GoVWA (Go Vulnerable Web Application) is a vulnerable web application designed for pentester or programmers to learn the web application vulnerability that often occur in web applications. The vulnerabilities in GoVWA are OWASP Top 10 category.
--- new test 1 2 3 4 5 6 7 GoVWA is a vulnerable web application, Run it only on local environment
Golang versiong : >= 1.11 Installing guide : https://www.digitalocean.com/community/tutorials/how-to-install-go-1-6-on-ubuntu-16-04
git clone https://github.com/0c34/govwa.git
git pull (to update)
go mod download
config.json file is located in config directory.
{
"user": "root",
"password": "root",
"dbname": "govwa",
"sqlhost": "localhost",
"sqlport": "3306",
"webserver": "http://localhost",
"webport": "8888",
"sessionkey:": "G0Vw444"
}
Run GoVWA
go run app.go
ÛÛÛÛÛÛÛÛÛ ÛÛÛÛÛ ÛÛÛÛÛ ÛÛÛÛÛ ÛÛÛ ÛÛÛÛÛ ÛÛÛÛÛÛÛÛÛ
ÛÛÛ°°°°°ÛÛÛ °°ÛÛÛ °°ÛÛÛ °°ÛÛÛ °ÛÛÛ °°ÛÛÛ ÛÛÛ°°°°°ÛÛÛ
ÛÛÛ °°° ÛÛÛÛÛÛ °ÛÛÛ °ÛÛÛ °ÛÛÛ °ÛÛÛ °ÛÛÛ °ÛÛÛ °ÛÛÛ
°ÛÛÛ ÛÛÛ°°ÛÛÛ °ÛÛÛ °ÛÛÛ °ÛÛÛ °ÛÛÛ °ÛÛÛ °ÛÛÛÛÛÛÛÛÛÛÛ
°ÛÛÛ ÛÛÛÛÛ°ÛÛÛ °ÛÛÛ °°ÛÛÛ ÛÛÛ °°ÛÛÛ ÛÛÛÛÛ ÛÛÛ °ÛÛÛ°°°°°ÛÛÛ
°°ÛÛÛ °°ÛÛÛ °ÛÛÛ °ÛÛÛ °°°ÛÛÛÛÛ° °°°ÛÛÛÛÛ°ÛÛÛÛÛ° °ÛÛÛ °ÛÛÛ
°°ÛÛÛÛÛÛÛÛÛ °°ÛÛÛÛÛÛ °°ÛÛÛ °°ÛÛÛ °°ÛÛÛ ÛÛÛÛÛ ÛÛÛÛÛ
°°°°°°°°° °°°°°° °°° °°° °°° °°°°° °°°°°
=======
Server running at port :8082
Open this URL http://192.168.56.101:8082/ on your browser to access GoVWA
Open the URL to access GoVWA and follow the setup instruction to create database and tables
git clone https://github.com/0c34/govwa.git
inside govwa directory:
docker-compose up --build
stop running process using
docker-compose down --remove-orphans --volumes
GoVWA users:
| uname | password |
|---|---|
| admin | govwaadmin |
| user1 | govwauser1 |
Explore the vulnerability.
- Khaedir (golang programming)
- Xaquille (web design)
- add more vulnerabilities
XXE Vulnerability- NoSQLInjection
- JSON Web API (unprotected API)
- Build Simple Android APP
Powered by NemoSecurity