Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rewanthtammana/Damn-Vulnerable-Bank
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
https://github.com/rewanthtammana/Damn-Vulnerable-Bank
android android-security application-security damn-vulnerable-bank hacking hacktoberfest infosec pentesting security vulnerable-android-apps vulnerable-application
Last synced: about 1 month ago
JSON representation
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
- Host: GitHub
- URL: https://github.com/rewanthtammana/Damn-Vulnerable-Bank
- Owner: rewanthtammana
- License: mit
- Created: 2020-09-12T11:55:50.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2023-12-13T07:48:44.000Z (12 months ago)
- Last Synced: 2024-08-04T17:13:09.815Z (4 months ago)
- Topics: android, android-security, application-security, damn-vulnerable-bank, hacking, hacktoberfest, infosec, pentesting, security, vulnerable-android-apps, vulnerable-application
- Language: Java
- Homepage: https://rewanthtammana.com/damn-vulnerable-bank/
- Size: 37.9 MB
- Stars: 627
- Watchers: 19
- Forks: 176
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-pentest-cheat-sheets - Damn vulnerable Bank
- awesome-vulnerable-apps - Damn Vulnerable Bank - Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. (Mobile Security)
- Awesome-Pentest - Damn-Vulnerable-Bank - Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. (Mobile Security / Vulnerable Apps)
- awesome-sec-challenges - Damn Vulnerable Bank - An intentionally vulnerable Android banking application. (Capture The Flag / Vulnerable Platforms)
- awesome-hacking-lists - rewanthtammana/Damn-Vulnerable-Bank - Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills. (Java)
README
Damn Vulnerable Bank
Guide: https://rewanthtammana.com/damn-vulnerable-bank/## About application
[Damn Vulnerable Bank](https://github.com/rewanthtammana/Damn-Vulnerable-Bank) is designed to be an intentionally vulnerable android application. All the details are documented in the guide, [here](https://rewanthtammana.com/damn-vulnerable-bank/).![Guide overview](./images/damn-vulnerable-bank-guide.png)
## Upcoming Sessions
### NoNameCon
* [https://cfp.nonamecon.org/nnc2021/talk/WCKLTN/](https://cfp.nonamecon.org/nnc2021/talk/WCKLTN/)
### Black Hat Europe
* [TBD](https://www.blackhat.com/eu-21/)
## Features
- [x] Sign up
- [x] Login
- [x] My profile interface
- [x] Change password
- [x] Settings interface to update backend URL
- [x] Add fingerprint check before transferring/viewing funds
- [x] Add pin check before transferring/viewing funds
- [x] View balance
- [x] Transfer money
- [x] Via manual entry
- [ ] Via QR scan
- [x] Add beneficiary
- [x] Delete beneficiary
- [x] View beneficiary
- [x] View transactions history
- [ ] Download transactions history## List of vulnerabilities in the application
To keep things crisp and interesting, we hidden this section. Do not toggle this button if you want a fun and challenging experience. Try to explore the application, find all the possible vulnerabilities and then cross check your findings with this list.
Spoiler Alert
- [x] Root and emulator detection
- [x] Anti-debugging checks (prevents hooking with frida, jdb, etc)
- [ ] SSL pinning - pin the certificate/public key
- [x] Obfuscate the entire code
- [x] Encrypt all requests and responses
- [x] Hardcoded sensitive information
- [x] Logcat leakage
- [ ] Insecure storage (saved credit card numbers maybe)
- [x] Exported activities
- [ ] JWT token
- [x] Webview integration
- [x] Deep links
- [ ] IDOR## Backend to-do
- [x] Add profile and change-password routes
- [ ] Create different secrets for admin and other users
- [ ] Add dynamic generation of secrets to verify JWT tokens
- [ ] Introduce bug in jwt verification
- [x] Find a way to store database and mount it while using docker
- [X] Dockerize environment## Core Team
[Damn Vulnerable Bank](https://rewanthtammana.com/damn-vulnerable-bank/) was created by
| | | |
|---|---|---|
| Rewanth Tammana (Rest API) | [Github](https://github.com/rewanthtammana/) | [LinkedIn](https://www.linkedin.com/in/rewanthtammana/) |
| Akshansh Jaiswal (Android App) | [Github](https://github.com/jaiswalakshansh) | [LinkedIn](https://www.linkedin.com/in/akshanshjaiswal/) |
| Hrushikesh Kakade (Android App) | [Github](https://github.com/HrushikeshK/) | [LinkedIn](https://www.linkedin.com/in/hrushikeshkakade/) |Read more, [here](https://rewanthtammana.com/damn-vulnerable-bank/authors.html).
## Contributors