Cyber Sentinel is a PHP/MySQL web application made intentionally vulnerable! This project aims to increase awareness about common yet dangerous vulnerabilities.
This application allows the user to exploit some beginner-level vulnerabilities by themselves. Tutorials are provided to learn about:
- The vulnerability
- How it can be exploited
- The part of the code causing this vulnerability.
- How to patch this vulnerability at different levels.
To set up this application on Windows, you must run Apache and MySQL services, which are inbuilt in XAMPP.
Follow this for setting up Cyber Sentinel on Windows.
After setting up and downloading the repository, rename the folder to cybersentinel
and place it inside htdocs folder of XAMPP.
You can also download the dockerized version of the application here, which will require you to download the Docker Desktop application for Windows.
Follow the steps in this Docker Hub repository to use this application on Docker.
- There are different vulnerabilities with different difficulty levels. The difficulty levels are based on how good the patch is for that specific vulnerability.
- There is no fixed objective to complete a module. If you feel you've exploited the system thoroughly, the goal is reached!
- There is a help button at the bottom to view hints & tips for that vulnerability. There are additional links for further reading on each vulnerability.
- Refer CONTRIBUTING.md and DEVELOPMENT.md for more information on how to contribute to this project.
This application is vulnerable! There are documented vulnerabilities that will cause more undocumented ones.
So, it is strictly advised not
to use it directly on your host machine without any virtual machine or docker.
Do not host code from this project on internet-facing servers.
I do not take responsibility for how anyone uses this application (Cyber Sentinel). I have made the purposes of the application clear, and it should not be used maliciously.
I have warned users from installing Cyber Sentinel on live web servers.
If any web server is compromised via installing Cyber Sentinel, it is not my responsibility. It is the responsibility of the person/s who uploaded and installed it.
Feel free to highlight any mistakes and contribute to this project by opening pull requests. I'm free for a quick chat.
Mail: suchit20016+cybersentinel@gmail.com
Discord: Cyber Sentinel
Slack: opensrc_cybersentinel
This project is inspired from DVWA. I added more functionalities and improved the user interface on top of this amazing project.