interference-security/DVWS interference-security/DVWS

  • Stars
    star
    315
  • Rank 132,951 (Top 3 %)
  • Language
    PHP
  • License
    MIT License
  • Created almost 8 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
interference-security/DVWS
github

interference-security

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.

OWASP Damn Vulnerable Web Sockets (DVWS)

OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA. You will find more vulnerabilities than the ones listed in the application.

https://owasp.org/www-project-damn-vulnerable-web-sockets/

Requirements

In the hosts file of your attacker machine create an entry for dvws.local to point at the IP address hosting the DVWS application.

Location of hosts file:

Windows: C:\windows\System32\drivers\etc\hosts

Linux: /etc/hosts

Sample entry for hosts file:

192.168.100.199         dvws.local

The application requires the following:

Apache + PHP + MySQL

PHP with MySQLi support

Ratchet

ReactPHP-MySQL

Install "Ratchet" and "ReactPHP-MySQL" using composer:

git clone https://github.com/interference-security/DVWS
cd DVWS
composer install

Setting up DVWS

Set the MySQL hostname, username, password and an existing database name in the includes/connect-db.php file then go to Setup to finish setting up DVWS.

Running DVWS

On the host running this application, run the following command from DVWS directory: php ws-socket.php --heartbeat-interval <seconds>

Example: php ws-socket.php --heartbeat-interval 10

Important Note

DVWS has been developed with limited knowledge of Web Sockets. Feel free to contribute and enhance this project.

Screenshot

image

More Repositories

1

frida-scripts

Frida Scripts
JavaScript
532
star
2

empire-web

PowerShell Empire Web Interface
PHP
327
star
3

kali-windows-binaries

Windows binaries from Kali Linux : http://git.kali.org/gitweb/?p=packages/windows-binaries.git;a=summary
Perl
78
star
4

nessus_parser

Nessus Parser
Perl
48
star
5

scripts-tools-shells

Python
46
star
6

Multiport

Python
41
star
7

oracle-tns-poison

Oracle TNS Listener Remote Poisoning
Python
29
star
8

ntds-tools

Tools for NTDS.dit
Python
16
star
9

Chura-Liya

Python
16
star
10

nessie-viewer

Nessie Viewer enables IT Security auditors and penetration testers to quickly navigate through Nessus reports and Nmap XMLs
15
star
11

recon-ng-web

Web interface for recon-ng
PHP
14
star
12

empyre-web

EmPyre Web Interface
CSS
12
star
13

PS2EXE

https://gallery.technet.microsoft.com/PS2EXE-Convert-PowerShell-9e4e07f1
PowerShell
12
star
14

Practical-Reverse-Engineering

Practical Reverse Engineering by Juan Carlos JimΓ©nez (http://jcjc-dev.com/)
7
star
15

ios-pentest-tools

Tools for iOS app testing
7
star
16

useful-articles

Screen capture of useful articles
5
star
17

ssl-checklist

SSL Checklist for Pentesters - the Manual Cheatsheet (http://www.exploresecurity.com/wp-content/uploads/custom/SSL_manual_cheatsheet.html)
HTML
3
star
18

the-manipulator

Automatically exported from code.google.com/p/the-manipulator
Shell
3
star
19

echomirage

A backup copy of Echo Mirage.
2
star
20

Clipboard-File

File Transfer using "File to Base64" and "Base64 to File"
C#
2
star
21

Request-Buster

This BurpSuite extension is based on the work of Burpy available here: https://github.com/debasishm89/burpy
Python
2
star
22

zoomeye-data

Python
2
star
23

baudrate

Baudrate is a tool to help quickly identify the baud rate of an unknown serial device
Python
2
star
24

kerberos-linux-client-gui

Kerberos Linux Client GUI
Java
2
star
25

frida-scripts-vulnapp-solutions

Frida scripts to solve vulnerable mobile app challenges
JavaScript
2
star
26

netcat-windows

Netcat for Windows
1
star