Vulnerable Client-Server Application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface).
Alternatives To Vucsa
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
3 days ago15mitPython
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
13 days ago6June 17, 202147Python
Web path scanner
Juice Shop7,860
7 days ago1January 15, 20197mitTypeScript
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
5 days ago53cc-by-sa-4.0Dockerfile
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
5 months ago40gpl-2.0Ruby
Next generation web scanner
Awesome Web Hacking4,260
6 months ago1mit
A list of web application security
Faraday3,70711a month ago23January 10, 202243gpl-3.0Python
Open Source Vulnerability Management Platform
Security Study Plan3,013
a month ago3
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
2 years ago1gpl-3.0Shell
Git All the Payloads! A collection of web attack payloads.
a day ago11mitTypeScript
Metlo is an open-source API security platform.
Alternatives To Vucsa
Select To Compare

Alternative Project Comparisons

Vulnerable Client-Server Application (VuCSA)

Vulnerable Client-Server Application (VuCSA)

Vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface).

Currently the vulnerable application contains the following challenges:

  1. Buffer Over-read (simulated)
  2. Command Execution
  3. SQL Injection
  4. Enumeration
  5. XML
  6. Horizontal Access Control
  7. Vertical Access Control

If you want to know how to solve these challenges, take a look at the PETEP website, which describes how to use the open-source tool PETEP to exploit them.

Tip: Before you start hacking, do not forget to check the data structure of messages bellow.

How to Run

In order to run the vulnerable server and client, you can use one of releases on GitHub or run gradle assemble, which creates distribution packages (for both Windows and Unix). These packages contain sh/bat scripts that will run the server and client using JVM.

You need Java 11 or newer version to run VuCSA.

Project Structure

Project is divided into three modules:

  • vucsa-common - common functionality for both client and server (including protocol processing utilities)
  • vucsa-client - vulnerable client with JavaFX GUI
  • vucsa-server - vulnerable server for terminal use

Data Structure

Messages transmitted between server and client have the following simple format:

  32b    32b     32b     ???

These four parts have the following meaning:

  • type - type of the message (used for serialization/deserialization)
  • target - target handler that will receive the message
  • length - length of the payload
  • payload - data serialized into bytes
Popular Penetration Testing Projects
Popular Application Security Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Penetration Testing
Capture The Flag
Application Security