-
Notifications
You must be signed in to change notification settings - Fork 242
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
nana
committed
Oct 27, 2023
0 parents
commit c52a763
Showing
211 changed files
with
15,058 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
{ | ||
"files": [ | ||
"README.md" | ||
], | ||
"imageSize": 100, | ||
"commit": false, | ||
"contributors": [ | ||
{ | ||
"login": "pwned-17", | ||
"name": "pwned-17", | ||
"avatar_url": "https://avatars.githubusercontent.com/u/61360833?v=4", | ||
"profile": "https://github.com/pwned-17", | ||
"contributions": [ | ||
"code" | ||
] | ||
}, | ||
{ | ||
"login": "prince-7", | ||
"name": "Aman Singh", | ||
"avatar_url": "https://avatars.githubusercontent.com/u/53997924?v=4", | ||
"profile": "https://github.com/prince-7", | ||
"contributions": [ | ||
"code" | ||
] | ||
}, | ||
{ | ||
"login": "adeyosemanputra", | ||
"name": "adeyosemanputra", | ||
"avatar_url": "https://avatars.githubusercontent.com/u/24958168?v=4", | ||
"profile": "https://github.com/adeyosemanputra", | ||
"contributions": [ | ||
"code", | ||
"doc" | ||
] | ||
}, | ||
{ | ||
"login": "gaurav618618", | ||
"name": "gaurav618618", | ||
"avatar_url": "https://avatars.githubusercontent.com/u/29380890?v=4", | ||
"profile": "https://github.com/gaurav618618", | ||
"contributions": [ | ||
"code", | ||
"doc" | ||
] | ||
}, | ||
{ | ||
"login": "kUSHAL0601", | ||
"name": "MajAK", | ||
"avatar_url": "https://avatars.githubusercontent.com/u/29600964?v=4", | ||
"profile": "https://github.com/kUSHAL0601", | ||
"contributions": [ | ||
"code" | ||
] | ||
}, | ||
{ | ||
"login": "JustinDPerkins", | ||
"name": "JustinPerkins", | ||
"avatar_url": "https://avatars.githubusercontent.com/u/60413733?v=4", | ||
"profile": "https://github.com/JustinDPerkins", | ||
"contributions": [ | ||
"code" | ||
] | ||
}, | ||
{ | ||
"login": "Hkakashi", | ||
"name": "Liu Peng", | ||
"avatar_url": "https://avatars.githubusercontent.com/u/43193113?v=4", | ||
"profile": "https://github.com/Hkakashi", | ||
"contributions": [ | ||
"code" | ||
] | ||
}, | ||
{ | ||
"login": "RupakBiswas-2304", | ||
"name": "Metaphor", | ||
"avatar_url": "https://avatars.githubusercontent.com/u/75058161?v=4", | ||
"profile": "https://github.com/RupakBiswas-2304", | ||
"contributions": [ | ||
"code" | ||
] | ||
}, | ||
{ | ||
"login": "whokilleddb", | ||
"name": "whokilleddb", | ||
"avatar_url": "https://avatars.githubusercontent.com/u/56482137?v=4", | ||
"profile": "https://whokilleddb.github.io", | ||
"contributions": [ | ||
"code" | ||
] | ||
} | ||
], | ||
"contributorsPerLine": 7, | ||
"projectName": "pygoat", | ||
"projectOwner": "adeyosemanputra", | ||
"repoType": "github", | ||
"repoHost": "https://github.com", | ||
"skipCi": true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
.env/ | ||
*.pyc | ||
env | ||
pygoat/db.sqlite3 | ||
venv | ||
*.sqlite3 | ||
*db.sqlite3* | ||
app.log | ||
bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
"python.formatting.provider": "yapf" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
FROM python:3.11.0b1-buster | ||
|
||
# set work directory | ||
WORKDIR /app | ||
|
||
|
||
# dependencies for psycopg2 | ||
RUN apt-get update && apt-get install --no-install-recommends -y dnsutils=1:9.11.5.P4+dfsg-5.1+deb10u9 libpq-dev=11.16-0+deb10u1 python3-dev=3.7.3-1 \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
|
||
# Set environment variables | ||
ENV PYTHONDONTWRITEBYTECODE 1 | ||
ENV PYTHONUNBUFFERED 1 | ||
|
||
|
||
# Install dependencies | ||
RUN python -m pip install --no-cache-dir pip==22.0.4 | ||
COPY requirements.txt requirements.txt | ||
RUN pip install --no-cache-dir -r requirements.txt | ||
|
||
|
||
# copy project | ||
COPY . /app/ | ||
|
||
|
||
# install pygoat | ||
EXPOSE 8000 | ||
|
||
|
||
RUN python3 /app/manage.py migrate | ||
WORKDIR /app/pygoat/ | ||
CMD ["gunicorn", "--bind", "0.0.0.0:8000", "--workers","6", "pygoat.wsgi"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
web: gunicorn pygoat.wsgi --log-file - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
from chatterbot import ChatBot | ||
from chatterbot.trainers import ListTrainer | ||
from chatterbot.logic import BestMatch | ||
|
||
# Dataset generated by ChatGPT | ||
training_data = [ | ||
'What is OWASP PyGoat?', | ||
'OWASP PyGoat is an intentionally vulnerable web application used for learning web security testing.', | ||
'Why should I learn web security testing?', | ||
'Learning web security testing can help you understand how to identify and prevent web application attacks.', | ||
'What types of vulnerabilities can PyGoat help me learn about?', | ||
'PyGoat can help you learn about various types of web application vulnerabilities, including injection attacks, cross-site scripting (XSS), and broken authentication and session management.', | ||
'How can I use PyGoat to learn web security testing?', | ||
'PyGoat includes a series of lessons and challenges designed to teach you about web security testing techniques and common vulnerabilities.', | ||
'Is PyGoat suitable for beginners?', | ||
'Yes, PyGoat is designed to be accessible to beginners and experienced professionals alike.', | ||
'Where can I download PyGoat?', | ||
'You can download PyGoat from the official GitHub repository at https://github.com/OWASP/PyGoat', | ||
'Are there any resources available to help me get started with PyGoat?', | ||
'Yes, the PyGoat documentation includes a Getting Started guide and a list of additional resources to help you learn about web security testing.', | ||
'Can I contribute to PyGoat?', | ||
'Yes, PyGoat is an open-source project and welcomes contributions from anyone interested in improving the application.', | ||
] | ||
|
||
chatbot = ChatBot( | ||
"PyGoatBot", | ||
storage_adapter="chatterbot.storage.SQLStorageAdapter", | ||
database_uri="sqlite:///database.sqlite3", | ||
logic_adapters=[ | ||
{ | ||
"import_path": "chatterbot.logic.BestMatch", | ||
"default_response": "I'm sorry, I'm not sure", | ||
"maximum_similarity_threshold": 0.80, | ||
} | ||
], | ||
) | ||
|
||
trainer = ListTrainer(chatbot) | ||
trainer.train(training_data) | ||
|
||
print("Welcome to PyGoatBot! Type 'q' or 'exit' to quit.") | ||
while True: | ||
try: | ||
user_input = input("You: ") | ||
if user_input.lower() == "exit" or user_input.lower() == "q": | ||
break | ||
|
||
print("Available questions:") | ||
for i, question in enumerate(training_data[::2], start=1): | ||
print(f"{i}. {question}") | ||
|
||
while True: | ||
try: | ||
question_index = int(input("Enter a number to select a question: ")) | ||
break | ||
except ValueError: | ||
print("Please enter a valid number.") | ||
|
||
question = training_data[(question_index - 1) * 2] | ||
response = chatbot.get_response(question) | ||
print(f"PyGoatBot: {response}") | ||
|
||
except (KeyboardInterrupt, EOFError): | ||
break |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,128 @@ | ||
# PyGoat | ||
<!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section --> | ||
[![All Contributors](https://img.shields.io/badge/all_contributors-9-orange.svg?style=flat-square)](#contributors-) | ||
<!-- ALL-CONTRIBUTORS-BADGE:END --> | ||
|
||
intentionally vuln web Application Security in django. | ||
our roadmap build intentionally vuln web Application in django. The Vulnerability can based on OWASP top ten | ||
<br> | ||
|
||
Table of Contents | ||
================= | ||
|
||
* [pygoat](#pygoat) | ||
* [Installation](#installation) | ||
* [From Sources](#from-sources) | ||
* [Docker Container](#docker-container) | ||
* [Installation Video](#installation-video) | ||
* [Uninstallation](#uninstallation) | ||
* [Solutions](/Solutions/solution.md) | ||
* [For Developers](/docs/dev_guide.md) | ||
|
||
## Installation | ||
|
||
### From Sources | ||
|
||
To setup the project on your local machine: | ||
<br> | ||
|
||
First, Clone the repository using GitHub website or git in Terminal | ||
``` | ||
git clone https://github.com/adeyosemanputra/pygoat.git | ||
### To Download a specific branch | ||
git clone -b <branch_name> https://github.com/adeyosemanputra/pygoat.git | ||
``` | ||
|
||
#### Method 1 | ||
|
||
1. Install all app and python requirements using installer file - `bash installer.sh` | ||
2. Apply the migrations `python3 manage.py migrate`.<br> | ||
3. Finally, run the development server `python3 manage.py runserver`.<br> | ||
4. The project will be available at <http://127.0.0.1:8000> | ||
|
||
#### Method 2 | ||
|
||
1. Install python3 requirements `pip install -r requirements.txt`.<br> | ||
2. Apply the migrations `python3 manage.py migrate`.<br> | ||
3. Finally, run the development server `python3 manage.py runserver`.<br> | ||
4. The project will be available at <http://127.0.0.1:8000> | ||
|
||
#### Method 3 | ||
|
||
1. Install all app and python requirements using `setup.py` file - `pip3 install .` | ||
2. Apply the migrations `python3 manage.py migrate`.<br> | ||
3. Finally, run the development server `python3 manage.py runserver`.<br> | ||
4. The project will be available at <http://127.0.0.1:8000> | ||
|
||
### Docker Container | ||
1. Install [Docker](https://www.docker.com) | ||
2. Run `docker pull pygoat/pygoat` or `docker pull pygoat/pygoat:latest` | ||
3. Run `docker run --rm -p 8000:8000 pygoat/pygoat:latest` | ||
4. Browse to <http://127.0.0.1:8000> | ||
5. Remove existing image using `docker image rm pygoat/pygoat` and pull again incase of any error | ||
|
||
### From Docker-Compose | ||
1. Install [Docker](https://www.docker.com) | ||
2. Run `docker-compose up` or `docker-compose up -d` | ||
|
||
### Build Docker Image and Run | ||
1. Clone the repository   `git clone https://github.com/adeyosemanputra/pygoat.git` | ||
2. Build the docker image from Dockerfile using   `docker build -f Dockerfile -t pygoat .` | ||
3. Run the docker image  `docker run --rm -p 8000:8000 pygoat:latest` | ||
4. Browse to <http://127.0.0.1:8000> or <http://0.0.0.0:8000> | ||
|
||
### Installation video | ||
|
||
1. From Source using `installer.sh` | ||
- [Installing PyGoat from Source](https://www.youtube.com/watch?v=7bYBJXG3FRQ) | ||
2. Without using `installer.sh` | ||
- [![](http://img.youtube.com/vi/rfzQiMeiwso/0.jpg)](http://www.youtube.com/watch?v=rfzQiMeiwso "Installation Pygoat") | ||
|
||
## Uninstallation | ||
|
||
### On Debian/Ubuntu Based Systems | ||
- On Debian/Ubuntu based systems, you can use the `uninstaller.sh` script to uninstall `pygoat` along with all it's dependencies. | ||
- To uninstall `pygoat`, simply run: | ||
```bash | ||
$ bash ./uninstaller.sh | ||
``` | ||
|
||
### On Other Systems | ||
- On other systems, you can use the `uninstaller.py` script to uninstall `pygoat` along with all it's dependencies | ||
- To uninstall `pygoat`, simply run: | ||
```bash | ||
$ python3 uninstaller.py | ||
``` | ||
|
||
## Solutions | ||
<a href="/Solutions/solution.md">Solutions to all challenges</a> | ||
|
||
## Contributors ✨ | ||
|
||
Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)): | ||
|
||
<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section --> | ||
<!-- prettier-ignore-start --> | ||
<!-- markdownlint-disable --> | ||
<table> | ||
<tr> | ||
<td align="center"><a href="https://github.com/pwned-17"><img src="https://avatars.githubusercontent.com/u/61360833?v=4?s=100" width="100px;" alt=""/><br /><sub><b>pwned-17</b></sub></a><br /><a href="https://github.com/adeyosemanputra/pygoat/commits?author=pwned-17" title="Code">💻</a></td> | ||
<td align="center"><a href="https://github.com/prince-7"><img src="https://avatars.githubusercontent.com/u/53997924?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Aman Singh</b></sub></a><br /><a href="https://github.com/adeyosemanputra/pygoat/commits?author=prince-7" title="Code">💻</a></td> | ||
<td align="center"><a href="https://github.com/adeyosemanputra"><img src="https://avatars.githubusercontent.com/u/24958168?v=4?s=100" width="100px;" alt=""/><br /><sub><b>adeyosemanputra</b></sub></a><br /><a href="https://github.com/adeyosemanputra/pygoat/commits?author=adeyosemanputra" title="Code">💻</a> <a href="https://github.com/adeyosemanputra/pygoat/commits?author=adeyosemanputra" title="Documentation">📖</a></td> | ||
<td align="center"><a href="https://github.com/gaurav618618"><img src="https://avatars.githubusercontent.com/u/29380890?v=4?s=100" width="100px;" alt=""/><br /><sub><b>gaurav618618</b></sub></a><br /><a href="https://github.com/adeyosemanputra/pygoat/commits?author=gaurav618618" title="Code">💻</a> <a href="https://github.com/adeyosemanputra/pygoat/commits?author=gaurav618618" title="Documentation">📖</a></td> | ||
<td align="center"><a href="https://github.com/kUSHAL0601"><img src="https://avatars.githubusercontent.com/u/29600964?v=4?s=100" width="100px;" alt=""/><br /><sub><b>MajAK</b></sub></a><br /><a href="https://github.com/adeyosemanputra/pygoat/commits?author=kUSHAL0601" title="Code">💻</a></td> | ||
<td align="center"><a href="https://github.com/JustinDPerkins"><img src="https://avatars.githubusercontent.com/u/60413733?v=4?s=100" width="100px;" alt=""/><br /><sub><b>JustinPerkins</b></sub></a><br /><a href="https://github.com/adeyosemanputra/pygoat/commits?author=JustinDPerkins" title="Code">💻</a></td> | ||
<td align="center"><a href="https://github.com/Hkakashi"><img src="https://avatars.githubusercontent.com/u/43193113?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Liu Peng</b></sub></a><br /><a href="https://github.com/adeyosemanputra/pygoat/commits?author=Hkakashi" title="Code">💻</a></td> | ||
</tr> | ||
<tr> | ||
<td align="center"><a href="https://github.com/RupakBiswas-2304"><img src="https://avatars.githubusercontent.com/u/75058161?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Metaphor</b></sub></a><br /><a href="https://github.com/adeyosemanputra/pygoat/commits?author=RupakBiswas-2304" title="Code">💻</a></td> | ||
<td align="center"><a href="https://whokilleddb.github.io"><img src="https://avatars.githubusercontent.com/u/56482137?v=4?s=100" width="100px;" alt=""/><br /><sub><b>whokilleddb</b></sub></a><br /><a href="https://github.com/adeyosemanputra/pygoat/commits?author=whokilleddb" title="Code">💻</a></td> | ||
</tr> | ||
</table> | ||
|
||
<!-- markdownlint-restore --> | ||
<!-- prettier-ignore-end --> | ||
|
||
<!-- ALL-CONTRIBUTORS-LIST:END --> | ||
|
||
This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome! |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.