{"id":26066444,"url":"https://github.com/psecio/rift","last_synced_at":"2025-04-11T16:25:59.091Z","repository":{"id":74279243,"uuid":"55354997","full_name":"psecio/rift","owner":"psecio","description":"A vulnerable application for teaching the basics of web application security","archived":false,"fork":false,"pushed_at":"2017-11-15T02:37:44.000Z","size":379,"stargazers_count":9,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-25T12:40:38.468Z","etag":null,"topics":["application","security","teaching","vulnerability"],"latest_commit_sha":null,"homepage":null,"language":"CSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/psecio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2016-04-03T15:59:05.000Z","updated_at":"2019-01-22T04:45:20.000Z","dependencies_parsed_at":"2024-02-11T00:31:22.539Z","dependency_job_id":null,"html_url":"https://github.com/psecio/rift","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psecio%2Frift","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psecio%2Frift/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psecio%2Frift/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psecio%2Frift/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/psecio","download_url":"https://codeload.github.com/psecio/rift/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248439412,"owners_count":21103600,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application","security","teaching","vulnerability"],"created_at":"2025-03-08T20:52:03.005Z","updated_at":"2025-04-11T16:25:59.062Z","avatar_url":"https://github.com/psecio.png","language":"CSS","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Rift: Teaching Application Security\n\n### Requirements\n\nYou'll need the following to run the Rift application\n\n- At least PHP 5.5 installed locally (and potentially in Apache)\n- SQLite support\n- An open mind, ready to learn about web application security!\n\n### Setup\n\nYou can either use the included setup script:\n\n```\n./setup.sh\n```\n\nor you can perform the same steps manually:\n\n```\nchmod -R 777 data/\n/usr/bin/sqlite3 data/rift.db \u003c init.sql\n```\n\nYou'll also need to install the dependencies with [Composer](https://getcomposer.org) so from the root directory run:\n\n```\ncomposer install\n```\n\nYou'll need to already have Composer setup to run this. The Composer site has a great install guide for that.\n\n### Starting it up\n\nYou can start up the application in two different ways. You can either use the built-in PHP web server:\n\n```\ncd public\nphp -S localhost:8111\n```\n\nor you can set up a `VirtualHost` in Apache pointing it to the `public/` directory (with your own paths\nsubstituted in of course):\n\n```\n\u003cVirtualHost *:80\u003e\n\tServerName phparch.localhost\n\tDocumentRoot /var/www/phparch/public\n\tErrorLog \"/var/log/www/phparch-error_log\"\n\u003c/VirtualHost\u003e\n```\n\nand add it to your `/etc/hosts`:\n\n```\n192.168.0.1     phparch.localhost\n```\n\n### Lessons\n\nEach of the lessons in Rift can be found under the \"Exercises\" option in the menubar at the top of the site. Topics currently covered are:\n\n- Cookie security\n- Remember Me handling\n- Forgot Password\n- File Uploads\n- Password Hashing\n- Rate Limiting\n- Cross-Site Scripting (XSS)\n- SQL Injection (SQLi)\n- Cross-Site Request Forgery (CSRF)\n- Direct Object Reference\n- Remote File Include (RFI)\n- Local File Injection (LFI)\n- Open Redirect\n\n### Tips\n\n1. If you get database errors, be sure you've created the database with the `sqlite3` command above.\n2. Be sure the `data/rift.db` file can be written to by the web server user\n3. If you don't already have Composer, you can get it from https://getcomposer.org\n\n### Resources\n\n- [Open Web Application Security Project - OWASP](https://owasp.org)\n- [OWASP Top 10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)\n- [Websec.io](https://websec.io)\n- [Duo Security](https://duo.com) (push/SMS for TFA)\n- [Authy](https://authy.com) (push/SMS for TFA)\n- [sqlmap](http://sqlmap.org) for SQL injection testing\n- [John the Ripper](http://www.openwall.com/john/) for password cracking\n- [Let's Encrypt](https://letsencrypt.org/) for free SSL/TLS certificates\n- [password_hash polyfill - password_compat](https://github.com/ircmaxell/password_compat)\n- [Zend Framework ACL component](https://framework.zend.com/manual/2.2/en/modules/zend.permissions.acl.intro.html)\n- [Laravel authorization](https://laravel.com/docs/5.5/authorization)\n- [Symfony security](https://symfony.com/doc/current/security)\n- [defuse-php encryption library](https://github.com/defuse/php-encryption)\n- [iniscan](https://github.com/psecio/iniscan) for security scanning the `php.ini`\n- [Google reCAPTCHA](https://www.google.com/recaptcha/intro/index.html)\n- [Breakout escaping library](https://github.com/salesforce/breakout)\n- [Zend\\Escaper component](https://github.com/zendframework/zend-escaper)\n- [Skipfish](https://code.google.com/archive/p/skipfish/)\n- [Burp Suite](https://portswigger.net/burp)\n- [OWASP ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)\n- [psecio/versionscan](https://github.com/psecio/versionscan) for finding vulnerabilities related to your PHP version\n- [Kali linux distribution](https://tools.kali.org/)\n- [Symfony security advisories](https://github.com/FriendsOfPHP/security-advisories)\n- [content-security-policy.com](https://content-security-policy.com)\n- [Google on Content Security Policy](https://developers.google.com/web/fundamentals/security/csp/)\n- [XSSHunter.com](https://xsshunter.com/features)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsecio%2Frift","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpsecio%2Frift","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsecio%2Frift/lists"}