From 6abca0ed1d91eb9c559b2b0ad49594b410b70e0b Mon Sep 17 00:00:00 2001 From: kyzhangs <100138954+kyzhangs@users.noreply.github.com> Date: Thu, 14 Nov 2024 10:53:31 +0800 Subject: [PATCH] add app dvwa (#2488) * add dvwa app * fix dvwa app --------- Co-authored-by: kyzhangs --- dvwa/README.md | 17 +++++++ dvwa/data.yml | 19 +++++++ dvwa/latest/data.yml | 89 +++++++++++++++++++++++++++++++++ dvwa/latest/docker-compose.yml | 24 +++++++++ dvwa/logo.png | Bin 0 -> 7287 bytes 5 files changed, 149 insertions(+) create mode 100644 dvwa/README.md create mode 100644 dvwa/data.yml create mode 100644 dvwa/latest/data.yml create mode 100644 dvwa/latest/docker-compose.yml create mode 100644 dvwa/logo.png diff --git a/dvwa/README.md b/dvwa/README.md new file mode 100644 index 000000000..b2894a877 --- /dev/null +++ b/dvwa/README.md @@ -0,0 +1,17 @@ +# DVWA (Damn Vulnerable Web Application) + +## 默认账户密码 + +用户名:`admin` + +密码:`password` + + +## 中文名:"该死的"不安全的Web应用程序 + +DVWA是一个编码差的、易受攻击的 PHP/MySQL Web应用程序。 + +### 目的 +- 帮助信息安全专业人员在合法的环境中,练习技能和测试工具 +- 帮助 Web 开发人员更好地了解如何加强 Web 应用程序的安全性 +- 帮助学生和教师在可控的教学环境中了解和学习 Web 安全技术 diff --git a/dvwa/data.yml b/dvwa/data.yml new file mode 100644 index 000000000..6d3975604 --- /dev/null +++ b/dvwa/data.yml @@ -0,0 +1,19 @@ +name: DVWA +tags: + - 安全 +title: DVWA +description: 一个用来进行安全脆弱性鉴定的PHP/MySQL Web 应用平台。 +additionalProperties: + key: dvwa + name: DVWA + tags: + - Security + shortDescZh: 一个用来进行安全脆弱性鉴定的PHP/MySQL Web 应用平台。 + shortDescEn: DVWA (Damn Vulnerable Web Application) + type: security + crossVersionUpdate: true + limit: 0 + recommend: 10 + website: https://github.com/digininja/DVWA + github: https://github.com/digininja/DVWA + document: https://github.com/digininja/DVWA diff --git a/dvwa/latest/data.yml b/dvwa/latest/data.yml new file mode 100644 index 000000000..fd3015314 --- /dev/null +++ b/dvwa/latest/data.yml @@ -0,0 +1,89 @@ +additionalProperties: + formFields: + - child: + default: "" + envKey: PANEL_DB_HOST + required: true + type: service + default: mariadb + envKey: PANEL_DB_TYPE + labelEn: Database Service + labelZh: 数据库服务 + required: true + type: apps + values: + - label: MariaDB + value: mariadb + - label: MySQL + value: mysql + - default: dvwa + envKey: PANEL_DB_NAME + labelEn: Database + labelZh: 数据库名 + required: true + rule: paramCommon + type: text + - default: dvwa + envKey: PANEL_DB_USER + labelEn: User + labelZh: 数据库用户 + required: true + rule: paramCommon + type: text + - default: p@ssw0rd + envKey: PANEL_DB_USER_PASSWORD + labelEn: Password + labelZh: 数据库用户密码 + required: true + rule: paramComplexity + type: password + - default: "low" + envKey: DVWA_SECURITY_LEVEL + labelEn: Security level + labelZh: 安全级别 + required: true + type: select + values: + - label: 低 + value: "low" + - label: 中 + value: "medium" + - label: 高 + value: "high" + - label: 极高 + value: "impossible" + - default: "zh" + envKey: DVWA_DEFAULT_LOCALE + labelEn: Locale + labelZh: 语言环境 + required: true + type: select + values: + - label: 中文 + value: "zh" + - label: 英文 + value: "en" + - default: "" + edit: true + envKey: DVWA_RECAPTCHA_PUBLIC_KEY + labelEn: Recaptcha Public Key + labelZh: 验证码公钥 + required: false + rule: paramCommon + type: text + - default: "" + edit: true + envKey: DVWA_RECAPTCHA_PRIVATE_KEY + labelEn: Recaptcha Private Key + labelZh: 验证码私钥 + required: false + rule: paramCommon + type: text + - default: "4280" + edit: true + envKey: PANEL_APP_PORT_HTTP + labelEn: Port + labelZh: 端口 + required: true + rule: paramPort + type: number diff --git a/dvwa/latest/docker-compose.yml b/dvwa/latest/docker-compose.yml new file mode 100644 index 000000000..e3d774bbb --- /dev/null +++ b/dvwa/latest/docker-compose.yml @@ -0,0 +1,24 @@ +services: + dvwa: + image: ghcr.io/digininja/dvwa:latest + container_name: ${CONTAINER_NAME} + restart: always + networks: + - 1panel-network + ports: + - ${PANEL_APP_PORT_HTTP}:80 + environment: + - DB_SERVER=${PANEL_DB_HOST} + - DB_PORT=${PANEL_DB_PORT} + - DB_DATABASE=${PANEL_DB_NAME} + - DB_USER=${PANEL_DB_USER} + - DB_PASSWORD=${PANEL_DB_USER_PASSWORD} + - DEFAULT_SECURITY_LEVEL=${DVWA_SECURITY_LEVEL} + - RECAPTCHA_PUBLIC_KEY=${DVWA_RECAPTCHA_PUBLIC_KEY} + - RECAPTCHA_PRIVATE_KEY=${DVWA_RECAPTCHA_PRIVATE_KEY} + - DEFAULT_LOCALE=${DVWA_DEFAULT_LOCALE} + labels: + createdBy: "Apps" +networks: + 1panel-network: + external: true diff --git a/dvwa/logo.png b/dvwa/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..bb4360ee9e71374324240adfda0de3b904f166a1 GIT binary patch literal 7287 zcmbtYby$?ox8I<1>0DU4k?u}GxyQP?iP(X_0Pm1q39OxU1i| z_x^c*_w4h`J2U6qGxMC8b3UK<+%4R#10d=uYAOIA5CmXB{Q!4M07U>A2n+^;&`=E; zO3<+}&{2Ymg@u8QkBg6wkBfjtJAS5Bg!y~37CLtrIpr9ZiqN1T9rzRz*ApdOy z`1_ye=r|Y{IOK$QgyjEcx$6ZGVF9^;++ZLh07L`?69Mn~0W<(001QM4;9o&Q#{h$X zm?$On?|GE=UljlV1c6cdyF~yV7zhACz!22bP1gT-;Xm!t2hgUWJ+-j!`Nsfw_SCEL&qBxTWlcsRA#k(z!oC*yI{s#JpZ~85;S2qM9U(QC}m9-xXOH2J_Fteky1Ey8k#%%S}A348U77!1e7gRR%l>U_z$mpPv zmy3h5672ZCQYh=y>)qY>2?hSOf^DB&3RN}F09=BkLD6yNmP}5zNjQxIX+T~}sla>h zhHAl|n4`m0uOGS?I0?`wu<*X-eKeQ~b!@&o2=MGXY*J1d^kPaz|-War$^`@STC>Lq0&&g{>C78s8A6M$YUj{eHw(iM z?l|K`_rfbl;1Ov?Oe8T2b^Z--*|&!Lj8?CAPQoSk@O$P5Ox zsaeK zx)<|~Eqle&KD`g(M1ptTOu|D(t6fVc+%0MUS`P)0{XUH{(#0sv6~K}1Y~K?;E}$T9H?2njPX^9ho% zgest-1Pc{BKy=U@Aa4Qs37eN#n@Y6HQ=5@v0!+` z6A9XwKy5sSZ-T|4pCu(3QU;Xm6gi(?aM0-bPTe#_bS!eex;{~2o{`(wAWb5)Fdt=H zo@qs%hx2|7i=utqe^Av-u!g1CQ+>bY>VB5;{wG`G>L%Rg6}+SOk<*ciYsQ+sot-i@ zrOkMDsDALf?gJl(yVFy+ZSK6PKXs@`sxgH^{#pW>h5X<~WexX?*4 z4%i?yL$1-$ZQmBO4;Rt{bM8k*|OU)65k6DEW&wnh#Op<_6>XXWuYR)&NY#8=q- z;5j+&k}Wj|Vm>*e->3-6H@konZQJ`8E$denQ-Q|ZlG|r&x5!f0Flg@p9@#JAlc;4R z{3|J)^R$(5k)Qe8k+}Cp(&@|Z(X)#0Z1%1XsRt>Fl0DqtQ=pUqPL%WuYKzl1D<(VRzK^r=;W6TZBl>21sAXz2_Ro0SG^F&TNfn*ZBZBeTA=FVBx1lKQ%6=CXPxs);EzTHl2Y7?5Xy-Sl{>}{5 zx7+li_cpR|N9vr$8?U5)jowa{W*rOW8^m=(Lau4o5{IVA6lA0C0J3blx70D8&)lZh zxIga?Sq-UESwF5c|4Hzjyk$h%^|Alft;lpf5bm4iB zl?H#lRwusuYbH;AE4(W&vE;si+@Y6Ek{hKI5O{9Be>b|y0ftGgdoQiW{d=scWkKwa zK#l8V13Lb+Ns$QY4QxxMqFO->s)ZbNzc~L&4qS(fGQUe9XS#?Tq->wgFUix57Kk-_ z|2iXn@SehKA+K`E)A)6njgXh*Up|=poLBO0#r;N>wuHg7IoC^qpsFR*#%XwTZ&D8 zhFbWMoN?{&g8Gg{cgE4Eiswu%eBa%y(buH$*nQrr5ks-7qbzCpQ^U%RSdD3i`xX;B zlF1peO}8@u`OIA#Cz5D(s0?{x9Yp!s_%>+SmrJdh#+3wGe+}2*X)E>geeT@5tqaEG zLf>~Ih*3ABtvt`AbzK_}+Gj`G(y?{pl2%c1Qo+t@&}bw*q-Q=x`e*9_9a%Y!=H z^6rm51hJQH8iCx=*raZ*Y;IiN$IB)H1Xz`%-rY7mfDOTE`EEMH#TcH zobG{DNZ~_kL9jonrvL8UyaQ!wzs*+rd|kIWo(fW;qhbTDNK+UmD9D&%N?Moq>SpkH zJk0y7*k^ID(_N9WX{w7_)ox5}hk5%B@Ph)C_2`HIARzkx;s`(@5HTOW9D^0?Pm)7% z1X? zpePL*`0s3tq7z^=B4P%9bP_%}G8mJ9JcLxxN>|V0&kCU5E8J9$`!AFutPU8xjh8BX zx%zpOg5(M}Q)N{h!qBWGDH`i3#kjg;GX#g4N_{3f!A)pHvHSN2%wt~i<3^9<5dLV| zyaS~0l1{^h%71+6@}F;NR;1_UTOFJW!}HH1tWvGH`KVHx?+QDVYP-P(>%H3&DPGJ5 zW?zqpTtd0f=UjeZ3@A#nxWcda^)2J2F-iqEYG`L1WFr~fwESoU1=`gt28^v|C%E`7 z@Qf2)BfHf5PHps^AH6n(hU)0WL!-N&8bvKNDrBy{JSg676K$m>r9yPck$v=UrixVdI?n8@pyVuhFqt1O+7K|`hTfoUpn zu}Jgk9(a+3eX%5&xn<6+6ep&kaKy7-w7wrILL&E@s%Sp?sKk|sz;8%iRj=g0bh1OU zi6vPtaO&#E1r1p6TDo#q&@6|}apmx+ZEkON!&0@R-vm@C|yZ;7bzhRiYgCH9ZoOn}QQ*TNoq2c@jFu8pl;D z=-YBY@tSzM&akwB9*#GH7;K{6(x|DuIgB~Zd z=+iyaAqU4xtAF<9$YmLg!=cQ5UfR#vu(y@N5|0eu-P?+PaYH|%xqCIXG*04<5H43G zJyxy_WsMEy^`6~-_V~b66JDUhl@n$_slTNV6Y%r4P4Rx9xLT8zYXMbT`mPhYienM$ z>MykWknbXfmY-<#x18!$2h1s}C-%L*B1`!6P`wuOXs54+Uztf)!e1EtlFF;7wj*S% z7KW7_&iJ>$tCin2K78;5UO~=Tjmz~!QmD6g*+@i(vxd9gb+yrRwV@TzK>vdcl>j&) zsDKBdSR@d|DgTg4Ab^O0Uml|S80L{$D90Bzbrjl&INtb&PRcUe0cgYQIp|DIP?65a z=yKiB*7ikcT@%{ZKY@(fRz7BI_Sg5afg(Wg@=RkFt}Gexf1=w(H#=SGL{i@P!; z^OWsx5KKWD2U_jZ^J4B}poR;Di~5!FPc8L#&{teQRa&+c+FGubBL3eVv@i ziQtQ`E^>?GUl2KjPiQQCuxEk_l$s1wJp!;|yTc0>PRkM|S-QoT8_Le(0nmjBIGx*L za%!96nF0g#i$|Tc5@-V)8>h5mgu$6BXVQhixz^5nCIiArPpG(327FvP;<^*u)e+Mb zVqppHy&a-hsaaWm$!(DzDd_#oDM(LMitra7`A-S>wWS^K#3XUok&K&Jbgx`yidt7t zn)E##y;n?Goc@C>=6%r`g$iQqz4l7Pufs{f9Y(n1=vG|2B;#WY+@pGDW%Ar$&x?C# z$D>N_tqM?_ka@5{S7A#17Q3ooNB(WW_lBAtDY-OTs_rOxaO#yJ=sR$c-c~`mS>P>c zjXeKGaF~dYuyVBEkaqHwG&BnI@$$xgsW%-tmX8k)QI_rlp<2ZN<6`pvW z_m;?fnse#xvH7Ab-*c&P@@kp;k$SZ<>#Af zcUZnclc6r?2hcHECmi}#x;a7k zR`dPOH-j8m%HdW`u;uD=1;0+U#PtoV5BbM{g6Rj>7PZXy`)enUml%u=FLDx|lgGT| zrbu=qh^2=J=_m>u>kPgv= zM_Y4=--3RT1K`bQ0X{Pb%?$8qivP6+p6U?-!-#!5^v@9J`I-HUCS2~%0M)?4G12(` z8T=8nElF?) z2$p1Ch<+gAqA~(MX&B6_>GF8qC4*&$g(R0esxjxb!;K=<8PthNTxY=%v=t18ob*e5 z25|=y#rETig=4|OUNFAMM5c$Uek89@J5{a4m+N^=C1yt4edHa&NU;-w+8P@X3R+O* z3Uu^;_J)EMeh7oS?qfcWutEe(&Z_a~FI@S}uOZjf;X(H%Tt7WPI3~@@}^O+IIh^csw%<`q(0`Z%o?hZ*y|OK zW)RC$>T2*Guozj|Yxg|uE+Uy`^xb-pc~2Q(P{drQnBN`iz83&pAX}fiEgu2%++g9F zMBRjAxyD|FD)UD~^to7WFE{(}e?u=wtSxkFBImj$=;z!=2HHZiL)X-zWxF4fs&4+~ z+tmzY0?AA+wgC@}sQzp}Jabm@e*vTaNyu zll6yRUNmNXz$Wt9h}4}~Kb)gKn0#n<7HX-;a-D6nVc#Nue+BrMnP`gDe$I;IvTfv> zya}x-NELlT?g`p0Fa6>CJWstUHMzm;tS3hT=$=of^-?W5Lky&mv8PJOI)s9pFe5az zoQ(hVz=Zyhaa$I*O|wVpLZOh$%iQ7C@~3EVG_0BC=cAco2WO-A($_A-yQowqD`H4h zU-g<&j7`0@soxZ(9>f*8mnPwlBat{d2L2eScdE%Je+Nh6;2(u2p0nO zYr@Q^XvU*?q6xFUf2vUL>S-^!S#Q(wuhHwB9ptIOhjB-Kz&>b>90dO4h)4lXOMK9g z8djb|AGL}v*BhxLwP&U~zGm=Kf=uWt$tJ``tl5zHX9g%Bi+-h>BFk$ew{AOaf7K4V zq>}S%SoT3Z5FP1TL{{Tm=ZT_l%F-89LRKaY)%GVCpIMRGSx?Z}6eJ`l7w-VNXn>_B z@fR;g0fAPIbU-(xEiPNeR`_4RPP3L{hDnCEZ-Po&7TD0{XAiA%U@JIZCG9rd&PFd3>$Jk0}L z79Es%C6M-jssv_!McWnfz^yXOA5{zUX(S^x4j2Z=mzD=WLnsPQGbecBxfa)+bH$g?X|$F@1jD|w>y2{-q{ms?6%W0VlVaoS zB}1;#l1i_~uf)u>RKA6S@fhOgG^LM!?|~m71hgISG;-!i8ZvqE1rJt(#p6|&ht&`| zAQczFNQm2>SdT6*s}mYfDKSmi&Uv~Yu;KmlnJO17vYFxzP%X@8QHaG$`NEQyUA`q! ze1d@#RE`P3(qSv{{(S$VfgNm4Pd5M~?bP}S(~0MKe9@<2Um-v22V~)1laFe|E{0GS z(()+*1}*v|wZb+Tu$Kd7O$M=2*HS%5Ge2cX7?yPCT7Q?<2vR^cHG-m2A;%ITKM{@j2FqzF-O;R1kFxLcg6k7mG>ic_wPW<) z4(A%$JJUcxo+ft#h47Ft5#WUB5<;T~D+Zr|Or^P^IUd=eXh73R8j=3=fhB@(!pMs~ z$}EPYro3;}h8wQlyprv8lB16xn(G(lYFMJHpq6wk>WbzpBun3IiL6Ew=~jXXFO<-1 z$1NRYRgTq!v#NkOFbF8XQd`1gz?87JkbUEOQoW}569PZmdnvoVy)dC6BEzr?HX5tM zVTp~a{DNnl@je!