Giter Site home page Giter Site logo

node-woof's Introduction

17/12/21 This repository is now archived as it is no longer in use.

node-woof

An intentionally vulnerable application, to test Snyk's Runtime Monitoring offering.

The docs there explain what the tool achieves. You might want to read them before continuing, to get a feel for what this demo is going to show. Once you've run the demo, you definitely will want to read them to learn how to integrate the agent into your application!

The runtime monitoring tool is open source. The documentation on how to get started with contributing to the agent is hosted on that project.

How?

Everything should drive from npm.

You just need node (8 or above) and npm, installed and working.

First, check you can build:

$ npm ci
npm WARN prepare removing existing node_modules/ before installation
added 132 packages in 1.084s

$ npm run startWithAgent

You must specify a valid project ID.

Please run `snyk monitor`, collect the id from the results' settings page,
then re-run `start` using that ID.

For example (you *must* change the id!):

  npm run startWithAgent 4567901-2345-6789-0123-45678912345

...

Then, run snyk cli:

$ snyk monitor

Monitoring node-woof...

Explore this snapshot at https://app.snyk.io/org/yall/project/4567901-2345-6789-0123-45679012345

Now, you can start the app with the agent:

$ npm run startWithAgent 4567901-2345-6789-0123-45678912345
...

Agent loaded successfully, your application is monitored.


,------------------------------------------------------------,
|                                                            |
|      The demo application has started successfully.        |
|                                                            |
|   You can visit the application, and trigger an exploit,   |
|                 by visiting this url:                      |
|                                                            |
|            http://localhost:3000/hello.txt                 |
|                                                            |
|        You can stop the application with ctrl+c.           |
|                                                            |
`------------------------------------------------------------'


...

This will require('@snyk/nodejs-runtime-agent') with your projectId, and then start the application.

Exploit!

You can visit the application. Simply visiting the application URL is sufficient evidence of an exploit!

If your application is protected, then you should shortly see the warning on your Snyk dashboard.

node-woof's People

Contributors

fauxfaux avatar kat1906 avatar no-amoshe avatar shaimendel avatar shesekino avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

dansnyk shawnsnyk eitangayor shaimendel joris-snyk pstember mtyates dsash elijahraji12 jbfong85 bmaddali snykscott cliveanderson-snyk checkoss abbaskaz88 snyk-omar danielberman79 mariasnyk jeffsnyk ori-snyk snykerry noa-moshe akanchhas chisom-m timsnyk akonarsnyker dagnyjay luisjotapepe stjordanis isabella232

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.