{"id":21392190,"url":"https://github.com/sysdiglabs/security-playground","last_synced_at":"2025-07-13T18:31:06.218Z","repository":{"id":53653427,"uuid":"217104818","full_name":"sysdiglabs/security-playground","owner":"sysdiglabs","description":"This is a sample application which runs an HTTP web server and allows to read and write files and exec commands","archived":false,"fork":false,"pushed_at":"2023-05-02T19:42:51.000Z","size":24,"stargazers_count":2,"open_issues_count":5,"forks_count":8,"subscribers_count":5,"default_branch":"master","last_synced_at":"2023-08-11T06:37:55.241Z","etag":null,"topics":["container-security","kubernetes","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sysdiglabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-10-23T16:34:19.000Z","updated_at":"2023-08-11T06:37:55.242Z","dependencies_parsed_at":"2023-02-04T07:01:21.755Z","dependency_job_id":null,"html_url":"https://github.com/sysdiglabs/security-playground","commit_stats":null,"previous_names":[],"tags_count":0,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Fsecurity-playground","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Fsecurity-playground/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Fsecurity-playground/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Fsecurity-playground/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sysdiglabs","download_url":"https://codeload.github.com/sysdiglabs/security-playground/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225908363,"owners_count":17543475,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["container-security","kubernetes","security-tools"],"created_at":"2024-11-22T13:39:33.664Z","updated_at":"2025-07-13T18:31:06.212Z","avatar_url":"https://github.com/sysdiglabs.png","language":"Python","readme":"# Security Playground\n\n![last commit](https://flat.badgen.net/github/last-commit/sysdiglabs/security-playground?icon=github) ![licence](https://flat.badgen.net/github/license/sysdiglabs/security-playground) ![docker pulls](https://flat.badgen.net/docker/pulls/sysdiglabs/security-playground?icon=docker)\n\nThe security playground is an HTTP web server to simulate security breaches. It allows you to read, write, and execute commands in a containerized environment.\n\n\n## Build\n\n```\n$ docker build -t sysdiglabs/security-playground:latest .\n```\n\n\n## Installation\n\nDeploy the docker image in your environment, and setup the probe health check to the `/health:8080` endpoint if required.\n\nYou can also run the image locally:\n\n```bash\n$ docker run --rm -p 8080:8080 sysdiglabs/security-playground\n```\n\n\n## Usage\n\nThe application provides endpoints for:\n - [Health checks](#health-checks)\n - [Reading file](#reading-a-file)\n - [Writing file](#writing-a-file)\n - [Executing commands](#executing-a-command)\n\n\n### Health checks\n\nThe health check endpoint is `/health` on port `8080` and returns the `200` HTTP status code.\n\n\n### Reading a file\n\nYou can retrieve a file's contents by sending a `GET` request to the application's URL.\n\n```bash\n$ curl \u003cURL\u003e:8080/\u003cPATH\u003e\n```\n\nFor example:\n\n```bash\n$ curl localhost:8080/etc/shadow\n```\n\nThis will return the content of the `/etc/shadow` file in the container running locally.\n\n\n\n### Writing a file\n\nYou can write data to a file by sending a `POST` request to the application's URL with the desired content.\n\n```bash\n$ curl -X POST \u003cURL\u003e:8080/\u003cPATH\u003e -d 'content=\u003cCONTENT\u003e'\n```\n\nFor example:\n\n```bash\n$ curl -X POST localhost:8080/bin/hello -d 'content=hello-world'\n```\n\nThis command writes the string hello-world to /bin/hello.\n\n\n\n### Executing a command\n\nTo execute a command, send a `POST` request to the `/exec` endpoint with the command as the payload.\n\n```bash\n$ curl -X POST \u003cURL\u003e:8080/exec -d 'command=\u003cCMD\u003e'\n```\n\nFor example:\n\n```bash\n$ curl -X POST localhost:8080/exec -d 'command=ls'\n```\n\nThis will run the command and return its STDOUT output.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysdiglabs%2Fsecurity-playground","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsysdiglabs%2Fsecurity-playground","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysdiglabs%2Fsecurity-playground/lists"}