Kurukshetra is a web framework that’s developed with the aim of being the first open source framework which provides a solid foundation to host reasonably complex secure coding challenges while still providing the ability to efficiently and dynamically execute each challenge on the basis of user input in a secure sandboxed environment.
Kurukshetra is composed of two components, the backend framework written in PHP, which manages and leverages the underlying docker system to provide the secure sandbox for the challenge execution, and the frontend, which is a user facing web app providing all the necessary controls, for the admin to host and modify the challenges , and the user to execute and view the result of each of his input.
Kurukshetra has been tested both on Ubuntu/Debian (apt-get based distros) and as well as Mac OS. It should ideally work with any linux based distributions with PHP 7.2, MySQL and Docker (along with remote API enabled) installed.
There are a few packages which are necessary before proceeding with the installation:
- Git client:
sudo apt-get install git
- PHP 7.2: Read the instructions on how to install on ubuntu (along with php-curl -
sudo apt-ge install php7.2-curl php7.2-mbstring php7.2-mysql
) - MySQL:
sudo apt-get install mysql-server
- Docker: Read the official installation guide (Also: ubuntu installation)
- Enable Docker API: Read - How do I enable the remote Docker API
- Create a folder
/var/config/
with write permission towww-data
user
Installing is as simple as moving the downloaded files into webroot:
git clone https://github.com/a0xnirudh/kurukshetra.git
cd kurukshetra
cp -r * /var/www/html/
chmod 755 -R /var/www/html
- Move all the files into webroot (which is usually
/var/www/html
):cp -r kurukshetra/* /var/www/html
- Give appropriate permissions for the moved files:
chmod 755 -R /var/www/html/
- Give
challenges/uploads
directory write permissions forwww-data
user (seeuploads/README.md
). - Visit
http://localhost
orhttp://127.0.0.1
to navigate into installation (will auto redirect into /installation/).
- Enter the MySQL DB credentials (user should have the permission to create database) and click on validate to see if the credentials are correct.
- Enter the Google OAuth
Client ID
andClient secret
and make sure the redirect URL is set to the pathhttp://your-domain.com/login/index.php
Kurukshetra make uses of Dockers API's for running the user submitted code. A one time configuration is required before we can make use of the docker API's which is as follows:
- Pull the docker image:
docker pull phusion/baseimage:latest
- Goto installation directory:
cd installation/optional/
- Build kurukshetra image from the Dockerfile:
docker build -t kurukshetra .
Alternatively, you can just run python install.py
from within the directory installation/optional
which will go ahead and install Docker (if not installed already) and will configure the Kurukshetra docker image automatically.
The following are couple of ideas which we have in mind to do going ahead with Kurukshetra. If you have any ideas/feature requests which is not listed below, feel free to raise an issue in github.
-
Support for more languages including but not limited to JAVA, NodeJs and Ruby on Rails.
-
Write more challenges along with unittests to cover all the OWASP Top 10 vulnerabilities.
-
Gamification of the whole framework by introducing scorebard based on challenge solving points (predefined points are already available for challenges based on difficulties).
- Challenge listing page:
- Challenge solving page:
- Admin portal (statictics):
- Admin challenge edit/add challenges:
Awesome people who built this project:
Anirudh Anand (@a0xnirudh)
Mohan KK (@MohanKallepalli)
Arjun T U (@arjunkikz)
Durga Subramanian (@0xdug)
Ankur Bhargava (@_AnkurB)
Prajal Kulkarni (@prajalkulkarni)