Awesome Open Source
Awesome Open Source

vAPI Tweet

Docker Build Status License: GPL v3 Version PHP Laravel Issues

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises.

Requirements

  • PHP
  • MySQL
  • PostMan
  • MITM Proxy

Installation (Docker)

docker-compose up -d

Updating

You can clone new code but may need to run the following for a fresh spin before running docker-compose

docker rm -f $(docker ps -a -q)
docker volume rm $(docker volume ls -q)

Installation (Manual)

Copying the Code

cd <your-hosting-directory>
git clone https://github.com/roottusk/vapi.git

Setting up the Database

Import vapi.sql into MySQL Database

Configure the DB Credentials in the vapi/.env

Starting MySQL service

Run following command (Linux)

service mysqld start

Starting Laravel Server

Go to vapi directory and Run

php artisan serve

Setting Up Postman

  • Import vAPI.postman_collection.json in Postman
  • Import vAPI_ENV.postman_environment.json in Postman

OR

Use Public Workspace

https://www.postman.com/roottusk/workspace/vapi/

Usage

Browse http://localhost/vapi/ for Documentation

After Sending requests, refer to the Postman Tests or Environment for Generated Tokens

Mentions and References

[1] https://apisecurity.io/issue-132-experian-api-leak-breaches-digitalocean-geico-burp-plugins-vapi-lab/

[2] https://dsopas.github.io/MindAPI/references/

[3] https://dzone.com/articles/api-security-weekly-issue-132

[4] https://owasp.org/www-project-vulnerable-web-applications-directory/

[5] https://awesomeopensource.com/project/arainho/awesome-api-security

Walkthroughs/Writeups

‼️ Spoiler Alert

[1] https://cyc0rpion.medium.com/exploiting-owasp-top-10-api-vulnerabilities-fb9d4b1dd471

Acknowledgements

  • The icon and banner uses image from Flaticon

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Html (432,045
Php (404,479
Hacktoberfest (34,529
Docker (33,834
Api (22,162
Hacktoberfest Accepted (2,129
Bugbounty (762
Postman (592
Cors (560
Exercises (486
Owasp (319
Related Projects