ivna
Intentionally Vulnerable Nodejs Application & APIs
Vulnerable Task Manager Application & APIs build using Nodejs,mongoose.
Background
While learning Nodejs I build this task-manager which I then converted to vulnerable CTF like application.
ivna is a real world like application which has known vulnerabilities in the web and APIs which are not distinguised like other vulnerable application, The idea here is to teach how to attack and find out flaws in real-world applications.
The application contains following vulnerabilities
- XSS
- Command Injection
- URL Redirection
- API Legacy Version Deprecation
- BOLA (IDOR)
- Common JWT Secret
- Excessive Data exposure
- Broken User Authentication
- Exposed Database
- Mass Assignment
- ReDos
- NoSQL Injection
ToDo
- OpenAPI support
- Documentation on vulnerabilities
- Postman collection on APIs
- More vulnerabilities.
Install
git clone https://github.com/VitthalS/ivna.git
cd ivna
docker-compose build && docker-compose up
Run
Open URL in browser http://localhost:8000
Contributing
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request.
Dont Like UI
- Fork it!
- Commit your changes
- Submit a pull request, I am happy to merge.
Support
- Appreciate on LinkedIn
- Share on Twitter
- Share with your friends who are starting out in cybersecurity and want to learn Web & API testing.