http4k-webgoat

http4k-webgoat is a deliberately-vulnerable application written with the http4k web framework.

Run locally

Install Gradle, generate a Gradle Wrapper, then use the run task of the project to serve HTTP:

gradle wrapper --gradle-version 7.4.2
./gradlew run

then:

curl -v http://localhost:8080/ping

Vulnerabilities

The project contains the following vulnerabilities:

Remote Code Execution
Directory Traversal
SQL Injection
Open Redirect
Sensitive Data Leak
XSS

$ grep vulnerability . -R -n | grep -v README
./src/main/kotlin/com/example/HelloWorld.kt:50:                // vulnerability: Sensitive Data Leak
./src/main/kotlin/com/example/HelloWorld.kt:41:              // vulnerability: Remote Code Execution
./src/main/kotlin/com/example/HelloWorld.kt:60:            // vulnerability: Directory Traversal
./src/main/kotlin/com/example/HelloWorld.kt:69:                // vulnerability: SQL Injection
./src/main/kotlin/com/example/HelloWorld.kt:79:            // vulnerability: Open Redirect
./src/main/kotlin/com/example/HelloWorld.kt:113:                    // vulnerability: XSS
./build.gradle:49:         // vulnerability: Hardcoded Credentials

Name		Name	Last commit message	Last commit date
Latest commit History 36 Commits
.github/workflows		.github/workflows
gradle/wrapper		gradle/wrapper
src		src
README.md		README.md
build.gradle		build.gradle
gradle.properties		gradle.properties
settings.gradle		settings.gradle

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

http4k-webgoat

Run locally

Vulnerabilities

About

Releases

Packages

Languages

joedean-org/http4k-webgoat

Folders and files

Latest commit

History

Repository files navigation

http4k-webgoat

Run locally

Vulnerabilities

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages