{"id":13428240,"url":"https://github.com/appsecco/dvna","last_synced_at":"2025-03-16T01:32:18.525Z","repository":{"id":37550312,"uuid":"110521300","full_name":"appsecco/dvna","owner":"appsecco","description":"Damn Vulnerable NodeJS Application","archived":false,"fork":false,"pushed_at":"2023-12-13T13:21:14.000Z","size":3255,"stargazers_count":652,"open_issues_count":11,"forks_count":647,"subscribers_count":26,"default_branch":"master","last_synced_at":"2024-02-14T03:31:27.892Z","etag":null,"topics":["dvna","hack","nodejs","owasp","owasp-top-10","security","testing","vulnerable","vulnerable-apps"],"latest_commit_sha":null,"homepage":null,"language":"SCSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/appsecco.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-11-13T08:33:09.000Z","updated_at":"2024-02-10T08:18:00.000Z","dependencies_parsed_at":"2024-01-13T11:12:49.746Z","dependency_job_id":"a7d75bb9-3918-4491-947e-39f8bcaab628","html_url":"https://github.com/appsecco/dvna","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appsecco%2Fdvna","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appsecco%2Fdvna/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appsecco%2Fdvna/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appsecco%2Fdvna/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/appsecco","download_url":"https://codeload.github.com/appsecco/dvna/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221631897,"owners_count":16855020,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dvna","hack","nodejs","owasp","owasp-top-10","security","testing","vulnerable","vulnerable-apps"],"created_at":"2024-07-31T01:00:50.196Z","updated_at":"2024-10-27T05:30:52.087Z","avatar_url":"https://github.com/appsecco.png","language":"SCSS","readme":"# Damn Vulnerable NodeJS Application (DVNA)\n\n![dvna-logo](docs/resources/dvna.png)\n\nDamn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate [**OWASP Top 10 Vulnerabilities**](https://www.owasp.org/index.php/Top_10-2017_Top_10) and guide on fixing and avoiding these vulnerabilities. The [fixes](https://github.com/appsecco/dvna/tree/fixes) branch will contain fixes for the vulnerabilities. Fixes for vulnerabilities OWASssP Top 10 2017 vulnerabilities at [fixes-2017](https://github.com/appsecco/dvna/tree/fixes-2017) branch.\n\nThe application is powered by commonly used libraries such as [express](https://www.npmjs.com/package/express), [passport](https://www.npmjs.com/package/passport), [sequelize](https://www.npmjs.com/package/sequelize), etc.\n\n## Developer Security Guide book\n\nThe application comes with a **developer friendly comprehensive guidebook** which can be used to learn, avoid and fix the vulnerabilities. The guide is available at [docs](/docs) and covers the following\n\n1. Instructions for setting up DVNA\n2. Instructions on exploiting the vulnerabilities\n3. Vulnerable code snippets and instructions on fixing vulnerabilities\n4. Recommendations for avoid such vulnerabilities\n5. References for learning more\n\nThe blog post for this release is at [https://blog.appsecco.com/damn-vulnerable-nodejs-application-dvna-by-appsecco-7d782d36dc1e](https://blog.appsecco.com/damn-vulnerable-nodejs-application-dvna-by-appsecco-7d782d36dc1e)\n\nYou can setup a local gitbook server to access the documentation using the following commands. The documentation will then be accessible on [http://localhost:4000](http://localhost:4000).\n\n```bash\ncd docs/\ndocker run --rm -v `pwd`:/gitbook -p 4000:4000 --name gitbook amontaigu/gitbook gitbook serve\n```\n\n## Quick start\n\nTry DVNA using a single command with Docker. This setup uses an SQLite database instead of MySQL.\n\n```bash\ndocker run --name dvna -p 9090:9090 -d appsecco/dvna:sqlite\n```\n\nAccess the application at [http://127.0.0.1:9090/](http://127.0.0.1:9090/)\n\n## Getting Started\n\nDVNA can be deployed in three ways\n\n1. For Developers, using docker-compose with auto-reload on code updates\n2. For Security Testers, using the Official image from Docker Hub\n3. For Advanced Users, using a fully manual setup\n\nDetailed instructions on setup and requirements are given in the Guide Gitbook\n\n### 1. Development Setup\n\nClone this repository\n\n```bash\ngit clone https://github.com/appsecco/dvna; cd dvna\n```\n\nCreate a `vars.env` with the desired database configuration\n\n```bash\nMYSQL_USER=dvna\nMYSQL_DATABASE=dvna\nMYSQL_PASSWORD=passw0rd\nMYSQL_RANDOM_ROOT_PASSWORD=yes\n```\n\nStart the application and database using `docker-compose`\n\n```bash\ndocker-compose up\n```\n\nAccess the application at [http://127.0.0.1:9090/](http://127.0.0.1:9090/)\n\nThe application will automatically reload on code changes, so feel free to patch and play around with the application.\n\n### Using Official Docker Image\n\nCreate a file named `vars.env` with the following configuration\n\n```bash\nMYSQL_USER=dvna\nMYSQL_DATABASE=dvna\nMYSQL_PASSWORD=passw0rd\nMYSQL_RANDOM_ROOT_PASSWORD=yes\nMYSQL_HOST=mysql-db\nMYSQL_PORT=3306\n```\n\nStart a MySQL container\n\n```bash\ndocker run --rm --name dvna-mysql --env-file vars.env -d mysql:5.7\n```\n\nStart the application using the official image\n\n```bash\ndocker run --rm --name dvna-app --env-file vars.env --link dvna-mysql:mysql-db -p 9090:9090 appsecco/dvna\n```\n\nAccess the application at http://127.0.0.1:9090/ and start testing!\n\n### Manual Setup\n\nClone the repository\n\n```bash\ngit clone https://github.com/appsecco/dvna; cd dvna\n```\n\nConfigure the environment variables with your database information\n\n```bash\nexport MYSQL_USER=dvna\nexport MYSQL_DATABASE=dvna\nexport MYSQL_PASSWORD=passw0rd\nexport MYSQL_HOST=127.0.0.1\nexport MYSQL_PORT=3306\n```\n\nInstall Dependencies\n\n```bash\nnpm install\n```\n\nStart the application\n\n```bash\nnpm start\n```\n\nAccess the application at [http://localhost:9090](http://localhost:9090)\n\n## TODO\n\n- [ ] Link commits to fixes in documentation\n- [x] Add new vulnerabilities from OWASP Top 10 2017\n- [x] Improve application features, documentation\n\n## Contributing\n\nIn case of bugs in the application, please create an issue on github. Pull requests are highly welcome!\n\n## Thanks\n\n[Abhisek Datta - abhisek](https://github.com/abhisek) for application architecture and front-end code\n\n## License\n\nMIT\n","funding_links":[],"categories":["Vulnerable Web Applications","\u003ca id=\"761a373e2ec1c58c9cd205cd7a03e8a8\"\u003e\u003c/a\u003e靶机\u0026\u0026漏洞环境\u0026\u0026漏洞App","Technologies","Extra","CSS","CSS (66)","🔐 Vulnerable APIs","NodeJS","Vulnerable Web apps:","SCSS","Downloadable Applications","Secure Programming"],"sub_categories":["\u003ca id=\"a6a2bb02c730fc1e1f88129d4c2b3d2e\"\u003e\u003c/a\u003eWebApp","Node.js","Vulnerable apps","Node","Web Training"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappsecco%2Fdvna","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fappsecco%2Fdvna","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappsecco%2Fdvna/lists"}