2nd-order-attacks

Run the first remediation demo app locally: https://github.com/alex-nightvision/remediation-demo

git clone https://github.com/alex-nightvision/remediation-demo.git
docker compose up -d --build

Run this app and inject to make a request to the 1st app.

git clone https://github.com/alex-nightvision/remediation-demo.git
pip install -r requirements.txt --break-system-packages
python app.py

Run the scan

# confirm its working
./check-endpoint.sh

# do a grep to show theres no s q l in the app
./look-for-sql.sh

# add target 
nightvision app create -n 2nd-order-attack
nightvision target create -n 2nd-order-attack -u http://127.0.0.1:5000 --type api
nightvision swagger extract ./ -t 2nd-order-attack --lang python 

# run
nightvision scan -t 2nd-order-attack -a 2nd-order-attack

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
.gitignore		.gitignore
.nvexcavator		.nvexcavator
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
app.py		app.py
check-endpoint.sh		check-endpoint.sh
docker-compose.yml		docker-compose.yml
helper.py		helper.py
look-for-sql.sh		look-for-sql.sh
openapi-spec.yml		openapi-spec.yml
requirements.txt		requirements.txt
utils.py		utils.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

2nd-order-attacks

About

Releases

Packages

Languages

License

alex-nightvision/2nd-order-attacks

Folders and files

Latest commit

History

Repository files navigation

2nd-order-attacks

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages