Skip to content

abdulrhmany/Web_Challenges

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
bac_basic_st
bac_basic_st
 
 
bac_cookie_st
bac_cookie_st
 
 
bac_headers_st
bac_headers_st
 
 
bac_horizontal_st
bac_horizontal_st
 
 
bac_profile_get_st
bac_profile_get_st
 
 
bac_profile_st
bac_profile_st
 
 
cors_basic_st
cors_basic_st
 
 
csrf_easy_req_method_st
csrf_easy_req_method_st
 
 
csrf_easy_st
csrf_easy_st
 
 
csrf_easy_token_present_st
csrf_easy_token_present_st
 
 
csrf_easy_token_validation_st
csrf_easy_token_validation_st
 
 
jwt_signature_st
jwt_signature_st
 
 
jwt_unverified_st
jwt_unverified_st
 
 
jwt_weak_secret_st
jwt_weak_secret_st
 
 
lfi_basic_st
lfi_basic_st
 
 
lfi_ext_validation_st
lfi_ext_validation_st
 
 
lfi_url_decode_st
lfi_url_decode_st
 
 
lfi_weak_filters_st
lfi_weak_filters_st
 
 
osi_basic_st
osi_basic_st
 
 
osi_blind_filters_st
osi_blind_filters_st
 
 
osi_blind_st
osi_blind_st
 
 
osi_filters_st
osi_filters_st
 
 
postmessage_st
postmessage_st
 
 
sqli_blind_boolean_st
sqli_blind_boolean_st
 
 
sqli_blind_conditional_st
sqli_blind_conditional_st
 
 
sqli_login_bypass_filters_st
sqli_login_bypass_filters_st
 
 
sqli_login_bypass_st
sqli_login_bypass_st
 
 
sqli_med_st
sqli_med_st
 
 
sqli_union_st
sqli_union_st
 
 
sqli_weak_filters_st
sqli_weak_filters_st
 
 
sqli_where_st
sqli_where_st
 
 
ssrf_basic_st
ssrf_basic_st
 
 
ssrf_weak_filters_st
ssrf_weak_filters_st
 
 
ssrf_whitelist_st
ssrf_whitelist_st
 
 
xss_easy_dom
xss_easy_dom
 
 
xss_easy_dom_text
xss_easy_dom_text
 
 
xss_easy_js
xss_easy_js
 
 
xss_easy_ref_st
xss_easy_ref_st
 
 
xss_easy_stored_st
xss_easy_stored_st
 
 
xss_med_ref_st
xss_med_ref_st
 
 
xss_weak_ref_st
xss_weak_ref_st
 
 
xxe_basic_st
xxe_basic_st
 
 
README.md
README.md
 
 
build_challenges.sh
build_challenges.sh
 
 
images.txt
images.txt
 
 
reset_challenges.sh
reset_challenges.sh
 
 
run_challenges.sh
run_challenges.sh
 
 

Repository files navigation

🕸️ Web Challenges Collection

This repository contains a collection of 42 Node.js web application challenges designed for practicing and testing web security knowledge. Each challenge is containerized with Docker for easy deployment.

Challenge Types

The challenges cover a variety of common web vulnerabilities:

  • SQL Injection (SQLi)
  • Cross-Site Scripting (XSS)
  • Command Injection
  • Local File Inclusion (LFI)
  • Directory Traversal
  • JWT and Session Exploits
  • ...and more

🗂️ Structure

Each challenge is in its own directory, named after the challenge ID or title (e.g., sqli_login_bypass_st). Inside each directory:

  • Dockerfile: Defines the containerized challenge.
  • index.js or server.js: The Node.js app source.
  • Additional static files or assets as needed.

🚀 Deployment

Use the provided scripts to build and run the challenges locally:

# Build all images
chmod +x build_challenges.sh
./build_challenges.sh

# Run all containers on ports 40001–40042
chmod +x run_challenges.sh
./run-containers.sh

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages