Skip to content

kaakaww/vuln_django_play

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

193 Commits
.circleci
.circleci
 
 
polls
polls
 
 
scripts
scripts
 
 
static
static
 
 
templates/admin
templates/admin
 
 
vuln_django
vuln_django
 
 
.DS_Store
.DS_Store
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.travis.yml
.travis.yml
 
 
BASE.gitlab-ci.yml
BASE.gitlab-ci.yml
 
 
CLAUDE.md
CLAUDE.md
 
 
Dockerfile
Dockerfile
 
 
HAWKSCAN_LOCAL.gitlab-ci.yml
HAWKSCAN_LOCAL.gitlab-ci.yml
 
 
HAWKSCAN_REMOTE.gitlab-ci.yml
HAWKSCAN_REMOTE.gitlab-ci.yml
 
 
LOCAL.gitlab-ci.yml
LOCAL.gitlab-ci.yml
 
 
Procfile
Procfile
 
 
README.md
README.md
 
 
REMOTE.gitlab-ci.yml
REMOTE.gitlab-ci.yml
 
 
docker-compose.yml
docker-compose.yml
 
 
docker-micro-scan.yml
docker-micro-scan.yml
 
 
docker-micro.yml
docker-micro.yml
 
 
manage.py
manage.py
 
 
nginx.conf.micro
nginx.conf.micro
 
 
nginx.default
nginx.default
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 
stackhawk-circleci.yml
stackhawk-circleci.yml
 
 
stackhawk-gitlab-heroku.yml
stackhawk-gitlab-heroku.yml
 
 
stackhawk-gitlab.yml
stackhawk-gitlab.yml
 
 
stackhawk-travis.yml
stackhawk-travis.yml
 
 
stackhawk.yml
stackhawk.yml
 
 
start-server.sh
start-server.sh
 
 

Repository files navigation

Vulnerable Polls

Polls is a simple Django app to conduct Web-based polls. For each question, visitors can choose between a fixed number of answers.

Based on the Django Polls tutorial, contains a few XSS/SQLi issues and turns off the built in protections to prevent that.

Build and run

Prerequisites

If you are building on a Mac, you will need to have MySQL and PostgreSQL installed to satisfy dependencies for the MySQL and Postgres client modules listed in requirements.txt.

brew install postgresql
brew install mysql

Using docker-compose

All-in-One vuln_django

The default Docker Compose configuration builds an all-in-one container, including vuln_django, an Nginx front-end, and SQLite.

Build and run in foreground:

docker-compose up --build

Run as a daemon:

docker-compose up -d

Build:

docker-compose build

Microservice vuln_django

The docker-micro-pg Docker Compose configuration builds a microservice version of vuln_django, with separate containers running an Nginx front-end, and PostgreSQL database.

Build, run, and run data migrations:

docker-compose -f docker-micro.yml build
docker-compose -f docker-micro.yml up --detach
./scripts/migrations.sh

To bring the microservice stack up with migrations, a Django admin user, and seed data, run:

./scripts/build-and-run.sh

To do that plus run HawkScan against it, run:

./scripts/build-and-scan.sh

Using Dockerfile

Build the docker image

docker build -t vuln_django .

Run the docker container

docker run -it -p 8020:8020 vuln_django:latest

Usage

About

🐛 An intentionally vulnerable Django app

Resources

Readme
Activity
Custom properties

Stars

8 stars

Watchers

5 watching

Forks

32 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages