{"id":13428224,"url":"https://github.com/OWASP/crAPI","last_synced_at":"2025-03-16T01:32:14.180Z","repository":{"id":37035812,"uuid":"335756350","full_name":"OWASP/crAPI","owner":"OWASP","description":"completely ridiculous API (crAPI)","archived":false,"fork":false,"pushed_at":"2024-05-21T09:40:38.000Z","size":4329,"stargazers_count":985,"open_issues_count":47,"forks_count":303,"subscribers_count":21,"default_branch":"develop","last_synced_at":"2024-05-21T15:25:10.723Z","etag":null,"topics":["api","apisecurity","hacktoberfest","owasp"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OWASP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":".github/code_of_conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-03T21:11:44.000Z","updated_at":"2024-05-28T08:28:27.489Z","dependencies_parsed_at":"2023-02-10T17:30:56.684Z","dependency_job_id":"83ea584b-b431-4919-91a1-6e7678b3d700","html_url":"https://github.com/OWASP/crAPI","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FcrAPI","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FcrAPI/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FcrAPI/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FcrAPI/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OWASP","download_url":"https://codeload.github.com/OWASP/crAPI/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221631882,"owners_count":16855020,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","apisecurity","hacktoberfest","owasp"],"created_at":"2024-07-31T01:00:49.664Z","updated_at":"2025-03-16T01:32:14.174Z","avatar_url":"https://github.com/OWASP.png","language":"Java","readme":"# crAPI\n\n**c**ompletely **r**idiculous **API** (crAPI) will help you to understand the\nten most critical API security risks. crAPI is vulnerable by design, but you'll\nbe able to safely run it to educate/train yourself.\n\ncrAPI is modern, built on top of a microservices architecture. When time has\ncome to buy your first car, sign up for an account and start your journey. To\nknow more about crAPI, please check [crAPI's overview][overview].\n\n## QuickStart Guide\n\n### Docker and docker compose\n\nYou'll need to have Docker and docker compose installed and running on your host system. Also, the version of docker compose should be `1.27.0` or above. Check your docker compose version using:\n```\ndocker compose version\n```\n\n**Upgrade your docker compose version if you get errors like**\n\n```ERROR: Invalid interpolation format for ...```\n\n#### Using prebuilt images\nYou can use prebuilt images generated by our CI workflow by downloading the docker compose and **.env** files.\n\n - To use the latest stable version.\n\n      - Linux Machine\n\n      ```\n      curl -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip\n      \n      unzip /tmp/crapi.zip\n      \n      cd crAPI-main/deploy/docker\n\n      docker compose pull\n\n      docker compose -f docker-compose.yml --compatibility up -d\n      ```\n      \n      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.\n\n      For example to expose the system to all network interfaces.\n\n      ```\n      LISTEN_IP=\"0.0.0.0\" docker compose -f docker-compose.yml --compatibility up -d\n      ```\n\n      - Windows Machine\n\n      ```\n      curl.exe -o crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip\n\n      tar -xf .\\crapi.zip\n     \n      cd crAPI-main/deploy/docker\n\n      docker compose pull\n\n      docker compose -f docker-compose.yml --compatibility up -d\n      ```\n     \n      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.\n\n      For example to expose the system to all network interfaces.\n\n      ```\n      LISTEN_IP=\"0.0.0.0\" docker compose -f docker-compose.yml --compatibility up -d\n      ```\n\n  - To use the latest development version\n\n      - Linux Machine\n\n      ```\n      curl -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip\n      \n      unzip /tmp/crapi.zip\n      \n      cd crAPI-develop/deploy/docker\n\n      docker compose pull\n\n      docker compose -f docker-compose.yml --compatibility up -d\n      ```\n      \n      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.\n\n      For example to expose the system to all network interfaces.\n\n      ```\n      LISTEN_IP=\"0.0.0.0\" docker compose -f docker-compose.yml --compatibility up -d\n      ```\n\n      - Windows Machine\n\n      ```\n      curl.exe -o crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip\n\n      tar -xf .\\crapi.zip\n     \n      cd crAPI-develop/deploy/docker\n\n      docker compose pull\n\n      docker compose -f docker-compose.yml --compatibility up -d\n      ```\n     \n      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.\n\n      For example to expose the system to all network interfaces.\n\n      ```\n      LISTEN_IP=\"0.0.0.0\" docker compose -f docker-compose.yml --compatibility up -d\n      ```\n\n\nVisit [http://localhost:8888](http://localhost:8888)\n\n**Note**: All emails are sent to mailhog service by default and can be checked on\n[http://localhost:8025](http://localhost:8025)\nYou can change the smtp configuration if required however all emails with domain **example.com** will still go to mailhog.\n\n### Vagrant\n\nThis option allows you to run crAPI within a virtual machine, thus isolated from\nyour system. You'll need to have [Vagrant] and, for example [VirtualBox]\ninstalled.\n\n1. Clone crAPI repository\n   ```\n   $ git clone [REPOSITORY-URL]\n   ```\n2. Start crAPI Virtual Machine\n   ```\n   $ cd deploy/vagrant \u0026\u0026 vagrant up\n   ```\n3. Visit [http://192.168.33.20](http://192.168.33.20)\n\n**Note**: All emails are sent to mailhog service and can be checked on\n[http://192.168.33.20:8025](http://192.168.33.20:8025)\n\nOnce you're done playing with crAPI, you can remove it completely from your\nsystem running the following command from the repository root directory\n\n```\n$ cd deploy/vagrant \u0026\u0026 vagrant destroy\n```\n\nFor more deployment options visit [the setup instructions](docs/setup.md) for more details.\n---\n\nTo know more about challenges in crAPI. Visit [challenges]\n----\n\n[challenges]: docs/challenges.md\n[overview]: docs/overview.md\n[setup-k8s]: docs/setup.md#kubernetes-minikube\n[vagrant]: https://www.vagrantup.com/downloads\n[virtualbox]: https://www.virtualbox.org/wiki/Downloads\n\n## Troubleshooting guide for general issues while installing and running crAPI\nIf you need any help with installing and running crAPI you can check out this guide: [Troubleshooting guide crAPI](https://github.com/OWASP/crAPI/blob/main/docs/troubleshooting.md). If this doesn't solve your problem, please create an issue in Github Issues.\n","funding_links":[],"categories":["🔐 Vulnerable APIs","Java","Deliberately vulnerable APIs","其他_安全与渗透","API"],"sub_categories":["网络服务_其他"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOWASP%2FcrAPI","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FOWASP%2FcrAPI","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOWASP%2FcrAPI/lists"}