{"id":16184428,"url":"https://github.com/qazbnm456/vwgen","last_synced_at":"2025-03-19T02:31:19.074Z","repository":{"id":77137496,"uuid":"56078217","full_name":"qazbnm456/VWGen","owner":"qazbnm456","description":"Vulnerable Web applications Generator","archived":false,"fork":false,"pushed_at":"2017-12-10T05:23:27.000Z","size":11037,"stargazers_count":84,"open_issues_count":0,"forks_count":18,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-10-11T07:10:07.228Z","etag":null,"topics":["addon","docker","generator","python","tsaotun","vulnerabilities"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qazbnm456.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-04-12T16:06:17.000Z","updated_at":"2024-10-05T12:43:03.000Z","dependencies_parsed_at":null,"dependency_job_id":"aabb827d-d989-47b1-ac4e-d465526d39c0","html_url":"https://github.com/qazbnm456/VWGen","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qazbnm456%2FVWGen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qazbnm456%2FVWGen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qazbnm456%2FVWGen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qazbnm456%2FVWGen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qazbnm456","download_url":"https://codeload.github.com/qazbnm456/VWGen/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221720379,"owners_count":16869476,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["addon","docker","generator","python","tsaotun","vulnerabilities"],"created_at":"2024-10-10T07:10:10.836Z","updated_at":"2024-10-27T19:09:04.057Z","avatar_url":"https://github.com/qazbnm456.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Vulnerable Web applications Generator\r\n\r\nThis is the Git repo of the `VWGen`, which stands for *Vulnerable Web applications Generator*.\r\n\r\n**Relevant links:**\r\n [Github](https://github.com/qazbnm456/VWGen)\r\n\r\n---------------------------------------\r\n\r\n**Table of contents**\r\n\r\n * [Releases](#releases)\r\n * [Status quo](#status)\r\n * [Feature](#feature)\r\n * [Install](#install)\r\n * [Instruction](#instruction)\r\n * [In Brief](#brief)\r\n * [Know issues](#issue)\r\n * [Contributing](#contribute)\r\n * [LICENSE](#license)\r\n\r\n---------------------------------------\r\n\r\n\u003ca name=\"releases\"\u003e\u003c/a\u003e\r\n## Releases\r\n\r\n- 0.1.0 -- Initial release\r\n- 0.2.0 -- Now, VWGen can also be one of [Tsaotun](https://github.com/qazbnm456/tsaotun)'s addon. :tada:\r\n\r\n\u003ca name=\"status\"\u003e\u003c/a\u003e\r\n## Status quo\r\n\r\n1. Supporting very limited modules, such as [SQLI](https://www.owasp.org/index.php/SQL_Injection), [NOSQLI](https://www.owasp.org/index.php/Testing_for_NoSQL_injection), [LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion), [CRLF](https://www.owasp.org/index.php/CRLF_Injection), [Command Injection](https://www.owasp.org/index.php/Command_Injection) and [XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)).\r\n2. There are two important modules which play essential role in deploying vulnerable web apps.\r\n   - *unfilter* module scrap the sites and find the keywords to be replaced by parameters.\r\n   - *expand* module learn the sites and try to rearrange the elements to let child modules insert their payloads within it.\r\n3. Only two themes right now.\r\n    \u003cdiv align=\"center\"\u003e\u003cimg src=\"http://i.imgur.com/jgdO4HD.png\" /\u003e\u003c/div\u003e\r\n4. **Python3 is currently not supported!**\r\n5. `--file` option works, but it still needs some developing. Example command: `./VWGen.py --file=\"$VWGen_HOME/examples/2016_ais3_web3/sample.py\"`\r\n\r\n\u003ca name=\"feature\"\u003e\u003c/a\u003e\r\n## Feature\r\n\r\n`--file` option makes share web challenges easily. All you need to do is provide a custom script, which defines how vulnerabilities would be made or be triggered, and each one can just load that script to spawn the same vulnerable web applications immediately.\r\n\r\nThere is a [examples/](https://github.com/qazbnm456/VWGen/tree/master/examples) directory in the root folder, and I will put some sample scripts in it. Now, we have so many scripts!\r\n\r\n\u003ca name=\"install\"\u003e\u003c/a\u003e\r\n## Install\r\n\r\n1. Install docker binary. Only versions 1.11.0 above are supported. Check out official [installing guide](https://docs.docker.com/linux/).\r\n2. `sudo apt-get install -y libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev` to make `pycurl` happy.\r\n3. Pull fundamental images that we gonna use with VWGen:\r\n    - `docker pull richarvey/nginx-php-fpm:php5`\r\n    - `docker pull richarvey/nginx-php-fpm:php7`\r\n    - `docker pull mysql:5`\r\n    - `docker pull phpmyadmin/phpmyadmin:4.6.5.1-1`\r\n    - `docker pull node:7`\r\n4. Install lxml: `apt-get install python-lxml`.\r\n5. Clone [VWGen](https://github.com/qazbnm456/VWGen) and `cd` to it.\r\n6. Install packages:\r\n    1. Through `pip`\r\n        - `pip install -r requirements.txt`\r\n    2. Through `pipenv`\r\n        - `pip install pipenv`\r\n        - `pipenv install`\r\n        - `pipenv shell` or `pipenv shell --fancy`\r\n7. Type `./VWGen.py --help` to test if it works or check below for more instructions.\r\n\r\n\u003ca name=\"instruction\"\u003e\u003c/a\u003e\r\n## Instruction\r\n\r\n    Usage: VWGen.py [options]\r\n\r\n    Options:\r\n    --version             show program's version number and exit\r\n    -h, --help            show this help message and exit\r\n    -c, --console         enter console mode\r\n    --backend=BACKEND     configure the backend (Default: php)\r\n    --theme=THEME         configure the theme (Default: startbootstrap-\r\n                            agency-1.0.6)\r\n    --expose=EXPOSE_PORT  configure the port of the host for container binding\r\n                            (Default: 80)\r\n    --database=DBMS, --db=DBMS\r\n                            configure the dbms for container linking\r\n    --modules=LIST        list of modules to load (Default: +unfilter)\r\n    --color               set terminal color\r\n    -v, --verbose         set verbosity level\r\n\r\n    Under development:\r\n        Following options are still in development!\r\n\r\n        --file=FILENAME     specify the file that VWGen will gonna operate on\r\n\r\n\u003ca name=\"brief\"\u003e\u003c/a\u003e\r\n## In Brief\r\n\r\nWhich types of vulnerabilities will be generated would depend on the modules you set while you start VWGen, and following are some screenshots of VWGen:\r\n\r\n- `./VWGen.py -c` - Enter console mode.\r\n\u003cdiv align=\"center\"\u003e\u003cimg src=\"http://i.imgur.com/fOZWju1.png\" /\u003e\u003c/div\u003e\r\n\r\n- `./VWGen.py` - Start VWGen with some default arguments.\r\n\u003cdiv align=\"center\"\u003e\u003cimg src=\"http://i.imgur.com/55RPixv.png\" /\u003e\u003c/div\u003e\r\n\r\n- `./VWGen.py --module=\"+sqli\" --database=\"MySQL\"` - Start VWGen with MySQL based SQL Injection.\r\n\u003cdiv align=\"center\"\u003e\u003cimg src=\"http://i.imgur.com/X5m0OkO.png\" /\u003e\u003c/div\u003e\r\n\r\n- `./VWGen.py --module=\"+exec\"` - Start VWGen with command injection vulnerability.\r\n\u003cdiv align=\"center\"\u003e\u003cimg src=\"http://i.imgur.com/Rt0er9E.png\" /\u003e\u003c/div\u003e\r\n\r\n\u003ca name=\"issue\"\u003e\u003c/a\u003e\r\n## Known issues\r\n\r\n1. [mod_expand.py](https://github.com/qazbnm456/VWGen/blob/master/core/attack/mod_expand.py) can produce defferent extensions, but it still needs user's interaction to modify source code (Warning message is provided).\r\n\r\n\u003ca name=\"contribute\"\u003e\u003c/a\u003e\r\n## Contributing to VWGen\r\n\r\n| Linux | Windows | MacOSX |\r\n|------------------|---------|---------|\r\n| ![Compatibility Docker Version](https://img.shields.io/badge/docker%20version-1.12.3-blue.svg) | ![Compatibility Docker Version](https://img.shields.io/badge/docker%20version-1.12.3-blue.svg) | ![Compatibility Docker Version](https://img.shields.io/badge/docker%20version-1.12.3-blue.svg) |\r\n\r\nWanna enrich the possibilities that VWGen can inspire? Send pull requests or issues immediately!\r\n\r\n\u003ca name=\"license\"\u003e\u003c/a\u003e\r\n## LICENSE\r\n\r\nThis project use [Apache License, Version 2.0](https://github.com/qazbnm456/VWGen/blob/master/LICENSE).\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqazbnm456%2Fvwgen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqazbnm456%2Fvwgen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqazbnm456%2Fvwgen/lists"}