Created: 2011-07-11 07:21
Updated: 2019-01-27 18:22
License: other

vulnsrv is a web applications that allows students to exploit various common security vulnerabilites.

All vulnerabilities are only simulated; vulnsrv is intended to be 100% safe. However, vulnsrv may contain bugs and security vulnerabilities, like every other program. Note that vulnsrv reproduces user-supplied content, which can be rude/in violation of local laws restricting speech. By default, it accepts only connections from the local machine. Due to the simulated security vulnerabilities, vulnsrv must not be mapped in(proxied) in a regular domain, as doing so would expose the domain and super-domains to Cross-Site Scripting vulnerabilties.

vulnsrv was originally written to provide excercises for a German computer security lecture. vulnsrv is intended to be easier to use and simpler than Google Gruyere, and used in an educational context.

Running vulnsrv

You can either run it yourself or use the web service at (TODO: Not yet deployed, see issue #11).

  1. Download
  2. Execute it with python

System Requirements

For running vulnsrv yourself: Python 2.5, 2.6, 2.7, or 3.2+ . For development or the service mode, 2.6+.

For the user, any web browser will do, although a modern web browser that includes developer tools is certainly a good idea.

Developing vulnsrv

Development goals in the near future are translation and a service mode for deployment on If you can translate vulnsrv (about 30 lines of text), feel free to contact Philipp Hagemeister.

Cookies help us deliver our services. By using our services, you agree to our use of cookies Learn more