Users can download files from the application.
  • Profile Management: Users can view and edit their profile information.

โš ๏ธ Vulnerabilities Overview

  • Insecure Configurations
  • Weak or Improper Cryptographic Implementations
  • Lack of Brute-Force Protection
  • Weak Session Management
  • Broken Object Level Authorization (BOLA)
  • Broken Object Property Level Authorization (BOPA)
  • Broken Function Level Authorization (BFLA)
  • Cross-Site Request Forgery (CSRF)
  • Path Traversal
  • SQL Injection
  • Cross-Site Scripting (XSS):
    • Reflected XSS
    • Stored XSS
    • DOM-based XSS
  • Unrestricted File Upload
  • Server-Side Request Forgery (SSRF)

๐Ÿ› ๏ธ Requirements

  • Python 3.x (where x is your specific Python version)
  • SQLite

๐Ÿ–ฅ๏ธ Running ThreatByte Locally

# Clone repository
git clone https://github.com/anotherik/ThreatByte.git && cd ThreatByte

# Create and activate virtual environment
python -m venv venv_threatbyte
source venv_threatbyte/bin/activate  # macOS/Linux
venv_threatbyte\Scripts\activate     # Windows

# Install dependencies and setup database
pip install -r requirements.txt
python db/create_db_tables.py

# Run the application
python run.py

# Open in browser: http://localhost:5000

# When finished, deactivate the virtual environment
deactivate

๐Ÿณ Running with Docker

# Build the Docker image
docker build -t threatbyte .

# Run the Docker container
docker run -p 5000:5000 threatbyte

๐Ÿค Contributing

Contributions are welcomed! Please fork the repository and create a pull request with your changes. You can also contribute by reporting issues, suggesting improvements, or providing feedback through comments. Whether it's refining documentation, optimizing code, or contributing new vulnerabilities or weaknesses to enhance the application's scope, all contributions are valuable!

๐Ÿ“„ License

This project is licensed under the MIT License. See the LICENSE file for details.

About

ThreatByte is a vulnerable Python (Flask) web application designed to demonstrate some Web Application and API Security risks.

Topics

training sqlite flask-application goat vulnerable-web-app vulnerable-api

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages