Skip to content
forked from conikeec/tarpit

A dang vulnerable application to showcase Ocular's capability

Notifications You must be signed in to change notification settings

gacevedo/tarpit

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

tarpit-logo

Tarpit Java

A web application seeded with vulnerabilities, rootkits, backdoors and data leaks

Tarpit is a Java web application that is seeded with vulnerable conditions (OWASP based, Business Logic Flaws, Rootkits and Data Leaks). Its main goal is to be an aid for security professionals to test with Ocular, help web developers better understand the processes of securing web applications.

Common Vulnerabilities

File Description
ServletTarpit.java Common OWASP categorized vulnerabilities
DocumentTarpit.java XXE based vulnerability

Insider Attacks/Backdoor Patterns

File Description
Insider.java

Data Leaks

File Description
ServletTarpit.java Hardcoded credentials, sensitive data leaking on channels

Building

Tarpit uses Maven build system. Make sure you have maven installed on your system. Then use the following command to build the application,

mvn clean compile package

The servlettarpit.war artifact is generated in the target directory which can be used for further analysis.

ℹ️ This packaged WAR file is intended NOT to run or be deployed in a web container. Its main goal is to be an aid for security professionals to test with Ocular


⚠️ Disclaimer

We do not take responsibility for the way in which any one uses this application. We have made the purposes of the application clear and it should not be used maliciously.

About

A dang vulnerable application to showcase Ocular's capability

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%