Skip to content

roomkangali/LabVulnerDursGo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

27 Commits
images
images
Β 
Β 
index-vuln-2
index-vuln-2
Β 
Β 
index-vuln
index-vuln
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

DursGo Vulnerability Labs

A collection of vulnerable applications to test the DursGo scanner.

This repository contains two different vulnerability lab applications, each with its own configuration. Here is how to run both using Docker.

Lab Descriptions

The following labs are available in this collection:

  • Open Redirect Lab
    • A lab demonstrating a classic Open Redirect vulnerability where the application redirects to any user-supplied URL.
Click Video Solved Lab - Open Redirect
openredirect.mp4
  • Blind Vulnerabilities Lab
    • Contains both Blind SSRF and Blind Command Injection vulnerabilities, detectable via OAST.
Click Video Solved Lab - Blind SSRF
blindssrf.mp4
Click Video Solved Lab - Blind Command Injection
cmdinjection-blind.mp4
  • SSRF (In-Band) Lab
    • A classic SSRF where the application fetches and displays content from a user-supplied URL.
Click Video Solved Lab - SSRF (In-Band)
ssrf.mp4
  • DomXSS Lab
    • This Lab is vulnerable to DOMXSS. The script on this page takes the content from the URL fragment
Click Video Solved Lab - DomXSS
domxss.mp4
  • Mass Assignment Lab
    • This link leads to a protected API endpoint vulnerable to Mass Assignment.
Click Video Solved Lab - Mass Assignment
massassignment.mp4
  • CORS Misconfiguration Lab
    • An API endpoint that improperly reflects the Origin header, allowing data theft from any domain.
Click Video Solved Lab - CORS Misconfiguration
cors.mp4
  • Authentication Lab
    • A login page to test authenticated scanning capabilities and related vulnerabilities. (Vulnerabilities: CSRF, BOLA, File Upload, Mass Assignment).
Click Video Solved Lab - Authentication
lab-auth.mp4
  • Exposed Files Lab
    • A directory to test the detection of sensitive files and folders like .env or .git/.
Click Video Solved Lab - Exposed Files
exposed.mp4
  • IDOR & Stored XSS Lab
    • A login authenticated test for Insecure Direct Object References and Stored Cross-Site Scripting.
Click Video Solved Lab - IDOR & Stored XSS Lab
lab-shop.mp4
  • GraphQL API Lab
    • A vulnerable GraphQL endpoint to test for introspection, injection, and other API-specific flaws.
Click Video Solved Lab - GraphQL API
graphql.mp4

1. PHP Lab Application (index-vuln)

This application is a PHP-based vulnerability lab and serves as the main dashboard for all labs.

Important: The main page of this application (http://localhost:8088) contains links to all labs, including those running on ports 5000 and 4000. To ensure all links work, you must run both applications (index-vuln and index-vuln-2) simultaneously.

Requirements

  • Docker
  • Docker Compose

How to Run

  1. Open a terminal and navigate to the index-vuln directory:

    cd index-vuln

  2. Run the following command to build and start the Docker container:

    docker compose up --build -d

    This command will run the application in the background.

  3. Once the container is running, the application will be accessible at: http://localhost:8088

How to Stop

To stop the application, run the following command from within the index-vuln directory:

docker compose down

2. Python & Node.js Lab Application (index-vuln-2)

This application consists of two services: a Flask-based web application (Python) and a Node.js-based GraphQL API.

Requirements

  • Docker
  • Docker Compose

How to Run

  1. Open a terminal and navigate to the index-vuln-2 directory:

    cd index-vuln-2

  2. Run the following command to build and start both services:

    docker compose up --build -d

  3. Once the containers are running, the services will be accessible at:

Credentials for Web Application (Port 5000)

The database is initialized with the following users:

  • Admin User

    • Username: admin
    • Password: admin123

  • Regular User

    • Username: user1
    • Password: password123

How to Stop

To stop both services, run the following command from within the index-vuln-2 directory:

docker compose down

πŸ“‘ Vulnerability Report Viewer

This project includes a report viewer that allows you to upload and visualize vulnerability scan results in a clean web interface, with the option to export them as PDF.

πŸš€ How to Use

  1. Access the viewer at: http://localhost:8088/report/

  2. Upload report

  • Click the Choose File button.
  • Select the JSON report generated by DursGo.
  1. View results
  • Scan Summary (target URL, technologies, total findings, etc.)
  • Detailed Vulnerabilities (each finding shown on a separate page for PDF export)
  • AI Analysis section with remediation guidance and code examples
  1. Export as PDF
  • Once the report is loaded, click Download Report as PDF to export the findings into a professional PDF document.

About

A collection of vulnerable applications to test the DursGo scanner.

github.com/roomkangali/dursgo

Topics

lab vulnerability web-security web-security-lab

Resources

Readme
Activity

Stars

10 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases 3

Version Release 1.0.2 Latest
Sep 4, 2025
+ 2 releases

Packages

No packages published

Languages