{"id":13539564,"url":"https://github.com/owasp/securityshepherd","last_synced_at":"2025-04-02T06:31:13.655Z","repository":{"id":11734307,"uuid":"14259857","full_name":"OWASP/SecurityShepherd","owner":"OWASP","description":"Web and mobile application security training platform","archived":false,"fork":false,"pushed_at":"2024-07-02T15:06:05.000Z","size":190662,"stargazers_count":1371,"open_issues_count":132,"forks_count":479,"subscribers_count":85,"default_branch":"dev","last_synced_at":"2025-03-26T17:43:01.417Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://owasp.org/www-project-security-shepherd/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OWASP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2013-11-09T15:57:16.000Z","updated_at":"2025-03-21T21:11:39.000Z","dependencies_parsed_at":"2024-10-30T03:52:27.513Z","dependency_job_id":null,"html_url":"https://github.com/OWASP/SecurityShepherd","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FSecurityShepherd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FSecurityShepherd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FSecurityShepherd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FSecurityShepherd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OWASP","download_url":"https://codeload.github.com/OWASP/SecurityShepherd/tar.gz/refs/heads/dev","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246767836,"owners_count":20830564,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:27.998Z","updated_at":"2025-04-02T06:31:08.643Z","avatar_url":"https://github.com/OWASP.png","language":"Java","funding_links":[],"categories":["\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","\u003ca id=\"5dd93fbc2f2ebc8d98672b2d95782af3\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"8e1069b2bce90b87eea762ee3d0935d8\"\u003e\u003c/a\u003eOWASP"],"readme":" \n# OWASP Security Shepherd [![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-48A646.svg)](https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Flagship_Projects) \nThe [OWASP Security Shepherd Project](http://bit.ly/owaspSecurityShepherd) is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status.\n\n[![Build and Test](https://github.com/OWASP/SecurityShepherd/actions/workflows/test.yml/badge.svg)](https://github.com/OWASP/SecurityShepherd/actions/workflows/test.yml)  \n# Where can I download Security Shepherd?\n\n### Virtual Machine or Manual Setup\nYou can download Security Shepherd VM's or Manual Installation Packs from [GitHub](https://github.com/OWASP/SecurityShepherd/releases)\n\n### Docker (Ubuntu Linux Host)\n\n#### Initial Setup\n```console\n# Install pre-reqs\nsudo apt install git maven docker docker-compose openjdk-8-jdk\n\n# Clone the github repository\ngit clone https://github.com/OWASP/SecurityShepherd.git\n\n# Change directory into the local copy of the repository\ncd SecurityShepherd\n\n# Adds current user to the docker group (don't have to run docker with sudo)\nsudo gpasswd -a $USER docker\n\n# Run maven to generate the WAR and HTTPS Cert.\nmvn -Pdocker clean install -DskipTests\n\n# Build the docker images, docker network and bring up the environment\ndocker-compose up\n```\n\nOpen up an Internet Browser \u0026 type in the address bar;\n\n* [localhost](http://localhost)\n\nTo login use the following credentials (you will be asked to update after login);\n\n* username: ```admin```\n* password: ```password```\n\nNote: Environment variables can be configured in dotenv ```.env``` file in the root dir.\n\n#### Full Guide\n[Docker-Environment-Setup](https://github.com/OWASP/SecurityShepherd/wiki/Docker-Environment-Setup)\n\n# How do I setup Security Shepherd?\nWe've got fully automated and step by step walkthroughs on our [wiki page](https://github.com/markdenihan/owaspSecurityShepherd/wiki) to help you get Security Shepherd up and running.\n  \n# What can Security Shepherd be used for?\nSecurity Shepherd can be used as a;\n* Teaching Tool for All Application Security\n* Web Application Pen Testing Training Platform\n* Mobile Application Pen Testing Training\n* Safe Playground to Practise AppSec Techniques\n* Platform to demonstrate real Security Risk examples\n  \n# Why choose Security Shepherd?\nThere are a lot of purposefully vulnerable applications available in the OWASP Project Inventory, and even more across the internet. Why should you use Security Shepherd? Here are a few reasons;  \n* **Wide Topic Coverage**  \nShepherd includes over sixty levels across the entire spectrum of Web and Mobile application security under a single project.\n* **Gentle Learning Curve**  \nShepherd is a perfect for users completely new to security with levels increasing in difficulty at a pleasant pace.\n* **Layman Write Ups**  \nWhen each security concept is first presented in Shepherd, it is done so in layman terms so that anyone (even beginners) can absorb them.\n* **Real World Examples**  \nThe security risks in Shepherd are real vulnerabilities that have had their exploit impact dampened to protect the application, users, and environment. There are no simulated security risks which require an expected, specific attack vector in order to pass a level. Attack vectors when used on Shepherd are how they would behave in the real world.\n* **Scalability**  \nShepherd can be used locally by a single user or easily as a server for a high amount of users.\n* **Highly Customisable**  \nShepherd enables admins to set what levels are available to their users and in what way they are presented (Open, CTF and Tournament Layouts)\n* **Perfect for Classrooms**  \nShepherd gives it's players user specific solution keys to prevent students from sharing keys, rather than going through the steps required to complete a level.\n* **Scoreboard**  \nSecurity Shepherd has a configurable scoreboard to encourage a competitive learning environment. Users that complete levels first, second and third get medals on their scoreboard entry and bonus points to keep things entertaining on the scoreboard.\n* **User Management**  \nSecurity Shepherd admins can create users, create admins, suspend, unsuspend, add bonus points, or take penalty points away from users' accounts with the admin user management controls. Admins can also segment their students into specific class groups. Admins can view the progress a class has made to identify struggling participants. An admin can even close public registration and manually create users if they wish for a private experience.\n* **Robust Service**  \nShepherd has been used to run online CTFs such as the OWASP Global CTF and OWASP LATAM Tour CTF 2015, both surpassing 200 active users and running with no down time, bar planned maintenance periods.\n* **Configurable Feedback**  \nAn administrator can enable a feedback process, which must be completed by users before a level is marked as complete. This is used both to facilitate project improvements based on feedback submitted and for system administrators to collect \"Reports of Understanding\" from their students.\n* **Granular Logging**  \nThe logs reported by Security Shepherd are highly detailed and descriptive, but not screen blinding. If a user is misbehaving, you will know.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowasp%2Fsecurityshepherd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fowasp%2Fsecurityshepherd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowasp%2Fsecurityshepherd/lists"}