vulnsrv is a web applications that allows students to exploit various common security vulnerabilites.
All vulnerabilities are only simulated; vulnsrv is intended to be 100% safe. However, vulnsrv may contain bugs and security vulnerabilities, like every other program. Note that vulnsrv reproduces user-supplied content, which can be rude/in violation of local laws restricting speech. By default, it accepts only connections from the local machine. Due to the simulated security vulnerabilities, vulnsrv must not be mapped in(proxied) in a regular domain, as doing so would expose the domain and super-domains to Cross-Site Scripting vulnerabilties.
vulnsrv was originally written to provide excercises for a German computer security lecture. vulnsrv is intended to be easier to use and simpler than Google Gruyere, and used in an educational context.
You can either run it yourself or use the web service at vulnsrv.net (TODO: Not yet deployed, see issue #11).
- Download vulnsrv.py.
- Execute it with
For running vulnsrv yourself: Python 2.5, 2.6, 2.7, or 3.2+ . For development or the service mode, 2.6+.
For the user, any web browser will do, although a modern web browser that includes developer tools is certainly a good idea.
Development goals in the near future are translation and a service mode for deployment on vulnsrv.net. If you can translate vulnsrv (about 30 lines of text), feel free to contact Philipp Hagemeister.