vulnsrv is a web applications that allows students to exploit various common security vulnerabilites.
All vulnerabilities are only simulated; vulnsrv is intended to be 100% safe. However, vulnsrv may contain bugs and security vulnerabilities, like every other program. Note that vulnsrv reproduces user-supplied content, which can be rude/in violation of local laws restricting speech. By default, it accepts only connections from the local machine. Due to the simulated security vulnerabilities, vulnsrv must not be mapped in(proxied) in a regular domain, as doing so would expose the domain and super-domains to Cross-Site Scripting vulnerabilties.
vulnsrv was originally written to provide excercises for a German computer security lecture. vulnsrv is intended to be easier to use and simpler than Google Gruyere, and used in an educational context.
- Download vulnsrv.py.
- Execute it with
For running vulnsrv yourself: Python 2.5, 2.6, 2.7, or 3.2+ . For development or the service mode, 2.6+.
For the user, any web browser will do, although a modern web browser that includes developer tools is certainly a good idea.