0c34 / govwa Goto Github PK

Go 47.81% HTML 42.68% CSS 7.78% JavaScript 0.67% Dockerfile 1.06%

govwa's Introduction

GoVWA

GoVWA (Go Vulnerable Web Application) is a vulnerable web application designed for pentester or programmers to learn the web application vulnerability that often occur in web applications. The vulnerabilities in GoVWA are OWASP Top 10 category.

WARNING!

GoVWA is a vulnerable web application, Run it only on local environment

Installation

Installing golang

Golang versiong : >= 1.11 Installing guide : https://www.digitalocean.com/community/tutorials/how-to-install-go-1-6-on-ubuntu-16-04

Setup

git clone https://github.com/0c34/govwa.git

git pull (to update)

Install dependency packages

go mod download

GoVWA config

Modified the config.json file for database configuration

config.json file is located in config directory.

{
    "user": "root",
    "password": "root",
    "dbname": "govwa",
    "sqlhost": "localhost",
    "sqlport": "3306",
    "webserver": "http://localhost",
    "webport": "8888",

    "sessionkey:": "G0Vw444"
}

Run GoVWA

go run app.go


     ÛÛÛÛÛÛÛÛÛ           ÛÛÛÛÛ   ÛÛÛÛÛ ÛÛÛÛÛ   ÛÛÛ   ÛÛÛÛÛ   ÛÛÛÛÛÛÛÛÛ  
    ÛÛÛ°°°°°ÛÛÛ         °°ÛÛÛ   °°ÛÛÛ °°ÛÛÛ   °ÛÛÛ  °°ÛÛÛ   ÛÛÛ°°°°°ÛÛÛ 
   ÛÛÛ     °°°   ÛÛÛÛÛÛ  °ÛÛÛ    °ÛÛÛ  °ÛÛÛ   °ÛÛÛ   °ÛÛÛ  °ÛÛÛ    °ÛÛÛ 
  °ÛÛÛ          ÛÛÛ°°ÛÛÛ °ÛÛÛ    °ÛÛÛ  °ÛÛÛ   °ÛÛÛ   °ÛÛÛ  °ÛÛÛÛÛÛÛÛÛÛÛ 
  °ÛÛÛ    ÛÛÛÛÛ°ÛÛÛ °ÛÛÛ °°ÛÛÛ   ÛÛÛ   °°ÛÛÛ  ÛÛÛÛÛ  ÛÛÛ   °ÛÛÛ°°°°°ÛÛÛ 
  °°ÛÛÛ  °°ÛÛÛ °ÛÛÛ °ÛÛÛ  °°°ÛÛÛÛÛ°     °°°ÛÛÛÛÛ°ÛÛÛÛÛ°    °ÛÛÛ    °ÛÛÛ 
   °°ÛÛÛÛÛÛÛÛÛ °°ÛÛÛÛÛÛ     °°ÛÛÛ         °°ÛÛÛ °°ÛÛÛ      ÛÛÛÛÛ   ÛÛÛÛÛ
     °°°°°°°°°   °°°°°°       °°°           °°°   °°°      °°°°°   °°°°° 

=======
Server running at port :8082
Open this URL http://192.168.56.101:8082/ on your browser to access GoVWA

Open the URL to access GoVWA and follow the setup instruction to create database and tables

Setup from docker

git clone https://github.com/0c34/govwa.git

inside govwa directory:
docker-compose up --build

stop running process using
docker-compose down --remove-orphans --volumes

GoVWA users:

uname	password
admin	govwaadmin
user1	govwauser1

Explore the vulnerability.

Contributor

Khaedir (golang programming)
Xaquille (web design)

To Do

add more vulnerabilities
~~XXE Vulnerability~~
NoSQLInjection
JSON Web API (unprotected API)
Build Simple Android APP

govwa's People

Contributors

Stargazers

Watchers

Forkers

hadrianbs muhfaris johanwahyudi 0x43f michalkoczwara nabice jozseffarago reptilehaus user1test1 dcepler paroksh eurogig cxsean snps9225 rajkrishnamurthy codecheckdemo launchdarkly dahkath relaxnow elielsardanons daghan nickbabkin b7acksec amr-reda moshelior isp1r0 vafa-andalibi 5l1v3r1 samshuai faten-org fatenhealy demokondukto mfahrurr jonjanego konduktouser purnaresa octodemo tmfrook sbu-test blackpandacg iketutg gopal1cloud vulnerable-apps hareeshvp conanjun silentsoul04 nick-p-o modomodo rainbowsandneons bhuvi11 nameless-meteor-run endpointlabs outdoorguy007 tonycch coral-demo kilaruoleh-def mahdi-gh-org nova-8 wellenc-lex papicella leftrightleft nathan-snyk micomico07 leftleftleft mikemoonsa1 adamsnyk nevincoco1 chai-hulud jeremiahgrady s-santillan nugentec-devops jiajunngjj diegosempreboni kevin-circulo tharinduscybers jillsriram syh4ck csantanasnyk kdyck-cb ninaychung virangdoshi andrewsouthard1 snyk-schmidtty n-vulnerables vitor-mauricio tharindukodez devsecops-test arcybers netsec2minutes fervas75 evandropdeo dylanbthomas avjoaolucas alexeisnyk mm73628486283 shannon-snyk cmboling cloudswar aminbohiotest almirjuniordev

govwa's Issues

Change message error database

i get error when MySQL service not running
runtime error: invalid memory address or nil pointer dereference

i think change it with another message is better:
eg. "Can't connect database!" or "Please, start up MySQL service"

Please add list of vulnerabilities exposed

would it be possible to update the readme with list of vulnerabilities that can be tested on the app?

Add gitignore file

Description GoVWA should be update

Description GoVWA still uses the old description in welcome text.
So it will help programmers recognize vulnerabilities before they happen to our app

govwa.Users doesn't exist

The setup page doesn't work. When I try to click the button for create/reset to have the app create and seed the database tables, it does nothing.

Unclear XXE meaning in README

I'm not sure what '~~XXE Vulnerability~~' means in the 'To Do' section of README.
Does this mean that you implemented an XXE Vulnerability, or that govwa won't support an XXE Vulnerability?

Thanks for your help, I'm trying to implement an XXE Vulnerability in Go myself :)

cannot find package

hello, i tried govwa in golang version 1.9.1. and workspace set manually in /opt/devtool/go/workspace/go1.9/

while running govwa with commad go run app.go
i was got error like this :

#➤ [govwa] git:(master) ✗ go run app.go /opt/devtool/go/workspace/go1.9/src/github.com/0c34/govwa/setting/setting.go:11:2: cannot find package "govwa/user/session" in any of: /opt/devtool/go/go1.9.1/src/govwa/user/session (from $GOROOT) /opt/devtool/go/workspace/go1.9/src/govwa/user/session (from $GOPATH) /opt/devtool/go/workspace/go1.9/src/github.com/0c34/govwa/setting/setting.go:10:2: cannot find package "govwa/util" in any of: /opt/devtool/go/go1.9.1/src/govwa/util (from $GOROOT) /opt/devtool/go/workspace/go1.9/src/govwa/util (from $GOPATH) /opt/devtool/go/workspace/go1.9/src/github.com/0c34/govwa/setup/setup.go:9:2: cannot find package "govwa/util/config" in any of: /opt/devtool/go/go1.9.1/src/govwa/util/config (from $GOROOT) /opt/devtool/go/workspace/go1.9/src/govwa/util/config (from $GOPATH) /opt/devtool/go/workspace/go1.9/src/github.com/0c34/govwa/setting/setting.go:12:2: cannot find package "govwa/util/database" in any of: /opt/devtool/go/go1.9.1/src/govwa/util/database (from $GOROOT) /opt/devtool/go/workspace/go1.9/src/govwa/util/database (from $GOPATH) /opt/devtool/go/workspace/go1.9/src/github.com/0c34/govwa/setting/setting.go:13:2: cannot find package "govwa/util/middleware" in any of: /opt/devtool/go/go1.9.1/src/govwa/util/middleware (from $GOROOT) /opt/devtool/go/workspace/go1.9/src/govwa/util/middleware (from $GOPATH) /opt/devtool/go/workspace/go1.9/src/github.com/0c34/govwa/vulnerability/xss/xss.go:15:2: cannot find package "govwa/vulnerability/sqli" in any of: /opt/devtool/go/go1.9.1/src/govwa/vulnerability/sqli (from $GOROOT) /opt/devtool/go/workspace/go1.9/src/govwa/vulnerability/sqli (from $GOPATH)

then check every error and found that problem. naming the package name is wrong.
then i change all package name from govwa/util to github.com/0c34/govwa/util and working.

why you not using name of packet like this "github.com/0c34/util".

modify config file for session key error

remove the extra ':' in sessionkey

Add Warning in Readme

i think adding a notice warning in readme file is better, so anyone will know the risks before to install it.