Skip to content

go-benchmark1/go-dvwa

BranchesTags

Repository files navigation

Sqreen's Go Damn Vulnerable Web App

This Go web server is a vulnerable application demonstration, protected by Sqreen.

It currently includes the following vulnerabilities:

  • SQL injection: /products accepts a URL-query parameter category that is injected into the SQL query (eg. /products?category=all%27%20UNION%20SELECT%20*%20FROM%20user%27) .
  • Shell injection
  • NoSQL injection
  • Server-Side Request Forgery

The web app comes with Sqreen for Go which can be enabled by running a valid Sqreen configuration that can be obtained at https://my.sqreen.com/. Once enabled, the agent should protect the application according to the application security configuration you enabled.

Quick Start

The pre-compiled go-dvwa docker image can be used to simply run the web application. The HTTP server listens the TCP address 0.0.0.0:8080 so you can expose it with docker:

$ docker run -it -p 8080:8080 go-dvwa

The vulnerable web app starts regardless of Sqreen's agent. It will start when having a valid configuration with Sqreen credentials you can get at https://my.sqree.com/. You can pass them using container's environment variables:

$ docker run -it -p 8080:8080 -e SQREEN_TOKEN=<token> -e SQREEN_APP_NAME="Go DVWA" go-dvwa

The web app vulnerabilities should be now blocked by Sqreen :-)

Sqreen for Go

Compile from sources

With docker builder

The simplest way to build this repository is by using the latest docker builder which can take a git repository source. Simply run the following command to build the latest go-dvwa docker image of this repository:

$ docker builder build github.com/sqreen/go-dvwa.git

Once built, you can simply run the image and pass the Sqreen configuration to the container via environment variables:

$ docker run -e SQREEN_TOKEN=<token> -e SQREEN_APP_NAME="Go DVWA" -p 8080:8080 go-dvwa

The Go web application is now running and you can access it at https://127.0.0.1:8080/.

From sources

Clone the repository and use the Makefile:

$ make

Once compiled, you can execute the binary file dvwa. Sqreen's agent configuration can then be passed by file or environment variable.

$ ./dvwa

The Go web application is now running and you can access it at https://127.0.0.1:8080/.

Note that the docker image can be also built using the Makefile:

$ make image

Cf. the previous docker image instructions to read how to start the container.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages