Skip to content
master
Switch branches/tags
2 branches 3 tags
Code

Latest commit

@roottusk
roottusk Update README.md
092306b Jan 27, 2022
Update README.md
092306b

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Resources
Add APK
Oct 12, 2021
conf
vAPI 1.0
Mar 28, 2021
database
Laravel Migration
Sep 10, 2021
postman
Custom Arena for Contribution Added
Oct 2, 2021
vapi
Flag Dashboard API
Oct 11, 2021
CONTRIBUTING.md
Update CONTRIBUTING.md
Oct 2, 2021
Dockerfile
Laravel Migration
Sep 10, 2021
LICENSE
Initial commit
Sep 6, 2020
README.md
Update README.md
Jan 27, 2022
docker-compose.yml
Laravel Migration
Sep 10, 2021
vapi_logo.png
Laravel Migration
Sep 10, 2021
vAPI Requirements Installation (Docker) Updating Installation (Manual) Copying the Code Setting up the Database Starting MySQL service Starting Laravel Server Setting Up Postman Usage Presented At Upcoming Mentions and References Walkthroughs/Writeups/Videos Acknowledgements

README.md

vAPI Tweet

Docker Build Status License: GPL v3 Version PHP Laravel Issues

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises.

Requirements

  • PHP
  • MySQL
  • PostMan
  • MITM Proxy

Installation (Docker)

docker-compose up -d

Updating

You can clone new code but may need to run the following for a fresh spin before running docker-compose

docker rm -f $(docker ps -a -q)
docker volume rm $(docker volume ls -q)

Installation (Manual)

Copying the Code

cd <your-hosting-directory>
git clone https://github.com/roottusk/vapi.git

Setting up the Database

Import vapi.sql into MySQL Database

Configure the DB Credentials in the vapi/.env

Starting MySQL service

Run following command (Linux)

service mysqld start

Starting Laravel Server

Go to vapi directory and Run

php artisan serve

Setting Up Postman

  • Import vAPI.postman_collection.json in Postman
  • Import vAPI_ENV.postman_environment.json in Postman

OR

Use Public Workspace

https://www.postman.com/roottusk/workspace/vapi/

Usage

Browse http://localhost/vapi/ for Documentation

After Sending requests, refer to the Postman Tests or Environment for Generated Tokens

Presented At

OWASP 20th Anniversary

Blackhat Europe 2021 Arsenal

HITB Cyberweek 2021, Abu Dhabi, UAE

@Hack, Riyadh, KSA

Upcoming

Mentions and References

[1] https://apisecurity.io/issue-132-experian-api-leak-breaches-digitalocean-geico-burp-plugins-vapi-lab/

[2] https://dsopas.github.io/MindAPI/references/

[3] https://dzone.com/articles/api-security-weekly-issue-132

[4] https://owasp.org/www-project-vulnerable-web-applications-directory/

[5] https://github.com/arainho/awesome-api-security

[6] https://portswigger.net/daily-swig/introducing-vapi-an-open-source-lab-environment-to-learn-about-api-security

Walkthroughs/Writeups/Videos

[1] https://cyc0rpion.medium.com/exploiting-owasp-top-10-api-vulnerabilities-fb9d4b1dd471

[2] https://www.youtube.com/watch?v=0F5opL_c5-4&list=PLT1Gj1RmR7vqHK60qS5bpNUeivz4yhmbS (Turkish Language)

Acknowledgements

  • The icon and banner uses image from Flaticon

About

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises.

Topics

api docker php cors owasp postman exercises bugbounty appsec hacktoberfest vulnerable-application owasp-top-10 owasp-top-ten appsec-tutorials bugbounty-tool apitop10 hacktoberfest-accepted

Resources

Readme

License

GPL-3.0 License

Stars

300 stars

Watchers

13 watching

Forks

50 forks

Releases 3

vAPI 1.0.1 Latest
Sep 4, 2021
+ 2 releases

Packages

No packages published

Contributors 4

Languages