SecureCodingDojo
white-password
SecureCodingDojo | white-password | |
---|---|---|
1 | 1 | |
502 | 1 | |
2.2% | - | |
8.2 | 0.0 | |
about 1 month ago | almost 2 years ago | |
PHP | Python | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SecureCodingDojo
-
Can someone eli5,these sets of practice ctf tasks i found
The following steps will get you the basic configuration for the Dojo. For advanced configuration and integrations check the wiki
white-password
-
Selenium Google Login Blocked in Automation. [Self-Answered: Bypassed the Google restrictions]
``` # Import required packages, modules etc.. Selenium is a must! def login(username, password): # Logs in the user driver.get("https://stackoverflow.com/users/login") WebDriverWait(driver, 60).until(expected_conditions.presence_of_element_located( (By.XPATH, '//*[@id="openid-buttons"]/button[1]'))).click() try: WebDriverWait(driver, 60).until(expected_conditions.presence_of_element_located( (By.ID, "Email"))).send_keys(username) # Enters username except TimeoutException: del username driver.quit() WebDriverWait(driver, 60).until(expected_conditions.element_to_be_clickable( (By.XPATH, "/html/body/div/div[2]/div[2]/div[1]/form/div/div/input"))).click() # Clicks NEXT time.sleep(0.5) try: try: WebDriverWait(driver, 60).until(expected_conditions.presence_of_element_located( (By.ID, "password"))).send_keys(password) # Enters decoded Password except TimeoutException: driver.quit() WebDriverWait(driver, 5).until(expected_conditions.element_to_be_clickable( (By.ID, "submit"))).click() # Clicks on Sign-in except TimeoutException or NoSuchElementException: print('\nUsername/Password seems to be incorrect, please re-check\nand Re-Run the program.') del username, password driver.quit() try: WebDriverWait(driver, 60).until(lambda webpage: "https://stackoverflow.com/" in webpage.current_url) print('\nLogin Successful!\n') except TimeoutException: print('\nUsername/Password seems to be incorrect, please re-check\nand Re-Run the program.') del username, password driver.quit() USERNAME = input("User Name : ") PASSWORD = white_password(prompt="Password : ") ``` Click [_**here**_](https://github.com/pixincreate/white-password) learn about white_password. ``` # Expected and required arguments added here. options = Options() options.add_argument("start-maximized") options.add_experimental_option("excludeSwitches", ["enable-automation"]) options.add_experimental_option('useAutomationExtension', False) options.add_experimental_option('excludeSwitches', ['enable-logging']) # Assign drivers here. stealth(driver, user_agent='DN', languages=["en-US", "en"], vendor="Google Inc.", platform="Win32", webgl_vendor="Intel Inc.", renderer="Intel Iris OpenGL Engine", fix_hairline=True, ) # Before Login, using stealth login(USERNAME, PASSWORD) # Call login function/method stealth(driver, user_agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36', languages=["en-US", "en"], vendor="Google Inc.", platform="Win32", webgl_vendor="Intel Inc.", renderer="Intel Iris OpenGL Engine", fix_hairline=True, ) # After logging in, revert back user agent to normal. # Redirecting to Google Meet Web-Page time.sleep(2) driver.execute_script("window.open('https://the website that you wanto to go.')") driver.switch_to.window(driver.window_handles[1]) # Redirecting to required from stackoverflow after logging in driver.switch_to.window(driver.window_handles[0]) # This switches to stackoverflow website driver.close() # This closes the stackoverflow website driver.switch_to.window(driver.window_handles[0]) # Focuses on present website ```
What are some alternatives?
juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
celery - Distributed Task Queue (development branch)
awesome-appsec - A curated list of resources for learning about application security
fastapi - FastAPI framework, high performance, easy to learn, fast to code, ready for production
CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
pwntools - CTF framework and exploit development library
ZAP - The ZAP core project
Zulip - Zulip server and web application. Open-source team chat that helps teams stay productive and focused.
mutillidae - OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
vulnerable-code-snippets - Twitter vulnerable snippets