├── .gitignore ├── .idea ├── .gitignore ├── .name ├── TIWAP.iml ├── dataSources.xml ├── dataSources │ └── d0a64771-9f67-47d7-be54-8ad5c1cfc040.xml ├── inspectionProfiles │ ├── Project_Default.xml │ └── profiles_settings.xml ├── misc.xml ├── modules.xml ├── sqldialects.xml └── vcs.xml ├── Dockerfile ├── LICENSE ├── README.md ├── Static ├── Images │ ├── cat.jpg │ ├── dog.jpg │ └── monkey.jpg ├── index.css └── robots.txt ├── TIWAF.sqbpro ├── TIWAP.db ├── app.py ├── backups └── card-db.bk ├── certificate ├── server.crt ├── server.csr ├── server.key └── server_public.key ├── docker-compose.yml ├── helper ├── auth.py ├── db_manager.py ├── functioning.py ├── mongodb_manager.py └── sqlite_db_reset.txt ├── init-db.js ├── requirements.txt ├── secret └── secrets.enc ├── templates ├── dashboard.html ├── dashboard_layout.html ├── index.html ├── layout.html ├── settings.html └── vulnerabilities │ ├── blind-sql-injection.html │ ├── brute-force.html │ ├── business-logic-hard.html │ ├── business-logic-medium.html │ ├── business-logic.html │ ├── command_injection.html │ ├── csrf.html │ ├── directory-traversal.html │ ├── dom-xss.html │ ├── hardcoded-creds.html │ ├── html-injection.html │ ├── improper-certificate-validation.html │ ├── insecure-deserialization.html │ ├── insecure-file-upload.html │ ├── jwt-tokens.html │ ├── no-sql-injection.html │ ├── reflected-xss.html │ ├── sensitive-data-exposure-hard.html │ ├── sensitive-data-exposure-low.html │ ├── sensitive-data-exposure-medium.html │ ├── sql-injection.html │ ├── ssrf.html │ ├── ssti.html │ ├── stored-html-injection.html │ ├── stored-xss.html │ ├── under-construction.html │ └── xml-external-entities.html ├── uploads ├── 2022-chevrolet-corvette-z06-1607016574.jpg ├── hex_edit.php ├── images.png ├── logo.png └── test.php └── vulnerabilities ├── BruteForce.py ├── BusinessLogic.py ├── CommandInjection.py ├── HTMLInjection.py ├── InsecureDeserialization.py ├── NoSQL.py ├── SQLi.py ├── XSS.py └── XXE.py /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/.gitignore -------------------------------------------------------------------------------- /.idea/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/.idea/.gitignore -------------------------------------------------------------------------------- /.idea/.name: -------------------------------------------------------------------------------- 1 | TIWAP -------------------------------------------------------------------------------- /.idea/TIWAP.iml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/.idea/TIWAP.iml -------------------------------------------------------------------------------- /.idea/dataSources.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/.idea/dataSources.xml -------------------------------------------------------------------------------- /.idea/dataSources/d0a64771-9f67-47d7-be54-8ad5c1cfc040.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/.idea/dataSources/d0a64771-9f67-47d7-be54-8ad5c1cfc040.xml -------------------------------------------------------------------------------- /.idea/inspectionProfiles/Project_Default.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/.idea/inspectionProfiles/Project_Default.xml -------------------------------------------------------------------------------- /.idea/inspectionProfiles/profiles_settings.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/.idea/inspectionProfiles/profiles_settings.xml -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/.idea/misc.xml -------------------------------------------------------------------------------- /.idea/modules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/.idea/modules.xml -------------------------------------------------------------------------------- /.idea/sqldialects.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/.idea/sqldialects.xml -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/.idea/vcs.xml -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/README.md -------------------------------------------------------------------------------- /Static/Images/cat.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/Static/Images/cat.jpg -------------------------------------------------------------------------------- /Static/Images/dog.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/Static/Images/dog.jpg -------------------------------------------------------------------------------- /Static/Images/monkey.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/Static/Images/monkey.jpg -------------------------------------------------------------------------------- /Static/index.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/Static/index.css -------------------------------------------------------------------------------- /Static/robots.txt: -------------------------------------------------------------------------------- 1 | Disallowed: 2 | 3 | /backups/card-db.bk 4 | -------------------------------------------------------------------------------- /TIWAF.sqbpro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/TIWAF.sqbpro -------------------------------------------------------------------------------- /TIWAP.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/TIWAP.db -------------------------------------------------------------------------------- /app.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/app.py -------------------------------------------------------------------------------- /backups/card-db.bk: -------------------------------------------------------------------------------- 1 | You got the sensitive data! -------------------------------------------------------------------------------- /certificate/server.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/certificate/server.crt -------------------------------------------------------------------------------- /certificate/server.csr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/certificate/server.csr -------------------------------------------------------------------------------- /certificate/server.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/certificate/server.key -------------------------------------------------------------------------------- /certificate/server_public.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/certificate/server_public.key -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/docker-compose.yml -------------------------------------------------------------------------------- /helper/auth.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/helper/auth.py -------------------------------------------------------------------------------- /helper/db_manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/helper/db_manager.py -------------------------------------------------------------------------------- /helper/functioning.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/helper/functioning.py -------------------------------------------------------------------------------- /helper/mongodb_manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/helper/mongodb_manager.py -------------------------------------------------------------------------------- /helper/sqlite_db_reset.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/helper/sqlite_db_reset.txt -------------------------------------------------------------------------------- /init-db.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/init-db.js -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/requirements.txt -------------------------------------------------------------------------------- /secret/secrets.enc: -------------------------------------------------------------------------------- 1 | CONGRATULATIONS!!! You found our Secret. -------------------------------------------------------------------------------- /templates/dashboard.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/dashboard.html -------------------------------------------------------------------------------- /templates/dashboard_layout.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/dashboard_layout.html -------------------------------------------------------------------------------- /templates/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/index.html -------------------------------------------------------------------------------- /templates/layout.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/layout.html -------------------------------------------------------------------------------- /templates/settings.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/settings.html -------------------------------------------------------------------------------- /templates/vulnerabilities/blind-sql-injection.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/blind-sql-injection.html -------------------------------------------------------------------------------- /templates/vulnerabilities/brute-force.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/brute-force.html -------------------------------------------------------------------------------- /templates/vulnerabilities/business-logic-hard.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/business-logic-hard.html -------------------------------------------------------------------------------- /templates/vulnerabilities/business-logic-medium.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/business-logic-medium.html -------------------------------------------------------------------------------- /templates/vulnerabilities/business-logic.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/business-logic.html -------------------------------------------------------------------------------- /templates/vulnerabilities/command_injection.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/command_injection.html -------------------------------------------------------------------------------- /templates/vulnerabilities/csrf.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/csrf.html -------------------------------------------------------------------------------- /templates/vulnerabilities/directory-traversal.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/directory-traversal.html -------------------------------------------------------------------------------- /templates/vulnerabilities/dom-xss.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/dom-xss.html -------------------------------------------------------------------------------- /templates/vulnerabilities/hardcoded-creds.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/hardcoded-creds.html -------------------------------------------------------------------------------- /templates/vulnerabilities/html-injection.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/html-injection.html -------------------------------------------------------------------------------- /templates/vulnerabilities/improper-certificate-validation.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/improper-certificate-validation.html -------------------------------------------------------------------------------- /templates/vulnerabilities/insecure-deserialization.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/insecure-deserialization.html -------------------------------------------------------------------------------- /templates/vulnerabilities/insecure-file-upload.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/insecure-file-upload.html -------------------------------------------------------------------------------- /templates/vulnerabilities/jwt-tokens.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/jwt-tokens.html -------------------------------------------------------------------------------- /templates/vulnerabilities/no-sql-injection.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/no-sql-injection.html -------------------------------------------------------------------------------- /templates/vulnerabilities/reflected-xss.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/reflected-xss.html -------------------------------------------------------------------------------- /templates/vulnerabilities/sensitive-data-exposure-hard.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/sensitive-data-exposure-hard.html -------------------------------------------------------------------------------- /templates/vulnerabilities/sensitive-data-exposure-low.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/sensitive-data-exposure-low.html -------------------------------------------------------------------------------- /templates/vulnerabilities/sensitive-data-exposure-medium.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/sensitive-data-exposure-medium.html -------------------------------------------------------------------------------- /templates/vulnerabilities/sql-injection.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/sql-injection.html -------------------------------------------------------------------------------- /templates/vulnerabilities/ssrf.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/ssrf.html -------------------------------------------------------------------------------- /templates/vulnerabilities/ssti.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/ssti.html -------------------------------------------------------------------------------- /templates/vulnerabilities/stored-html-injection.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/stored-html-injection.html -------------------------------------------------------------------------------- /templates/vulnerabilities/stored-xss.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/stored-xss.html -------------------------------------------------------------------------------- /templates/vulnerabilities/under-construction.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/under-construction.html -------------------------------------------------------------------------------- /templates/vulnerabilities/xml-external-entities.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/templates/vulnerabilities/xml-external-entities.html -------------------------------------------------------------------------------- /uploads/2022-chevrolet-corvette-z06-1607016574.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/uploads/2022-chevrolet-corvette-z06-1607016574.jpg -------------------------------------------------------------------------------- /uploads/hex_edit.php: -------------------------------------------------------------------------------- 1 | hp phpinfo() ?> 2 | -------------------------------------------------------------------------------- /uploads/images.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/uploads/images.png -------------------------------------------------------------------------------- /uploads/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/uploads/logo.png -------------------------------------------------------------------------------- /uploads/test.php: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /vulnerabilities/BruteForce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/vulnerabilities/BruteForce.py -------------------------------------------------------------------------------- /vulnerabilities/BusinessLogic.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/vulnerabilities/BusinessLogic.py -------------------------------------------------------------------------------- /vulnerabilities/CommandInjection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/vulnerabilities/CommandInjection.py -------------------------------------------------------------------------------- /vulnerabilities/HTMLInjection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/vulnerabilities/HTMLInjection.py -------------------------------------------------------------------------------- /vulnerabilities/InsecureDeserialization.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/vulnerabilities/InsecureDeserialization.py -------------------------------------------------------------------------------- /vulnerabilities/NoSQL.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/vulnerabilities/NoSQL.py -------------------------------------------------------------------------------- /vulnerabilities/SQLi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/vulnerabilities/SQLi.py -------------------------------------------------------------------------------- /vulnerabilities/XSS.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/vulnerabilities/XSS.py -------------------------------------------------------------------------------- /vulnerabilities/XXE.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tombstoneghost/TIWAP/HEAD/vulnerabilities/XXE.py --------------------------------------------------------------------------------