-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathvulnerable_server.py
More file actions
187 lines (159 loc) · 6.52 KB
/
vulnerable_server.py
File metadata and controls
187 lines (159 loc) · 6.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
"""
Simple Vulnerable Web Server for Testing VScanX
WARNING: Only run on localhost for testing!
"""
import html
import textwrap
from http.server import BaseHTTPRequestHandler, HTTPServer
from urllib.parse import parse_qs, urlparse
class VulnerableHandler(BaseHTTPRequestHandler):
def do_GET(self):
"""Handle GET requests"""
parsed_path = urlparse(self.path)
params = parse_qs(parsed_path.query)
# Home page
if parsed_path.path == "/" or parsed_path.path == "/index.html":
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
html_content = textwrap.dedent("""
<!DOCTYPE html>
<html>
<head>
<title>VScanX Test Server</title>
<style>
body { font-family: Arial; max-width: 800px; margin: 50px auto; }
.card { border: 1px solid #ddd; padding: 20px; margin: 10px 0; border-radius: 5px; }
h2 { color: #667eea; }
code { background: #f4f4f4; padding: 2px 6px; border-radius: 3px; }
</style>
</head>
<body>
<h1>🔓 VScanX Vulnerable Test Server</h1>
<p>This server contains intentional vulnerabilities for testing VScanX.</p>
<div class="card">
<h2>Test Endpoints:</h2>
<ul>
<li><a href="/search?q=test">Search Page (Vulnerable to XSS)</a></li>
<li><a href="/profile?name=John">Profile Page (Vulnerable to XSS)</a></li>
<li><a href="/comment?text=hello">Comment Page (Vulnerable to XSS)</a></li>
</ul>
</div>
<div class="card">
<h2>Test Commands:</h2>
<code>python vscanx.py -t "http://127.0.0.1:8080/search?q=test" -s web --skip-warning</code><br><br>
<code>python vscanx.py -t "http://127.0.0.1:8080/profile?name=user" -s web --skip-warning</code>
</div>
<p><strong>⚠️ WARNING:</strong> This server is intentionally vulnerable. Only use for testing!</p>
</body>
</html>
""").strip()
self.wfile.write(html_content.encode())
# Vulnerable search page - REFLECTED XSS
elif parsed_path.path == "/search":
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
query = params.get("q", [""])[0]
# VULNERABLE: Direct insertion without sanitization
html_content = textwrap.dedent(f"""
<!DOCTYPE html>
<html>
<head><title>Search Results</title></head>
<body>
<h1>Search Results</h1>
<p>You searched for: {query}</p>
<p>No results found.</p>
<a href="/">Back to Home</a>
</body>
</html>
""").strip()
self.wfile.write(html_content.encode())
# Vulnerable profile page - REFLECTED XSS
elif parsed_path.path == "/profile":
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
name = params.get("name", ["Guest"])[0]
# VULNERABLE: Direct insertion without sanitization
html_content = textwrap.dedent(f"""
<!DOCTYPE html>
<html>
<head><title>User Profile</title></head>
<body>
<h1>Welcome, {name}!</h1>
<p>This is your profile page.</p>
<a href="/">Back to Home</a>
</body>
</html>
""").strip()
self.wfile.write(html_content.encode())
# Vulnerable comment page - REFLECTED XSS
elif parsed_path.path == "/comment":
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
text = params.get("text", [""])[0]
# VULNERABLE: Direct insertion in different context
html_content = textwrap.dedent(f"""
<!DOCTYPE html>
<html>
<head><title>Comments</title></head>
<body>
<h1>Comment Posted</h1>
<div style="border: 1px solid #ccc; padding: 10px;">
<strong>Your comment:</strong><br>
{text}
</div>
<a href="/">Back to Home</a>
</body>
</html>
""").strip()
self.wfile.write(html_content.encode())
# Safe page - NO XSS (for comparison)
elif parsed_path.path == "/safe":
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
query = params.get("q", [""])[0]
safe_query = html.escape(query) # SAFE: Properly escaped
html_content = textwrap.dedent(f"""
<!DOCTYPE html>
<html>
<head><title>Safe Search</title></head>
<body>
<h1>Safe Search Results</h1>
<p>You searched for: {safe_query}</p>
<p>This page is NOT vulnerable (input is escaped).</p>
<a href="/">Back to Home</a>
</body>
</html>
""").strip()
self.wfile.write(html_content.encode())
else:
self.send_response(404)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(b"<h1>404 Not Found</h1>")
def log_message(self, format, *args):
"""Custom log format"""
print(f"[SERVER] {self.address_string()} - {format % args}")
def run_server(port=8080):
"""Run the vulnerable test server"""
server_address = ("127.0.0.1", port)
httpd = HTTPServer(server_address, VulnerableHandler)
print("=" * 60)
print("VScanX Vulnerable Test Server")
print("=" * 60)
print(f"Server running at: http://127.0.0.1:{port}/")
print("WARNING: This server is intentionally vulnerable!")
print("Only run on localhost for testing purposes!")
print("=" * 60)
print("\nPress Ctrl+C to stop the server\n")
try:
httpd.serve_forever()
except KeyboardInterrupt:
print("\n\n[*] Server stopped")
httpd.shutdown()
if __name__ == "__main__":
run_server(8080)