{"id":13589461,"url":"https://github.com/rewanthtammana/Damn-Vulnerable-Bank","last_synced_at":"2025-04-08T09:33:12.907Z","repository":{"id":47542429,"uuid":"294934346","full_name":"rewanthtammana/Damn-Vulnerable-Bank","owner":"rewanthtammana","description":"Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.","archived":false,"fork":false,"pushed_at":"2023-12-13T07:48:44.000Z","size":39752,"stargazers_count":627,"open_issues_count":2,"forks_count":176,"subscribers_count":19,"default_branch":"master","last_synced_at":"2024-08-04T17:13:09.815Z","etag":null,"topics":["android","android-security","application-security","damn-vulnerable-bank","hacking","hacktoberfest","infosec","pentesting","security","vulnerable-android-apps","vulnerable-application"],"latest_commit_sha":null,"homepage":"https://rewanthtammana.com/damn-vulnerable-bank/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rewanthtammana.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-12T11:55:50.000Z","updated_at":"2024-08-04T17:13:14.308Z","dependencies_parsed_at":"2023-12-13T09:17:57.829Z","dependency_job_id":null,"html_url":"https://github.com/rewanthtammana/Damn-Vulnerable-Bank","commit_stats":null,"previous_names":["rewanth1997/damn-vulnerable-bank"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rewanthtammana%2FDamn-Vulnerable-Bank","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rewanthtammana%2FDamn-Vulnerable-Bank/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rewanthtammana%2FDamn-Vulnerable-Bank/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rewanthtammana%2FDamn-Vulnerable-Bank/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rewanthtammana","download_url":"https://codeload.github.com/rewanthtammana/Damn-Vulnerable-Bank/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223314164,"owners_count":17125015,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","android-security","application-security","damn-vulnerable-bank","hacking","hacktoberfest","infosec","pentesting","security","vulnerable-android-apps","vulnerable-application"],"created_at":"2024-08-01T16:00:30.457Z","updated_at":"2024-11-06T09:31:04.389Z","avatar_url":"https://github.com/rewanthtammana.png","language":"Java","funding_links":[],"categories":["Mobile Security","Mobile Pentesting","Capture The Flag","Java"],"sub_categories":["Android","Vulnerable Platforms","Vulnerable Apps"],"readme":"\u003ch1 align=\"center\"\u003eDamn Vulnerable Bank\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/rewanthtammana/Damn-Vulnerable-Bank/fork\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/forks/rewanthtammana/Damn-Vulnerable-Bank\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/rewanthtammana/Damn-Vulnerable-Bank/stargazers\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/stars/rewanthtammana/Damn-Vulnerable-Bank\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/rewanthtammana/Damn-Vulnerable-Bank/blob/master/LICENSE\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/license/rewanthtammana/Damn-Vulnerable-Bank\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://twitter.com/intent/tweet?text=Damn%20Vulnerable%20Bank%20Guide:\u0026url=https%3A%2F%2Fgithub.com%2Frewanthtammana%2FDamn-Vulnerable-Bank\"\u003e\n    \u003cimg src=\"https://img.shields.io/twitter/url?url=https%3A%2F%2Fgithub.com%2Frewanthtammana%2FDamn-Vulnerable-Bank\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eGuide: https://rewanthtammana.com/damn-vulnerable-bank/\u003c/b\u003e\n\u003c/p\u003e\n\n## About application\n[Damn Vulnerable Bank](https://github.com/rewanthtammana/Damn-Vulnerable-Bank) is designed to be an intentionally vulnerable android application. All the details are documented in the guide, [here](https://rewanthtammana.com/damn-vulnerable-bank/).\n\n![Guide overview](./images/damn-vulnerable-bank-guide.png)\n\n\u003c!-- \u003cimg src=\"https://github.com/rewanthtammana/Damn-Vulnerable-Bank/blob/master/images/screen1.jpg\" align=\"centre\" height=\"600\" width=\"395\"\u003e\u003cimg src=\"https://github.com/rewanthtammana/Damn-Vulnerable-Bank/blob/master/images/screen2.jpg\" align=\"centre\" height=\"600\" width=\"395\"\u003e --\u003e\n\n## Upcoming Sessions\n\n### NoNameCon\n\n* [https://cfp.nonamecon.org/nnc2021/talk/WCKLTN/](https://cfp.nonamecon.org/nnc2021/talk/WCKLTN/)\n\n### Black Hat Europe\n\n* [TBD](https://www.blackhat.com/eu-21/)\n\n## Features\n- [x] Sign up\n- [x] Login\n- [x] My profile interface\n- [x] Change password\n- [x] Settings interface to update backend URL\n- [x] Add fingerprint check before transferring/viewing funds\n- [x] Add pin check before transferring/viewing funds\n- [x] View balance\n- [x] Transfer money\n  - [x] Via manual entry\n  - [ ] Via QR scan\n- [x] Add beneficiary\n- [x] Delete beneficiary\n- [x] View beneficiary\n- [x] View transactions history\n- [ ] Download transactions history\n\n## List of vulnerabilities in the application\n\nTo keep things crisp and interesting, we hidden this section. Do not toggle this button if you want a fun and challenging experience. Try to explore the application, find all the possible vulnerabilities and then cross check your findings with this list.\n\n\u003cdetails\u003e\n  \u003csummary\u003eSpoiler Alert\u003c/summary\u003e\n\n- [x] Root and emulator detection\n- [x] Anti-debugging checks (prevents hooking with frida, jdb, etc)\n- [ ] SSL pinning - pin the certificate/public key\n- [x] Obfuscate the entire code\n- [x] Encrypt all requests and responses\n- [x] Hardcoded sensitive information\n- [x] Logcat leakage\n- [ ] Insecure storage (saved credit card numbers maybe)\n- [x] Exported activities\n- [ ] JWT token\n- [x] Webview integration\n- [x] Deep links\n- [ ] IDOR\n\u003c/details\u003e\n\n## Backend to-do\n\n- [x] Add profile and change-password routes\n- [ ] Create different secrets for admin and other users\n- [ ] Add dynamic generation of secrets to verify JWT tokens\n- [ ] Introduce bug in jwt verification\n- [x] Find a way to store database and mount it while using docker\n- [X] Dockerize environment\n\n## Core Team\n\n[Damn Vulnerable Bank](https://rewanthtammana.com/damn-vulnerable-bank/) was created by \n\n|   |   |   |\n|---|---|---|\n| Rewanth Tammana (Rest API)  | [Github](https://github.com/rewanthtammana/)  | [LinkedIn](https://www.linkedin.com/in/rewanthtammana/)  |\n| Akshansh Jaiswal (Android App)  | [Github](https://github.com/jaiswalakshansh)  | [LinkedIn](https://www.linkedin.com/in/akshanshjaiswal/)  |\n| Hrushikesh Kakade (Android App)  | [Github](https://github.com/HrushikeshK/)  | [LinkedIn](https://www.linkedin.com/in/hrushikeshkakade/)  |\n\n\nRead more, [here](https://rewanthtammana.com/damn-vulnerable-bank/authors.html).\n\n## Contributors\n\n\u003ca href = \"https://github.com/rewanthtammana/damn-vulnerable-bank/contributors\"\u003e\n  \u003cimg src = \"https://contrib.rocks/image?repo=rewanthtammana/damn-vulnerable-bank\"/\u003e\n\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frewanthtammana%2FDamn-Vulnerable-Bank","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frewanthtammana%2FDamn-Vulnerable-Bank","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frewanthtammana%2FDamn-Vulnerable-Bank/lists"}