├── LICENSE
└── README.md


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2017 Shieldfy
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Advanced Vulnerable Web Application (AVWA)
 2 | 
 3 | Advanced Vulnerable Web Application (AVWA) is a very vulnerable web application focus on modern advanced vulerabilities.
 4 | 
 5 | The main goal is to be an aid for security professionals , pentesters and web developers to test their security skills in a legal environment And learn about new vulnerabilities and exploit in today world.
 6 | 
 7 | # WARNING!
 8 | 
 9 | Advanced Vulnerable Web Application is not safe! **Do not upload it to your hosting provider's public html folder or any Internet facing servers** , as they will be compromised.
10 | 
11 | # Roadmap
12 | 
13 | We want it to cover all modern vulnerabilities , includes and not limited to
14 | 
15 | - [ ] API Security ( JWT Security , OAuth Flows .. etc )
16 | - [ ] CRLF / Header Injection
17 | - [ ] Advanced XSS ( CSP bypass , Cross Origin issues .. etc )
18 | - [ ] XXE 
19 | - [ ] Object Injection / Use After Free Vulnerabilities
20 | - [ ] Template Injection RCE 
21 | - [ ] Advanced SQL Injection ( 2nd order , error based , blind SQLI )
22 | - [ ] ReDoS attack / Format String Attack 
23 | - [ ] Server Side Request Forgery ( SSRF )
24 | 
25 | ## Inspiration
26 | 
27 | Highly inspired from vulnerable web application for pentesters (DVWA , Webgoat .. etc)
28 | 
29 | ## Contributions
30 | 
31 | AVWA is in very early stage , All ideas are welcome .. just open issue in this repo with prefix [IDEA] , and we will discuss it in public to implement it. or drop us an email at opensource@shieldfy.io
32 | 
33 | 


--------------------------------------------------------------------------------