In this repository you will find solutions in terms of python code of the various challanged made available by the famous DVWA.
To start the application, you can either use the vulnerables/web-dvwa image, which is pre-built but lacks some configuration for two modules (File Inclusion, and Insecure CAPTCHA)
docker run --name dvwa --rm -d -it -p80:80 vulnerables/web-dvwaOr you can build an extension of the docker image I have developed on
top of the previous one. To build the extension just put your
re-CAPTCHA keys within a .env file in the main folder of the
project. The file should look as follows
CAPTCHA_PUBLIC=<YOUR_KEY>
CAPTCHA_PRIVATE=<YOUR_KEY>
then perform the build and activate the docker
docker build -t dvwa .
docker run --name dvwa --rm -d -it -p80:80 dvwa
Finally, to correctly executes the script, first create a python virtual environment
python3 -m venv venv
. venv/bin/activate
pip3 install -r requirements.txtand then modify the PYTHONPATH variable, otherwise the imports will
not work properly. This has to be executed within the main folder of
the repository
export PYTHONPATH=./srcYou can then execute the main script as follows
python3 src/main.pyCurrently the following challenges have been completed
- SQL Injection
- SQL Injection Blind
- Brute Force
- Command Injection
- Client Side Request Forgery (CSRF)
- File Inclusion
- File Upload
- Insecure CAPTCHA
- Weak Session IDs
- XSS (DOM)
- XSS (Reflected)
- XSS (Stored)
- CSP Bypass
- Javascript