GoVWA - A web application developed to help the pentester and programmers to learn the vulnerabilities

Overview

GoVWA


GoVWA (Go Vulnerable Web Application) is a web application developed to help the pentester and programmers to learn the vulnerabilities that often occur in web applications which is developed using golang. Vulnerabilities that exist in GoVWA are the most common vulnerabilities found in web applications today. So it will help programmers recognize vulnerabilities before they happen to their application. Govwa can also be an additional application of your pentest lab for learning and teaching.

WARNING!


Since GoVWA is a web application that contains a vulnerability, never upload govwa to web hosting that can be accessed publicly, because it can cause your server to get hacked. As a suggestion to use GoVWA locally.

How To Install GoVWA


Installing golang

If you didn't have golang installed on your system. first, install it using automation script from https://github.com/canha/golang-tools-install-script.

Follow the instruction which is provided by the author and install golang depending on your Operating System Architecture.

If successfully installed you would have directory 'go' in your home directory. the go directory has three subdirectory (bin, pgk, src). switch to src directory then clone govwa repository.

git clone https://github.com/0c34/govwa.git

git pull (to update)

we have to install several golang package that required by govwa

Execute those command in your terminal

go get github.com/go-sql-driver/mysql
go get github.com/gorilla/sessions
go get github.com/julienschmidt/httprouter

GoVWA config


Open the file config.json which is located in config directory. Change the configuration according to your needs.

{
    "user": "root",
    "password": "root",
    "dbname": "govwa",
    "sqlhost": "localhost",
    "sqlport": "3306",
    "webserver": "http://192.168.56.101",
    "webport": "8082",

    "sessionkey:": "G0Vw444"
}

Run GoVWA

govwa@ubuntu-server:~/go/src/govwa$ go run app.go 

     ÛÛÛÛÛÛÛÛÛ           ÛÛÛÛÛ   ÛÛÛÛÛ ÛÛÛÛÛ   ÛÛÛ   ÛÛÛÛÛ   ÛÛÛÛÛÛÛÛÛ  
    ÛÛÛ°°°°°ÛÛÛ         °°ÛÛÛ   °°ÛÛÛ °°ÛÛÛ   °ÛÛÛ  °°ÛÛÛ   ÛÛÛ°°°°°ÛÛÛ 
   ÛÛÛ     °°°   ÛÛÛÛÛÛ  °ÛÛÛ    °ÛÛÛ  °ÛÛÛ   °ÛÛÛ   °ÛÛÛ  °ÛÛÛ    °ÛÛÛ 
  °ÛÛÛ          ÛÛÛ°°ÛÛÛ °ÛÛÛ    °ÛÛÛ  °ÛÛÛ   °ÛÛÛ   °ÛÛÛ  °ÛÛÛÛÛÛÛÛÛÛÛ 
  °ÛÛÛ    ÛÛÛÛÛ°ÛÛÛ °ÛÛÛ °°ÛÛÛ   ÛÛÛ   °°ÛÛÛ  ÛÛÛÛÛ  ÛÛÛ   °ÛÛÛ°°°°°ÛÛÛ 
  °°ÛÛÛ  °°ÛÛÛ °ÛÛÛ °ÛÛÛ  °°°ÛÛÛÛÛ°     °°°ÛÛÛÛÛ°ÛÛÛÛÛ°    °ÛÛÛ    °ÛÛÛ 
   °°ÛÛÛÛÛÛÛÛÛ °°ÛÛÛÛÛÛ     °°ÛÛÛ         °°ÛÛÛ °°ÛÛÛ      ÛÛÛÛÛ   ÛÛÛÛÛ
     °°°°°°°°°   °°°°°°       °°°           °°°   °°°      °°°°°   °°°°° 
Server running at port :8082
Open this url http://192.168.56.101:8082/ on your browser to access GoVWA

Open the url to access GoVWA and follow the setup instruction to create database and tables

GoVWA users:

uname password
admin govwaadmin
user1 govwauser1

Explore the vulnerability.

Contributor


  • Khaedir (golang programming)
  • Xaquille (web design)

To Do

  • XXE Vulnerability
  • NoSQLInjection
  • Json Web API (unprotected API)
  • Build Simple Android APP

warm regards NemoSecurity

You might also like...
sigurlx a web application attack surface mapping tool.

sigurlx a web application attack surface mapping tool, it does ...:

 GoTTY - Share your terminal as a web application
GoTTY - Share your terminal as a web application

GoTTY - Share your terminal as a web application GoTTY is a simple command line tool that turns your CLI tools into web applications. Installation Fro

Retro-Floppy UI is a web based application for managing & using a GoTek floppy emulator running the Flash Floppy firmware.
Retro-Floppy UI is a web based application for managing & using a GoTek floppy emulator running the Flash Floppy firmware.

A web user interface for a GoTek running flashfloppy utilising a Raspberry PI 0W as the storage. This allows for remote uploading of files & selecting which disk image is loaded on a retro computer like the BBC Micro or Amiga A1200

A web application attack surface mapping tool. It takes in a list of urls then performs numerous probes

sigurlscann3r A web application attack surface mapping tool. It takes in a list of urls then performs numerous probes Resources Features Installation

A simple web application written in Golang which listens on port 8080

GoWebApp It's a simple web application written in Golang which listens on port 8080 Building It can be build using the command go build -o metricsweba

A web application example to work with a customer object

Wallester Task This repository contains a web application example to work with a customer object. Build in GO version 1.17.1 Live running app example

🖖🏻 A self-hosted Quora like web application written in Go
🖖🏻 A self-hosted Quora like web application written in Go

Guora 🖖🏻 A self-hosted Quora like web application written in Go 基于 Golang 类似知乎的私有部署问答应用 包含问答、评论、点赞、管理后台等功能 Quick Start (Docker Deploy) $ docker-comp

Using golang framework (Gin) to create a web-application

News feeder Using golang framework (Gin) to create a web-application. This simpl

Go kickstart is a simple repository that I'm managing to a have a fast setup for Go web application

Go kickstart is a simple repository that I'm managing to a have a fast setup for Go web application with my most common use cases using practices that I found useful and easy to maintain.

Owner
David Nester
David Nester
Go-service-gin - Simple Web api application developed in Golang and Gin

Simple Web api application developed in Golang and Gin Initial Tutorial URL http

Nurul Huda Robin 0 Jan 4, 2022
REST API of Instagram's functionalities; developed using GO (and Mongo).

Instagram-backend-api REST API of Instagram's functionalities; developed using GO (and Mongo). Constraints: Complete API has been developed using Go M

Srishti Lodha 0 Oct 9, 2021
A fully-featured REST API developed in Golang for an online book store.

A fully-featured REST API developed in Golang for an online book store.

Raphael Collin 15 Oct 20, 2022
A fully-featured REST API developed in Golang for an online book store.

E-book Store A fully-featured REST API developed in Golang for an online book store. API Documentation Features Authentication (Sign up, Login and Res

Raphael Collin 15 Oct 20, 2022
Use of Advent of Code challenges to perform pyhton and learn Go language

Scripts in Python and Go language made to perform Advent of Code 2021 challenges

null 1 Jan 3, 2022
This application is used as an example HTTP/SQLite application for Litestream tutorials.

This application is used as an example HTTP/SQLite application for Litestream tutorials. It simply maintains a count of HTTP requests and persists it to a SQLite database.

Ben Johnson 12 Apr 2, 2022
A simple database application that I was asked to implement as part of a job application process

This is a simple database application that I was asked to implement as part of a job application process. They told me I could choose any languages an

null 0 Nov 24, 2021
GoAdmin is a toolkit to help you build a data visualization admin panel for your golang app.

the missing golang data admin panel builder tool. Documentation | 中文文档 | 中文介绍 | DEMO | 中文DEMO | Twitter | Forum Inspired by laravel-admin Preface GoAd

null 1 Nov 25, 2021
A rest api to help automate some of the things Matt does

AutoMatt A rest api to help automate some of the things Matt does run in docker for dev go build && \ docker build -t automatt:latest . && \ docker ru

null 0 Dec 6, 2021
A dataviz framework help gopher to build a admin panel in ten minutes

the missing golang data admin panel builder tool. Documentation | 中文文档 | DEMO Inspired by laravel-admin Preface GoAdmin is a toolkit to help you build

cg33 95 Oct 17, 2022