stamparm / dsvw Goto Github PK
View Code? Open in Web Editor NEWDamn Small Vulnerable Web
License: The Unlicense
Damn Small Vulnerable Web
License: The Unlicense
Hello, can you put the container of this project to Docker Hub so the users can retrieve it directly by docker run
command?
Although DSVW is indeed small, calling it 100 lines of code might be a stretch, as it uses extremely long lines to achieve this.
The long lines are hard to understand and review.
This is a security problem; attacks mentioned in https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack relied on long lines to evade review.
autopep8 helps a little, but really, the code should be run through Black, which turns it into 500 lines of much more readable python.
can you add it where this can be for a regular website... kinda like
python3 dsvw.py url=Mysite.com -i(info)
i wanna test my own site
Python says:
# python ./dsvw.py
Damn Small Vulnerable Web (DSVW) < 100 LoC (Lines of Code) #v0.1m
by: Miroslav Stampar (@stamparm)
[i] running HTTP server at '127.0.0.1:65412'...
Traceback (most recent call last):
File "./dsvw.py", line 90, in <module>
ThreadingServer((LISTEN_ADDRESS, LISTEN_PORT), ReqHandler).serve_forever()
File "/usr/lib/python2.7/SocketServer.py", line 417, in __init__
self.server_bind()
File "/usr/lib/python2.7/BaseHTTPServer.py", line 108, in server_bind
SocketServer.TCPServer.server_bind(self)
File "/usr/lib/python2.7/SocketServer.py", line 431, in server_bind
self.socket.bind(self.server_address)
File "/usr/lib/python2.7/socket.py", line 228, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 98] Address already in use
lsb_release -a says:
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial
docker build . -t dsvw
Sending build context to Docker daemon 143.9kB
Step 1/7 : FROM alpine:latest
---> 7731472c3f2a
Step 2/7 : RUN apk --no-cache add git python3 py-lxml && rm -rf /var/cache/apk/*
---> Running in 14707f0cfe48
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
py-lxml (no such package):
required by: world[py-lxml]
The command '/bin/sh -c apk --no-cache add git python3 py-lxml && rm -rf /var/cache/apk/*' returned a non-zero code: 1
Anything newer than alpine:3.12.3 seems to be missing the package
Hello Miroslav,
I would like to use this sample application for educational purposes, but lack of a LICENSE file makes the project Copyrighted by default, even if that's not your purpose.
I see you've licensed other projects in your profile under the MIT license.
If you're interested in other people learning from this test-bed application, can you please add a LICENSE file with a license of your choice?
Thanks a lot
CM
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.