vulnerable APIs

Overview

vulnerable-apis

vulnerable APIs inspired by https://github.com/mattvaldes/vulnerable-api

Setup

Docker

If, Out of the box

docker pull kmmanoj/vulnerable-apis (may be outdated with respect to the current state of the repo)

Else, Build the application as docker image (preferred)

docker build -t kmmanoj/vulnerable-apis .

Finally, Run the application as docker container

docker run --name vuln-api-instance --rm -it -p 5000:5000 kmmanoj/vulnerable-apis

Traditional way

Create a python virtual environment: virtualenv venv

Activate the virtual environment: source ./venv/bin/activate

Install the dependencies: pip install -r src/requirements.txt

Start the application with specific environment variables: TRANSIENT_DB=true python src/main.py

Fork the collection and the environment in Postman

Open Postman (desktop agent preferrably)

Fork the collection and environment to your own workspace by clicking the Run in Postman button below.

Run in Postman

Or separately, fork the collection to a workspace of your choice.

Forking the collection

And fork the environment to the same workspace where you forked the above collection.

Forking the environment

Set the initial value and current value of the host variable to http://localhost:5000

Go back to the collections and start hacking!

Using util (if using the docker setup)

Login to the container

docker exec -it vuln-api-instance /bin/bash

Navigate to /util to use the JWT token break(or)make tool.

cd /util

Usage of JWT Token break(or)make

Usage:
	python3 brute_force_jwt_token.py make - to create a token using a leaked secret
	python3 brute_force_jwt_token.py break - to find the secret used by JWT token

NOTE: For non-containerized deployments, find the util directory in the repository itself. The required dependencies are already installed in the virtual environment.

Performance

example

$ ab -n 5000 -c 100 -T 'application/json' -p login.json http://127.0.0.1:5000/user/login
This is ApacheBench, Version 2.3 <$Revision: 1879490 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 127.0.0.1 (be patient)
Completed 500 requests
Completed 1000 requests
Completed 1500 requests
Completed 2000 requests
Completed 2500 requests
Completed 3000 requests
Completed 3500 requests
Completed 4000 requests
Completed 4500 requests
Completed 5000 requests
Finished 5000 requests


Server Software:        Werkzeug/2.0.1
Server Hostname:        127.0.0.1
Server Port:            5000

Document Path:          /user/login
Document Length:        68 bytes

Concurrency Level:      100
Time taken for tests:   31.257 seconds
Complete requests:      5000
Failed requests:        0
Non-2xx responses:      5000
Total transferred:      1100000 bytes
Total body sent:        890000
HTML transferred:       340000 bytes
Requests per second:    159.96 [#/sec] (mean)
Time per request:       625.137 [ms] (mean)
Time per request:       6.251 [ms] (mean, across all concurrent requests)
Transfer rate:          34.37 [Kbytes/sec] received
                        27.81 kb/s sent
                        62.17 kb/s total

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.7      0       6
Processing:    11  620  88.7    628     905
Waiting:        6  614  88.0    623     893
Total:         11  620  88.4    628     905

Percentage of the requests served within a certain time (ms)
  50%    628
  66%    660
  75%    677
  80%    686
  90%    711
  95%    740
  98%    838
  99%    854
 100%    905 (longest request)
Yet another web fuzzer

yafuzz Yet another web fuzzer Usage This script can run in two modes of operation. Supplying a wordlist -W argument will initiate a multithreaded fuzz

FooBallZ 5 Feb 02, 2022
Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Frank 3 Feb 07, 2022
Colin O'Flynn's Hacakday talk at Remoticon 2021 support repo.

Hardware Hacking Resources This repo holds some of the examples used in Colin's Hardware Hacking talk at Remoticon 2021. You can see the very sketchy

Colin O'Flynn 19 Sep 12, 2022
Aiminsun 165 Dec 21, 2022
Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use

Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use. Will try to add atleast 10 more tools currently use 7 sources to gather domains.

Harinder Singh 7 Jan 03, 2022
Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

👑 Recon 👑 The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my ow

Dirso 171 Dec 31, 2022
CVE-2021-22205& GitLab CE/EE RCE

Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files tha

Al1ex 213 Dec 30, 2022
Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.

Log4jScanner Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains. Disc

Pushpender Singh 35 Dec 12, 2022
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an

Ayoub 861 Feb 18, 2021
MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions

MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions (pdf, doc, docx, etc), and downloads them.

Joe Helle 150 Jan 03, 2023
Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Fuzz introspector Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potenti

Open Source Security Foundation (OpenSSF) 221 Jan 01, 2023
A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

11 Nov 15, 2022
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

MurMurHash This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. What is MurMurHash? Murm

Viral Maniar 87 Dec 31, 2022
Scans all drives for log4j jar files and gets their version from the manifest

log4shell_scanner Scans all drives for log4j jar files and gets their version from the manifest. Windows and Windows Server only.

Zdeněk Loučka 1 Dec 29, 2021
Spring4Shell - Spring Core RCE - CVE-2022-22965

Spring Core RCE - CVE-2022-22965 After Spring Cloud, on March 29, another heavyweight vulnerability of Spring broke out on the Internet: Spring Core R

Malte Gejr 118 Dec 31, 2022
A kAFL based hypervisor fuzzer which fully supports nested VMs

hAFL2 hAFL2 is a kAFL-based hypervisor fuzzer. It is the first open-source fuzzer which is able to target hypervisors natively (including Hyper-V), as

SafeBreach Labs 115 Dec 07, 2022
xkeysnail is yet another keyboard remapping tool for X environment written in Python

xkeysnail is yet another keyboard remapping tool for X environment written in Python. It's like xmodmap but allows more flexible remappings.

Masafumi Oyamada 809 Dec 26, 2022
Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Log4Shell RCE Exploit fully independent exploit does not require any 3rd party binaries. The exploit spraying the payload to all possible logged HTTP

258 Jan 02, 2023
Cisco RV110w UPnP stack overflow

Cisco RV110W UPnP 0day 分析 前言 最近UPnP比较火,恰好手里有一台Cisco RV110W,在2021年8月份思科官方公布了一个Cisco RV系列关于UPnP的0day,但是具体的细节并没有公布出来。于是想要用手中的设备调试挖掘一下这个漏洞,漏洞的公告可以在官网看到。 准

badmonkey 25 Nov 09, 2022