Skip to content
forked from VitthalS/ivna

Intentionally Vulnerable Nodejs Application & APIs

License

Notifications You must be signed in to change notification settings

MitzyMeow/ivna-sts

 
 

Repository files navigation

ivna

Intentionally Vulnerable Nodejs Application & APIs

Vulnerable Task Manager Application & APIs build using Nodejs,mongoose.

Background

While learning Nodejs I build this task-manager which I then converted to vulnerable CTF like application.

ivna is a real world like application which has known vulnerabilities in the web and APIs which are not distinguised like other vulnerable application, The idea here is to teach how to attack and find out flaws in real-world applications.

Made with Love in India

alt text

The application contains following vulnerabilities

  • XSS
  • Command Injection
  • URL Redirection
  • API Legacy Version Deprecation
  • BOLA (IDOR)
  • Common JWT Secret
  • Excessive Data exposure
  • Broken User Authentication
  • Exposed Database
  • Mass Assignment
  • ReDos
  • NoSQL Injection

ToDo

  • OpenAPI support
  • Documentation on vulnerabilities
  • Postman collection on APIs
  • More vulnerabilities.

Install

git clone https://github.com/VitthalS/ivna.git
cd ivna
docker-compose build && docker-compose up

Run

Open URL in browser http://localhost:8000

Contributing

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request.

Dont Like UI

  1. Fork it!
  2. Commit your changes
  3. Submit a pull request, I am happy to merge.

Support

  1. "Buy Me A Coffee"
  2. Appreciate on LinkedIn
  3. Share on Twitter
  4. Share with your friends who are starting out in cybersecurity and want to learn Web & API testing.

Presented at

  1. APIsecure alt text

About

Intentionally Vulnerable Nodejs Application & APIs

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 42.8%
  • CSS 32.0%
  • Handlebars 13.5%
  • HTML 11.5%
  • Dockerfile 0.2%