https://github.com/k4links/pwnshop-mobile

Welcome to the PwnShop—an educational, deliberately insecure mobile-first application designed for cybersecurity enthusiasts, beginners, and seasoned professionals alike.
https://github.com/k4links/pwnshop-mobile

cybersecurity ethical-hacking games mobile-app owasp

Last synced: about 2 months ago
JSON representation

Welcome to the PwnShop—an educational, deliberately insecure mobile-first application designed for cybersecurity enthusiasts, beginners, and seasoned professionals alike.

• Host: GitHub
• URL: https://github.com/k4links/pwnshop-mobile
• Owner: K4Links
• Created: 2026-05-03T17:18:56.000Z (about 2 months ago)
• Default Branch: main
• Last Pushed: 2026-05-03T19:13:30.000Z (about 2 months ago)
• Last Synced: 2026-05-03T19:25:09.674Z (about 2 months ago)
• Topics: cybersecurity, ethical-hacking, games, mobile-app, owasp
• Language: TypeScript
• Homepage:
• Size: 97.7 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# About The PwnShop

Using inspiration from the OWASP Juice-Shop I introduce the PwnShop—an educational, deliberately insecure application built exclusively for mobile devices. It's designed for cybersecurity enthusiasts, beginners, and seasoned professionals to learn about exploits and vulnerabilities directly from their phone or tablet.

Unlike traditional educational platforms, PwnShop aims to teach real-world security concepts through practical, hands-on experience. This environment has been laced with numerous vulnerabilities typically found in production applications, ranging from classic SQL injection and Cross-Site Scripting (XSS) to complex business logic flaws, leaky APIs, and hidden endpoints.

Your ultimate goal is to step into the shoes of an ethical hacker. Navigate the application, hunt down security misconfigurations, and exploit these deliberate flaws. As you uncover vulnerabilities, you will unlock items in your Hacker Inventory, learn the underlying mechanisms of why the exploit works, and discover industry-standard mitigation strategies.

Keep a close eye on the Hacker Scoreboard to track your progress. The more vulnerabilities you find, the closer you get to earning your completion certificate! Good luck, and remember: with great power comes great responsibility. Always conduct security research ethically and legally.

## How to play

### 1. Discover & Explore

Hunt for "leaky" info by tapping through every corner of the app. Look for developer notes left in plain sight, misconfigured buttons, and hidden menus that were never meant for the end-user's eyes.

### 2. Try to break it

Feed the app "broken" data, exploit how it saves your info locally, and try to trick the interface into giving you access or information it shouldn't.

### 3. Hack to learn, learn to build

Discovering a bug isn’t just a win—it’s a lesson. Every vulnerability you find reveals the technical "why" and the industry-standard way to patch it.

---

## Easiest way to get started

1. Download the APK file below onto your Android device.

2. Install it. Open App.

## Run Locally on PC (Debug/Testing)

**Prerequisites:** Node.js

1. Git clone `https://github.com/K4Links/PwnShop-Mobile.git` or Download zip file and unzip.

2. In a Terminal: `cd PwnShop-Mobile`

3. Install dependencies: `npm install`

4. Run the app: `npm run dev`

5. Press o and enter to open app.

---

**Please star this project if you find it useful. :)**

Donations are always welcome and extremely appreciated. Thanks! 

**BTC:** bc1qqh84tnwrkm2sn2wg8r8tzt7sljee6q0km8a5wt

*Created for Educational Purposes. DO NOT perform these attacks against real targets. Enjoy!!*