Damn Small Vulnerable Web (DSVW) 是使用 python 来模仿 Web 应用漏洞的 Web 程序,py 代码只在 100 以内。
这个项目以教育为目的, 它支持大多数(最受欢迎的)Web应用程序漏洞以及适当的攻击。
-
Python (2.6.x 或 2.7.x)。
-
依赖
python-lxml(e.g.apt-get install python-lxml)。
git clone git@github.com:stamparm/DSVW.git运行下面命令启动:
$ python dsvw.py
Damn Small Vulnerable Web (DSVW) < 100 LoC (Lines of Code) #v0.1k
by: Miroslav Stampar (@stamparm)
[i] running HTTP server at '127.0.0.1:65412'...
浏览器访问 http://127.0.0.1:65412 即可。
- Blind SQL Injection (boolean)
- Blind SQL Injection (time)
- UNION SQL Injection
- Login Bypass
- HTTP Parameter Pollution
- Cross Site Scripting (reflected)
- Cross Site Scripting (stored)
- Cross Site Scripting (DOM)
- Cross Site Scripting (JSONP)
- XML External Entity (local)
- XML External Entity (remote)
- Server Side Request Forgery
- Blind XPath Injection (boolean)
- Cross Site Request Forgery
- Frame Injection (phishing)
- Frame Injection (content spoofing)
- Clickjacking - -|exploit|info
- Unvalidated Redirect
- Arbitrary Code Execution
- Full Path Disclosure
- Source Code Disclosure
- Path Traversal
- File Inclusion (remote)
- HTTP Header Injection (phishing)
- Component with Known Vulnerability (pickle)
- Denial of Service (memory)