{"id":22394835,"url":"https://github.com/blakley/secureweb","last_synced_at":"2026-04-28T11:35:57.611Z","repository":{"id":194154763,"uuid":"690201516","full_name":"Blakley/SecureWeb","owner":"Blakley","description":"A project dedicated to showcasing web-app security attacks and the corresponding measures to safeguard against those attacks","archived":false,"fork":false,"pushed_at":"2024-05-21T10:43:45.000Z","size":11857,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-26T22:46:00.122Z","etag":null,"topics":["django-framework","owasp-top-10","password-security","sqllite3"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Blakley.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-11T18:22:01.000Z","updated_at":"2024-05-21T10:43:49.000Z","dependencies_parsed_at":"2024-05-21T12:15:06.480Z","dependency_job_id":"6136cda6-b18b-41c9-80a6-aacb5b4bc4a1","html_url":"https://github.com/Blakley/SecureWeb","commit_stats":null,"previous_names":["blakley/password-security-demo","blakley/secureweb"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Blakley/SecureWeb","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Blakley%2FSecureWeb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Blakley%2FSecureWeb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Blakley%2FSecureWeb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Blakley%2FSecureWeb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Blakley","download_url":"https://codeload.github.com/Blakley/SecureWeb/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Blakley%2FSecureWeb/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32379617,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T11:25:28.583Z","status":"ssl_error","status_checked_at":"2026-04-28T11:25:05.435Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["django-framework","owasp-top-10","password-security","sqllite3"],"created_at":"2024-12-05T05:11:54.185Z","updated_at":"2026-04-28T11:35:57.575Z","avatar_url":"https://github.com/Blakley.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SecureWeb\n\nA project built using the `Django` framework. It features a demo where users can attack various login forms to understand various\nsecurity measures. Additionally, the goal of this project is to \nencourage users to employ industry standards when designing\napplications with user authentication.\n\n## Login Forms :\nBelow is an overview of the basic security behind each login form.\n\n### [Form 1]\n\n\u003cimg src=\"src/website/secureweb/static/images/screenshot.png\" alt=\"Login Form 1\" width=\"500\" height=\"500\"\u003e\n\n\n- \u003cspan  style=\"color:#655e7a\"\u003eNo security\u003c/span\u003e. This login form is meant to be completely vulnerable to \u003cb\u003epassword spraying attacks\u003c/b\u003e.\n\n### [Form 2]\n\n\u003cimg src=\"src/website/secureweb/static/images/screenshot_9.png\" alt=\"Login Form 2\" width=\"500\" height=\"500\"\u003e\n\n- In this login form, the approach used in \u003cb\u003e\u003cu\u003eform 1\u003c/u\u003e\u003c/b\u003e will not work. This form \u003cspan  style=\"color:#655e7a\"\u003erate limits client requests\u003c/span\u003e. If the number of requests exceed a certain threshold within a minute, the client will no longer be able to send requests to this login form. To bypass this, one could use \u003cb\u003eproxies\u003c/b\u003e.\n\n### [Form 3]\n\n\u003cimg src=\"src/website/secureweb/static/images/screenshot_10a.png\" alt=\"Login Form 3\" width=\"500\" height=\"500\"\u003e\n\n\u003cimg src=\"src/website/secureweb/static/images/screenshot_10b.png\" alt=\"Login Form 3\" width=\"500\" height=\"500\"\u003e\n\n- Basic \u003cspan  style=\"color:#655e7a\"\u003ecaptchas\u003c/span\u003e were introduced in this login form. Once you make a login attempt, you then must solve a captcha before you get the login success status.\nGiven that the logic behind how the captcha's are generated in this form, one could \u003cb\u003ecreate a script\u003c/b\u003e to generate and submit them.\n\n### [Form 4]\n\n\u003cimg src=\"src/website/secureweb/static/images/screenshot_11.png\" alt=\"Login Form 3\" width=\"500\" height=\"500\"\u003e\n\n- This login form focuses on \u003cspan  style=\"color:#655e7a\"\u003elocking out users\u003c/span\u003e after `x amount` of failed tries as opposed to blocking clients. In situations where this is the only security measure, an attacker might purposely \u003cb\u003elock out as many accounts as possible\u003c/b\u003e.\n\n\n## Utility scripts :\nI have provided several `python` scripts that you can try\nout to attack each login form. Otherwise, use any tool such as \n[Burp Suite](https://portswigger.net/burp) or [John the Ripper](https://github.com/openwall/john).\n\n1. `attack.py`  : A script that attempts to bypass the security measures in place for each login form.\n\n2. `monitor.py` : A useful script that will continually monitor updates to the login.log file, which shows the login attempts to each login form.\n\n3. `proxies.py` : A script that creates 1500 [Private IP Addresses](https://whatismyipaddress.com/private-ip#private-ip)\nwhich are then used to mimic [rotating proxies](https://nordvpn.com/cybersecurity/glossary/rotating-proxy/#:~:text=A%20rotating%20proxy%20is%20a,to%20track%20or%20block%20users.) in order to bypass rate limiting and IP blocking. Note, only works on \u003cb\u003eLinux\u003c/b\u003e. \n\n## Dependenices :\nExecute the following command to install the necessary modules.\nNote, `requirements.txt` is located in the \u003cb\u003esrc\u003c/b\u003e directory.\n\n```\npip install -r requirements.txt\n```\n\n## Deployment :\nTo start the web server, execute run the command:\n```properties\npython manage.py runserver\n```\nand then navigate to the [SecureWeb URL](http://localhost:8000/secureweb/) \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblakley%2Fsecureweb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblakley%2Fsecureweb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblakley%2Fsecureweb/lists"}