{"id":14561853,"url":"https://github.com/yevh/VulnPlanet","last_synced_at":"2025-09-04T06:31:58.903Z","repository":{"id":66721386,"uuid":"584365872","full_name":"yevh/VulnPlanet","owner":"yevh","description":"Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)","archived":false,"fork":false,"pushed_at":"2024-08-23T14:41:42.000Z","size":2404,"stargazers_count":152,"open_issues_count":1,"forks_count":21,"subscribers_count":16,"default_branch":"main","last_synced_at":"2024-08-23T16:22:55.428Z","etag":null,"topics":["android","api","application-security","appsec-tutorials","appsecurity","bugbounty","code","codesecurity","cve","ios","owasp","owasp-top-10","pentesting","poc","security","vulnerabilities","vulnerability","waf","web2","web3"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yevh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-01-02T11:10:08.000Z","updated_at":"2024-08-23T14:41:45.000Z","dependencies_parsed_at":null,"dependency_job_id":"fdddaa81-59af-41dd-a008-3b6d30c8a9ac","html_url":"https://github.com/yevh/VulnPlanet","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yevh%2FVulnPlanet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yevh%2FVulnPlanet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yevh%2FVulnPlanet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yevh%2FVulnPlanet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yevh","download_url":"https://codeload.github.com/yevh/VulnPlanet/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":217901694,"owners_count":16248354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","api","application-security","appsec-tutorials","appsecurity","bugbounty","code","codesecurity","cve","ios","owasp","owasp-top-10","pentesting","poc","security","vulnerabilities","vulnerability","waf","web2","web3"],"created_at":"2024-09-07T02:01:01.514Z","updated_at":"2024-09-07T02:02:45.911Z","avatar_url":"https://github.com/yevh.png","language":null,"funding_links":[],"categories":["bugbounty"],"sub_categories":[],"readme":"![VulnPlanet](logo.svg)\n\nVulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)\n\n- Do you have a great vulnerable code example? Open a PR ♥️\n\n## Structure 📚\n\n### CVE 💡\n\n - **Top exploitable 2020-2022**\n     - [Log4Shell](cve/CVE-2021-44228.md)\n     - [Spring4Shell](cve/CVE-2022-22965.md)\n     - [Follina](cve/CVE-2022-30190.md)\n     - [ProxyNotShell](cve/CVE-2022-41082.md)\n     - [ZeroLogon](cve/CVE-2020-1472.md)\n     \n### Web2 🕸\n   \n - **OWASP Top-10 2021**\n     - [A01 - Broken Access Control](web2/owasp/A01-Broken-Access-Control.md)\n     - [A02 - Cryptographic Failures](web2/owasp/A02-Cryptographic-Failures.md)\n     - [A03 - Injection](web2/owasp/A03-Injection.md)\n     - [A04 - Insecure Design](web2/owasp/A04-Insecure-Design.md)\n     - [A05 - Security Misconfiguration](web2/owasp/A05-Security-Misconfiguration.md)\n     - [A06 - Vulnerable and Outdated Components]\n     - [A07 - Identification and Authentication Failures]\n     - [A08 - Software and Data Integrity Failures]\n     - [A09 - Security Logging and Monitoring Failures]\n     - [A10 - Server-Side Request Forgery]\n   \n - **Per vulnerability**\n     - [SQL Injection](web2/type/SQL.md)\n     - [NoSQL Injection](web2/type/NoSQL.md)\n     - [LDAP Injection](web2/type/LDAP.md)\n     - [XSS](web2/type/xss.md)\n     - [SSTI](web2/type/SSTI.md)\n     - [XXE](web2/type/xxe.md)\n     - [SSRF](web2/type/ssrf.md)\n     - [CSRF](web2/type/csrf.md)\n     - [Code Execution](web2/type/Code_Execution.md)\n     - [Code Injection](web2/type/Code_Injection.md)\n     - [Command Injection](web2/type/Command_Injection.md)\n     - [XPATH Injection](web2/type/XPATH.md)\n     - [Insecure Deserialization](web2/type/deserialization.md)\n     - [Authentication Bypass](web2/type/Authentication_Bypass.md)\n     - [Broken Access Control](web2/owasp/A01-Broken-Access-Control.md)\n     - [IDOR](web2/type/IDOR.md)\n     - [Directory traversal](web2/type/traversal.md)\n     - [Prototype Pollution](web2/type/prototype_pullation.md)\n     - [Insecure File Uploads](web2/type/file_upload.md)\n     - [Buffer Overflow](web2/type/Buffer_Overflow.md)\n     - [Integer Overflow](web2/type/Integer_Overflow.md)\n     - [Denial Of Service](web2/type/DOS.md)\n     - [Sensitive Data Exposure](web2/type/exposure.md)\n     - [Improper Error Handling](web2/type/error.md)\n     - [Race Condition](web2/type/race.md)\n \n### API ⚕\n \n   - **OWASP API Security Top-10 2019**\n     - [API1 - Broken Object Level Authorization](api/owasp/API1-Broken-Object-Level-Authorization.md)\n     - [API2 - Broken User Authentication](api/owasp/API2-Broken-User-Authentication.md)\n     - [API3 - Excessive Data Exposure](api/owasp/API3-Excessive-Data-Exposure.md)\n     - [API4 - Lack of Resources \u0026 Rate Limiting](api/owasp/API4-Lack-of-ResourcesRate.md)\n     - [API5 - Broken Function Level Authorization](api/owasp/API5-Broken-Function-Level-Authorization.md)\n     - [API6 - Mass Assignment](api/owasp/API6-Mass-Assignment.md)\n     - [API7 - Security Misconfiguration](api/owasp/API7-Security-Misconfiguration.md)\n     - [API8 - Injection](api/owasp/API8-Injection.md)\n     - [API9 - Improper Assets Management](api/owasp/API9-Improper-Assets-Management.md)\n     - [API10 - Insufficient Logging \u0026 Monitoring](api/owasp/API10-Insufficient-Logging-Monitoring.md)\n   \n### Web3 █\n \n - **Per vulnerability**\n     - [Reentrancy](web3/Reentrancy.md)\n     - [Broken Access Control](web3/Access_Control.md)\n     - [Arithmetic Issues](web3/Arithmetic.md)\n     - [Silent failing sends](web3/Unchecked.md)\n     - [Denial of Service](web3/DOS.md)\n     - [Bad Randomness](web3/Bad_Randomness.md)\n     - [Front-Running](web3/Front_Running.md)\n     - [Time manipulation](web3/Time_manipulation.md)\n     - [Short Address Attack](web3/Short_Address_Attack.md)\n \n ### Mobile 📱\n \n - **OWASP Top 10 Mobile 2016**\n     - [M1: Improper Platform Usage](mobile/owasp/Platform.md)\n     - [M2: Insecure Data Storage](mobile/owasp/Data_Storage.md)\n     - [M3: Insecure Communication](mobile/owasp/Communication.md)\n     - [M4: Insecure Authentication](mobile/owasp/Authentication.md)\n     - [M5: Insufficient Cryptography](mobile/owasp/Cryptography.md)\n     - [M6: Insecure Authorization](mobile/owasp/Authorization.md)\n     - [M7: Client Code Quality](mobile/owasp/Quality.md)\n     - [M8: Code Tampering](mobile/owasp/Tampering.md)\n     - [M9: Reverse Engineering](mobile/owasp/Reverse.md)\n     - [M10: Extraneous Functionality](mobile/owasp/Extraneous.md)\n\n### Infrastructure-as-Code (IaC) ☁\n \n - **Per vulnerability**\n     - [Ingress from public internet](infra/sec_group.md)\n     - [Access keys for the root is present](infra/root_keys.md)\n     - [Load balancer does not use HTTPS](infra/load_balancer_https.md)\n     - [Token is not required for instance IMDS access](infra/IMDS_access.md)\n     - [Root block device is not encrypted](infra/root_block.md)\n     - [IAM policy use of wildcard](infra/policy_wildcard.md)\n     - [Load balancer is not drop invalid headers](infra/invalid_headers.md)\n     - [Load balancer is exposed publicly](infra/balancer_exposed_publicly.md)\n     - [Subnet associates public IP address](infra/subnet_associates.md)\n     - [S3 Access block should block public ACL](infra/public_acls.md)\n     - [S3 Access block should block public policy](infra/public_policies.md)\n     - [Unencrypted S3 bucket](infra/unencrypted_S3.md)\n     - [CMK is not used for S3 encryption](infra/CMK_S3.md)\n     - [VPC Flow Logs is not enabled for VPC](infra/VPC_flow.md)\n     - [Bucket does not have logging enabled](infra/bucket_logging.md)\n     - [Bucket does not have versioning enabled](infra/bucket_versioning.md)\n     - [Instance has very low backup retention period](infra/low_backup_retention.md)\n     - [Log group is not encrypted](infra/log_group_encrypt.md)\n     - [Cluster does not have container insights enabled](infra/container_insights.md)\n     - [Security group rule does not have a description](infra/rule_description.md)\n\n## Contact 📧\n\nAll suggestions write to yevhsec1@gmail.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyevh%2FVulnPlanet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyevh%2FVulnPlanet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyevh%2FVulnPlanet/lists"}