{"id":13845132,"url":"https://github.com/effortlessdevsec/ninjasworkout","last_synced_at":"2026-02-10T01:11:28.429Z","repository":{"id":45071272,"uuid":"419977886","full_name":"effortlessdevsec/ninjasworkout","owner":"effortlessdevsec","description":"Vulnerable NodeJS Web Application","archived":false,"fork":false,"pushed_at":"2024-08-22T04:50:55.000Z","size":5998,"stargazers_count":87,"open_issues_count":2,"forks_count":29,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-11-21T18:38:48.906Z","etag":null,"topics":["bugbounty","nodejs","penetration-testing","vulnerability-assessment"],"latest_commit_sha":null,"homepage":"","language":"Pug","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/effortlessdevsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-22T05:34:09.000Z","updated_at":"2024-08-22T04:50:59.000Z","dependencies_parsed_at":"2024-08-22T05:55:45.327Z","dependency_job_id":null,"html_url":"https://github.com/effortlessdevsec/ninjasworkout","commit_stats":null,"previous_names":[],"tags_count":0,"template":true,"template_full_name":null,"purl":"pkg:github/effortlessdevsec/ninjasworkout","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/effortlessdevsec%2Fninjasworkout","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/effortlessdevsec%2Fninjasworkout/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/effortlessdevsec%2Fninjasworkout/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/effortlessdevsec%2Fninjasworkout/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/effortlessdevsec","download_url":"https://codeload.github.com/effortlessdevsec/ninjasworkout/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/effortlessdevsec%2Fninjasworkout/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264923078,"owners_count":23683716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","nodejs","penetration-testing","vulnerability-assessment"],"created_at":"2024-08-04T17:03:14.039Z","updated_at":"2026-02-10T01:11:28.423Z","avatar_url":"https://github.com/effortlessdevsec.png","language":"Pug","funding_links":[],"categories":["Pug"],"sub_categories":[],"readme":"#  Damn Vulnerable NodeJS Application\n\n## Quick Start\n\n\n```\nDownload the Repo =\u003e \n\nrun npm i\n\n```\n\nAfer Installing all dependency just run the application\n\n```\nnode app.js or nodemon app.js\n\n```\n![image](https://user-images.githubusercontent.com/30777722/138400223-7fbb4ef0-9143-40ca-adb8-37a986346910.png)\n\n\n\n## ADDED BUGS\n\n - Prototype Pollution ✅1\n - No SQL Injection ✅2\n - Cross site Scripting ✅3\n - Broken Access Control ✅4\n-  Broken Session Management ✅5\n - Weak Regex Implementation ✅ 6\n - Race Condition ✅7\n - CSRF -Cross Site Request Forgery ✅8\n - Weak   Bruteforce Protection  ✅9\n - User Enumeration ✅10\n - Reset Password token leaking in Referrer ✅11\n - Reset Password bugs ✅12\n-  Sensitive Data Exposure ✅13\n - Unicode Case Mapping Collision ✅14\n - File Upload ✅ 15\n-  SSRF ✅ 16\n-   XXE\n-   Open Redirection ✅ 17\n-   Directory Traversal ✅ 18\n-   Insecure Deserilization =\u003e Remote Code Execution ✅ 19\n-   Server Side Template Injection   🚶‍♂️🚶‍♂️🚶‍\n-  Timing Attack 🚶‍♂️🚶‍♂️🚶‍\n\n\n⚠️⚠️ Reset Password Module will not work !! You have to configure SMTP !! in utils=\u003esendmail.js⚠️⚠️\n\n# TODO\n\n- Improvement in User Interface\n- Add New Vulnerabilities on weekly basis\n- Add Documentation of all the Vulnerabilites\n\n# Issues\n- In case of bugs in the application, feel free to create an [issues](https://github.com/effortlessdevsec/ninjasworkout/issues) on github.\n\n# Contribution\n- Feel free to create a pull request for any contribution.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feffortlessdevsec%2Fninjasworkout","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feffortlessdevsec%2Fninjasworkout","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feffortlessdevsec%2Fninjasworkout/lists"}