ivna

Intentionally Vulnerable Nodejs Application & APIs

Vulnerable Task Manager Application & APIs build using Nodejs,mongoose.

Background

While learning Nodejs I build this task-manager which I then converted to vulnerable CTF like application.

ivna is a real world like application which has known vulnerabilities in the web and APIs which are not distinguised like other vulnerable application, The idea here is to teach how to attack and find out flaws in real-world applications.

Made with in India

The application contains following vulnerabilities

• XSS
• Command Injection
• URL Redirection
• API Legacy Version Deprecation
• BOLA (IDOR)
• Common JWT Secret
• Excessive Data exposure
• Broken User Authentication
• Exposed Database
• Mass Assignment
• ReDos
• NoSQL Injection

ToDo

• OpenAPI support
• Documentation on vulnerabilities
• Postman collection on APIs
• More vulnerabilities.

Install

git clone https://github.com/VitthalS/ivna.git
cd ivna
docker-compose build && docker-compose up

Run

Open URL in browser http://localhost:8000

Contributing

1. Fork it!
2. Create your feature branch: git checkout -b my-new-feature
3. Commit your changes: git commit -am 'Add some feature'
4. Push to the branch: git push origin my-new-feature
5. Submit a pull request.

Dont Like UI

1. Fork it!
2. Commit your changes
3. Submit a pull request, I am happy to merge.

Support

1. 
2. Appreciate on LinkedIn
3. Share on Twitter
4. Share with your friends who are starting out in cybersecurity and want to learn Web & API testing.

Presented at

1. APIsecure