{"id":13841275,"url":"https://github.com/ScaleSec/vulnado","last_synced_at":"2025-07-11T12:30:56.434Z","repository":{"id":38304604,"uuid":"170768255","full_name":"ScaleSec/vulnado","owner":"ScaleSec","description":"Purposely vulnerable Java application to help lead secure coding workshops","archived":false,"fork":false,"pushed_at":"2024-06-24T16:50:55.000Z","size":784,"stargazers_count":162,"open_issues_count":11,"forks_count":641,"subscribers_count":18,"default_branch":"master","last_synced_at":"2024-08-05T17:27:06.041Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ScaleSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-02-14T22:42:29.000Z","updated_at":"2024-07-27T21:58:44.000Z","dependencies_parsed_at":"2024-01-23T12:58:50.468Z","dependency_job_id":null,"html_url":"https://github.com/ScaleSec/vulnado","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ScaleSec%2Fvulnado","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ScaleSec%2Fvulnado/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ScaleSec%2Fvulnado/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ScaleSec%2Fvulnado/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ScaleSec","download_url":"https://codeload.github.com/ScaleSec/vulnado/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225720398,"owners_count":17513596,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:01:07.473Z","updated_at":"2024-11-21T11:30:30.558Z","avatar_url":"https://github.com/ScaleSec.png","language":"Java","funding_links":[],"categories":["Java","Java (504)"],"sub_categories":[],"readme":"# Vulnado - Intentionally Vulnerable Java Application\n\nThis application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them.\n\n## Up and running\n\n1. Install Docker for [MacOS](https://hub.docker.com/editions/community/docker-ce-desktop-mac) or [Windows](https://hub.docker.com/editions/community/docker-ce-desktop-windows). You'll need to create a Docker account if you don't already have one.\n2. `git clone git://github.com/ScaleSec/vulnado`\n3. `cd vulnado`\n4. `docker-compose up`\n5. Open a browser and navigate to the client to make sure it's working: [http://localhost:1337](http://localhost:1337)\n6. Then back in your terminal verify you have connection to your API server: `nc -vz localhost 8080`\n\n## Architecture\n\nThe docker network created by `docker-compose` maps pretty well to a multi-tier architecture where a web server is publicly available and there are other network resources like a database and internal site that are not publicly available.\n\n![](exercises/assets/arch.png)\n\n## Exercises\n\n* [SQL Injection](exercises/01-sql-injection.md)\n* [XSS - Cross Site Scripting](exercises/02-xss.md)\n* [SSRF - Server Side Request Forgery](exercises/03-ssrf.md)\n* [RCE - Remote Code Execution \u0026 Reverse Shell](exercises/04-rce-reverse-shell.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FScaleSec%2Fvulnado","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FScaleSec%2Fvulnado","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FScaleSec%2Fvulnado/lists"}