{"id":13765884,"url":"https://github.com/psiinon/bodgeit","last_synced_at":"2025-04-05T05:05:34.526Z","repository":{"id":28572022,"uuid":"32089788","full_name":"psiinon/bodgeit","owner":"psiinon","description":"The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing. ","archived":false,"fork":false,"pushed_at":"2024-08-13T15:45:54.000Z","size":107493,"stargazers_count":267,"open_issues_count":18,"forks_count":201,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-04-02T09:49:48.742Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/psiinon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-03-12T17:03:32.000Z","updated_at":"2025-03-04T14:53:50.000Z","dependencies_parsed_at":"2024-10-13T14:23:03.312Z","dependency_job_id":null,"html_url":"https://github.com/psiinon/bodgeit","commit_stats":{"total_commits":33,"total_committers":4,"mean_commits":8.25,"dds":0.303030303030303,"last_synced_commit":"b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psiinon%2Fbodgeit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psiinon%2Fbodgeit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psiinon%2Fbodgeit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psiinon%2Fbodgeit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/psiinon","download_url":"https://codeload.github.com/psiinon/bodgeit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247289426,"owners_count":20914464,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T16:00:47.935Z","updated_at":"2025-04-05T05:05:34.509Z","avatar_url":"https://github.com/psiinon.png","language":"Java","readme":"The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.\n\n\u003e ### Please note that The BodgeIt Store is no longer being worked on\n\u003e #### You are strongly recommended to use [OWASP Juice Shop](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project) instead!\n\nNote that the BodgeIt Store is now available as a Docker image: https://hub.docker.com/r/psiinon/bodgeit/ \n\nSome of its features and characteristics:\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\n* Self contained (no additional dependencies other than to 2 in the above line)\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\n* Cross platform\n* Open source\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up\n\nAll you need to do is download and open the zip file, and then extract the war file into the webapps directory of your favorite servlet engine.\n\nThen point your browser at (for example) http://localhost:8080/bodgeit\n\nYou may find it easier to find vulnerabilities using a pen test tool.\n\nIf you dont have a favourite one, I'd recommend the [Zed Attack Proxy](https://www.owasp.org/index.php/ZAP) (for which I'm the project lead).\n\nThe Bodge It Store include the following significant vulnerabilities:\n* Cross Site Scripting\n* SQL injection\n* Hidden (but unprotected) content\n* Cross Site Request Forgery\n* Debug code\n* Insecure Object References\n* Application logic vulnerabilities If you spot any others then let me know ;)\n\nThere is also a 'scoring' page (linked from the 'About Us' page) where you can see various hacking challenges and whether you have completed them or not.\n\nIn the relatively near future I'm hoping to add things like:\n* Ajax requests\n* More vulnerabilities (of course)\n\nYou can now also perform automated security regression tests on the Bodge It Store - see the wiki.\n\nAny feedback (or offers of help to develop it further;) would be appreciated.\n","funding_links":[],"categories":["Sql","Support","Downloadable Applications","Hacking Playground"],"sub_categories":["Java"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsiinon%2Fbodgeit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpsiinon%2Fbodgeit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsiinon%2Fbodgeit/lists"}