Intentionally Vulnerable Nodejs Application & APIs
Vulnerable Task Manager Application & APIs build using Nodejs,mongoose.
While learning Nodejs I build this task-manager which I then converted to vulnerable CTF like application.
ivna is a real world like application which has known vulnerabilities in the web and APIs which are not distinguised like other vulnerable application, The idea here is to teach how to attack and find out flaws in real-world applications.
The application contains following vulnerabilities
- XSS
- Command Injection
- URL Redirection
- API Legacy Version Deprecation
- BOLA (IDOR)
- Common JWT Secret
- Excessive Data exposure
- Broken User Authentication
- Exposed Database
- Mass Assignment
- ReDos
- NoSQL Injection
- OpenAPI support
- Documentation on vulnerabilities
- Postman collection on APIs
- More vulnerabilities.
git clone https://github.com/VitthalS/ivna.git
cd ivna
docker-compose build && docker-compose up
Open URL in browser http://localhost:8000
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request.
- Fork it!
- Commit your changes
- Submit a pull request, I am happy to merge.