Vulnerable Node Express

This is a vulnerable Node Express service meant to be used as a target for security testing tools.

Build and Run

Install NPM Dependencies

npm install

Initialize SQLite DB

node bootstrapdb.js

Run

DEBUG=myapp:* npm start

Build and Run with Docker

Build Docker Image

docker build --tag stackhawk/nodeexpressvulny .

Run Docker Container

docker run --rm --publish 3000:3000 --name nodeexpressvulny stackhawk/nodeexpressvulny

Build and Run in Docker Compose

docker-compose up --build --detach

Known Vulnerabilities

SQL Injection via search box. - item%' union all select * from user; --
Cross Site Scripting via search box. - <script>alert("hey guy");</script>

Name		Name	Last commit message	Last commit date
Latest commit History 21 Commits
.github/workflows		.github/workflows
bin		bin
db		db
public/stylesheets		public/stylesheets
routes		routes
service		service
views		views
.dockerignore		.dockerignore
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
app.js		app.js
bootstrapdb.js		bootstrapdb.js
docker-compose.yml		docker-compose.yml
package-lock.json		package-lock.json
package.json		package.json
stackhawk.yml		stackhawk.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Vulnerable Node Express

Build and Run

Install NPM Dependencies

Initialize SQLite DB

Run

Build and Run with Docker

Build Docker Image

Run Docker Container

Build and Run in Docker Compose

Known Vulnerabilities

About

Releases

Packages

Languages

meenaidu/vuln_node_express

Folders and files

Latest commit

History

Repository files navigation

Vulnerable Node Express

Build and Run

Install NPM Dependencies

Initialize SQLite DB

Run

Build and Run with Docker

Build Docker Image

Run Docker Container

Build and Run in Docker Compose

Known Vulnerabilities

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages