Add files via upload

Author: appsec-devops

TIWAP-master/Dockerfile

@@ -0,0 +1,14 @@
+FROM ubuntu:18.04
+
+WORKDIR /app
+COPY . /app
+
+RUN apt-get update
+RUN apt-get install iputils-ping -y
+RUN apt install python3 python3-pip -y
+RUN pip3 install -r requirements.txt
+
+# EXPOSE 5001
+
+# ENTRYPOINT ["python"]
+# CMD ["app.py"]

TIWAP-master/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Simardeep Singh
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

TIWAP-master/README.md

@@ -0,0 +1,109 @@
+# Totally Insecure Web Application Project (TIWAP)
+
+![Forks](https://img.shields.io/github/forks/tombstoneghost/TIWAP?style=for-the-badge)
+![Stars](https://img.shields.io/github/stars/tombstoneghost/TIWAP?style=for-the-badge)
+![OpenIssues](https://img.shields.io/github/issues/tombstoneghost/TIWAP?style=for-the-badge)
+![ClosedIssues](https://img.shields.io/github/issues-closed/tombstoneghost/TIWAP?style=for-the-badge)
+![Languages](https://img.shields.io/github/languages/count/tombstoneghost/TIWAP?style=for-the-badge)
+![License](https://img.shields.io/github/license/tombstoneghost/TIWAP?style=for-the-badge)
+
+
+
+TIWAP is a web security testing lab made using Flask for budding security enthusiasts to learn about various web 
+vulnerabilities. Inspired by DVWA, the contributors have tried their best to regenerate various web vulnerabilities
+
+The application is solely made for educational purpose and to learn web hacking in a legal environment. 
+
+Read more about it [here](https://singh-simardeepsingh99.medium.com/tiwap-3a8b70043ce9)
+
+## Disclaimer
+
+We highly recommend installing the lab on a Virtual Machine instead of a live web server (Internal or External).
+
+We do not take responsibility for the way in which anyone uses this application (TIWAP). 
+The application has been made for educational purpose only and should not be used maliciously. 
+If your web servers are compromised due to installation of this application, 
+it is not our responsibility, it is the responsibility of the person/s who uploaded and installed it.
+
+
+## Setup and Installation
+To keep the installation and setup easy, we have configured everything for you. All you need is Docker on your system.
+
+Once you are done with docker installation, run the following commands. 
+
+> git clone https://github.com/tombstoneghost/TIWAP <br/>
+> cd TIWAP <br/>
+> docker-compose up
+
+<strong>Note: It works only on Linux as of now and windows compatibility is work under progress </strong>
+
+Once the lab is started, you can log in using the default credentials.<br/>
+Username: `admin` <br/>
+Password: `admin`
+
+## Tech Stack
+
+Front-End: HTML, CSS and JavaScript <br/>
+Back-End: Python - Flask <br/>
+Databases: SQLite3 and MongoDB
+
+## Vulnerabilities
+
+Currently, we have 20 vulnerabilities in the lab. All listed below:
+
+- SQL Injection
+- Blind SQL Injection
+- NoSQL Injection
+- Command Injection
+- Business Logic Flaw
+- Sensitive Data Exposure
+- XML External Entities
+- Security Misconfiguration
+- Reflected XSS
+- Stored XSS
+- DOM Based XSS
+- HTML Injection
+- Improper Certificate Validation
+- Hardcoded Credentials
+- Insecure File Upload
+- Brute Force
+- Directory Traversal
+- Cross-Site Request Forgery (CSRF)
+- Server-Side Request Forgery (SSRF)
+- Server-Side Template Injection (SSTI)
+
+Each vulnerability is having 3 difficulty levels, namely Low, Medium and Hard. 
+These levels can be set from the settings page.
+
+
+## Bugs and Issues
+
+If you find any bugs or issues with the project, kindly raise the same on the below link.
+
+https://github.com/tombstoneghost/TIWAP/issues
+
+## Contributors
+
+1. Simardeep Singh - [LinkedIn](https://www.linkedin.com/in/simardeepsingh99/) | [Twitter](https://twitter.com/simardeep99)
+2. Yash Giri -  [LinkedIn](https://www.linkedin.com/in/yashgiri/)
+3. Sakshi Aggarwal - [LinkedIn](https://www.linkedin.com/in/s4ksh1/) | [Twitter](https://twitter.com/s4ksh1)
+
+### Want to be a contributor? 
+
+1. Star this repository
+2. Fork this repository
+3. Clone the forked repository
+4. Navigate to the project directory
+5. Create a new branch with your name
+6. Make changes
+7. Stage your changes and commit
+8. Push your local changes to remote
+9. Create a Pull Request
+10. Congratulations! You did it. 
+
+## License 
+
+This project is under the MIT License - Click [here](https://github.com/tombstoneghost/TIWAP/blob/master/LICENSE) for details.
+
+<strong>Happy Hacking! :)</strong>
+

TIWAP-master/Static/Images/cat.jpg

@@ -0,0 +1,14 @@
+html, body {
+    width: 100%;
+    height: 100%;
+    margin: 0px;
+    padding: 0px;
+    overflow-x: hidden;
+}
+
+.vuln {
+    width: 200px;
+    height: 150px;
+    margin: 25px;
+    padding: 25px;
+}

TIWAP-master/Static/Images/dog.jpg

@@ -0,0 +1,3 @@
+Disallowed:
+
+/backups/card-db.bk

TIWAP-master/Static/Images/monkey.jpg

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><sqlb_project><db path="D:/Projects/Python/TIWAP/TIWAF.db" readonly="0" foreign_keys="1" case_sensitive_like="0" temp_store="0" wal_autocheckpoint="1000" synchronous="2"/><attached/><window><main_tabs open="structure browser pragmas query" current="1"/></window><tab_structure><column_width id="0" width="300"/><column_width id="1" width="0"/><column_width id="2" width="125"/><column_width id="3" width="968"/><column_width id="4" width="0"/><expanded_item id="0" parent="1"/><expanded_item id="1" parent="1"/><expanded_item id="2" parent="1"/><expanded_item id="3" parent="1"/></tab_structure><tab_browse><current_table name="4,5:mainusers"/><default_encoding codec=""/><browse_table_settings><table schema="main" name="users" show_row_id="0" encoding="" plot_x_axis="" unlock_view_pk="_rowid_"><sort/><column_widths><column index="1" value="94"/><column index="2" value="649"/><column index="3" value="129"/></column_widths><filter_values/><conditional_formats/><row_id_formats/><display_formats/><hidden_columns/><plot_y_axes/><global_filter/></table></browse_table_settings></tab_browse><tab_sql><sql name="SQL 1">SELECT username FROM users WHERE username='' OR SELECT version()</sql><current_tab id="0"/></tab_sql></sqlb_project>