{"id":13725168,"url":"https://github.com/Contrast-Security-OSS/DjanGoat","last_synced_at":"2025-05-07T19:33:01.424Z","repository":{"id":46278245,"uuid":"91704336","full_name":"Contrast-Security-OSS/DjanGoat","owner":"Contrast-Security-OSS","description":"Python and Django implementation of the OWASP RailsGoat project","archived":false,"fork":false,"pushed_at":"2024-07-19T17:44:56.000Z","size":7002,"stargazers_count":71,"open_issues_count":14,"forks_count":62,"subscribers_count":33,"default_branch":"master","last_synced_at":"2024-11-13T01:03:37.848Z","etag":null,"topics":["django-application","owasp-top-ten"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Contrast-Security-OSS.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-05-18T14:39:00.000Z","updated_at":"2024-10-06T06:49:38.000Z","dependencies_parsed_at":"2024-09-23T12:00:34.834Z","dependency_job_id":"26d95f4b-f42c-4b72-96d3-219f43bb7610","html_url":"https://github.com/Contrast-Security-OSS/DjanGoat","commit_stats":{"total_commits":636,"total_committers":20,"mean_commits":31.8,"dds":0.6933962264150944,"last_synced_commit":"72beb30afe3ddd5b31ce74a5d3b9da61d2c5df1d"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2FDjanGoat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2FDjanGoat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2FDjanGoat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2FDjanGoat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Contrast-Security-OSS","download_url":"https://codeload.github.com/Contrast-Security-OSS/DjanGoat/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224645231,"owners_count":17346102,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["django-application","owasp-top-ten"],"created_at":"2024-08-03T01:02:14.885Z","updated_at":"2024-11-14T15:30:48.609Z","avatar_url":"https://github.com/Contrast-Security-OSS.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"[![Codacy Badge](https://api.codacy.com/project/badge/Grade/68d040c745134192b362def6a0e45899)](https://app.codacy.com/app/SteveFeldman/DjanGoat?utm_source=github.com\u0026utm_medium=referral\u0026utm_content=Contrast-Security-OSS/DjanGoat\u0026utm_campaign=Badge_Grade_Settings)\n[![Build Status](https://travis-ci.org/Contrast-Security-OSS/DjanGoat.svg?branch=master)](https://travis-ci.org/Contrast-Security-OSS/DjanGoat)\n[![Codacy Badge](https://api.codacy.com/project/badge/Coverage/b21dc2f22dd945a09d7d34a0cdaa5c4d)](https://www.codacy.com/app/SteveFeldman/DjanGoat?utm_source=github.com\u0026utm_medium=referral\u0026utm_content=Contrast-Security-OSS/DjanGoat\u0026utm_campaign=Badge_Coverage)\n[![CodeFactor](https://www.codefactor.io/repository/github/contrast-security-oss/djangoat/badge)](https://www.codefactor.io/repository/github/contrast-security-oss/djangoat)\n[![Total alerts](https://img.shields.io/lgtm/alerts/g/Contrast-Security-OSS/DjanGoat.svg?logo=lgtm\u0026logoWidth=18)](https://lgtm.com/projects/g/Contrast-Security-OSS/DjanGoat/alerts/)\n\u003ca href=\"https://codeclimate.com/github/Contrast-Security-OSS/DjanGoat/maintainability\"\u003e\u003cimg src=\"https://api.codeclimate.com/v1/badges/12031df53865b695f317/maintainability\" /\u003e\u003c/a\u003e\n\u003ca href=\"https://codeclimate.com/github/Contrast-Security-OSS/DjanGoat/test_coverage\"\u003e\u003cimg src=\"https://api.codeclimate.com/v1/badges/12031df53865b695f317/test_coverage\" /\u003e\u003c/a\u003e\n[![codebeat badge](https://codebeat.co/badges/cced60a6-7204-44a6-94df-68ae676b719d)](https://codebeat.co/projects/github-com-contrast-security-oss-djangoat-master)\n[![DeepSource](https://static.deepsource.io/deepsource-badge-light-mini.svg)](https://deepsource.io/gh/Contrast-Security-OSS/DjanGoat/?ref=repository-badge)\n\n# DjanGoat\n\nDjanGoat is a vulnerable Django Application based in large part off the [RailsGoat](https://github.com/OWASP/railsgoat) project. The application purports to be an internal employee portal for MetaCorp, Inc but includes vulnerabilities from the [OWASP Top 10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) and is intended to be used as an educational tool for developers and security professionals. Any maintainers are welcome to make pull requests.\n\n## Installation\n\nOn a mac, first install python.\n\n### Initial Setup\n\nRequirements:\n\n - Python 2.7\n - Pip\n - mysql (optional)\n\nBegin by creating a virtual-env\n```\n    pip install virtualenv\n    virtualenv env\n    source env/bin/activate\n```\n\nThen install using pip\n```\n    make install\n```\n\n### DB-Setup\n\n#### SQLite\n   \nDjangoat uses a SQLite database by default. To deploy the server locally with a SQLite database, use:\n```\n    make run\n```\n\nThis will initialize and migrate a new (gitignored) SQLite database `db.sqlite3` in the root project directory. It will then run the server locally.\n\nAt any point after the database has been migrated, it can be seeded with `python manage.py seed`.\n\n#### MySQL\n\n1. Make sure you have mysql installed and run the following to\nsetup the database\n\n```\n    mysql -u root -p\n    CREATE DATABASE `db_name`;\n    CREATE USER 'username'@'localhost' IDENTIFIED BY 'your_password';\n    GRANT ALL PRIVILEGES ON `db_name`.* TO 'username'@'localhost';\n    FLUSH PRIVILEGES;\n    quit\n```\n\n2. Go to pygoat/production_settings.py and fill out the given information for your database.\n\n3. Migrate the models and associated database data\n\n```\n    python manage.py makemigrations\n    python manage.py migrate\n```\n\n4. To set up seed data you can run:\n\n```\n    python manage.py seed\n```\n\nFor developers create a local_settings.py file in the pygoat folder\nthat mocks production_setting.py.\n\nIf Django does not recognize MySQL after the setup above, try installing mysql-python and migrate again\n\n```\n    pip install mysql-python\n```\n\nFinally run on localhost:8000\n```\n    python manage.py runserver\n```\n\n#### PostgreSQL\n\nIf you want to setup DjanGoat with a PostgreSQL database, checkout the PostgreSQL branch with the following command:\n```\n    $ git checkout postgresql-database\n```\nThe PostgreSQL branch has modified documentation and tests.\n\n### Testing\nTo run tests, simply run:\n```\n    make test\n```\n\n\n### Linting\n\nTo run `pylint` using the provided `.pylintrc` configuration file:\n```\n    make lint\n```\n\n## Tutorial\nTutorial information on the various vulnerabilities in this application are [here](docs/home.md).\n\n## Acknowledgements\nThe development [team](docs/acknowledgements.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FContrast-Security-OSS%2FDjanGoat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FContrast-Security-OSS%2FDjanGoat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FContrast-Security-OSS%2FDjanGoat/lists"}