Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/thelicato/portswigger-labs

A collection of solutions for every PortSwigger Academy Lab (in progress)
https://github.com/thelicato/portswigger-labs

academy burp labs portswigger security

Last synced: 17 days ago
JSON representation

A collection of solutions for every PortSwigger Academy Lab (in progress)

Host: GitHub
URL: https://github.com/thelicato/portswigger-labs
Owner: thelicato
Created: 2022-01-25T16:56:32.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2022-02-22T17:08:43.000Z (almost 3 years ago)
Last Synced: 2024-12-15T17:12:12.156Z (18 days ago)
Topics: academy, burp, labs, portswigger, security
Language: HTML
Homepage:
Size: 411 KB
Stars: 90
Watchers: 5
Forks: 40
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # 🧪 PortSwigger Labs

This repo contains the solutions for the PortSwigger Labs available in the **Academy** section of their website: https://portswigger.net/web-security/all-labs

## Why

This repo has been created to keep in a single place all the solutions of the labs. It should be helpful when preparing for the *Burp Suite Certified Practitioner* (https://portswigger.net/web-security/certification).

## Tools

The tools needed (other than Burp Pro) to complete the labs.

- **SQL Injection**: ``sqlmap``;

- **XSS**: ``dalfox``, ``xsstrike``;

- **Clickjacking**: None;

- **DOM-based**: None;

- **CORS**: None;

- **XXE**: None;

- **SSRF**: None;

- **OS Command Injection**: None;

- **Server-Side Template Injection**: None;

- **Directory Traversal**: None;

- **Access Control**: None;

- **Authentication**: None;

- **WebSockets**: None;

- **Web Cache Poisoning**: None;

- **Information Disclosure**: None;

- **OAuth authentication**: None;

- **File Upload Vulnerabilities**: ``ExifTool``;

## Roadmap

This primary goal is to add the **Apprentice** and **Practitioner** level labs (since are the ones suggested to complete before taking the exam):

- [x] SQL Injection Labs

- [x] XSS Labs

- [x] CSRF Labs

- [x] Clickjacking Labs

- [x] DOM-based vulnerabilities Labs

- [x] CORS Labs

- [x] XXE Injection Labs

- [x] SSRF Labs

- [ ] HTTP Request Smuggling Labs

- [x] OS Command Injection Labs

- [x] Server-Side Template Injection Labs

- [x] Directory Traversal Labs

- [x] Access Control Vulnerabilities Labs

- [x] Authentication Labs

- [x] WebSockets Labs

- [x] Web Cache Poisoning Labs

- [ ] Insecure Deserialization Labs

- [x] Information Disclosure Labs

- [ ] Business Logic Vulnerabilities Labs

- [ ] HTTP Host Header Attacks Labs

- [x] OAuth Authentication Labs

- [x] File Upload Vulnerabilities Labs