Athena is a web application developed in Python-Flask-SQLite for testing your skills as a Hacker, Coder and Warrior.
SQLiteor you can install it fast with
sudo apt install sqlite3.
# clone the repo $ git clone https://github.com/yezz123/Athena # move to the project folder $ cd Athena
pipenva global python project
pip install pipenv.
virtual environmentfor this project.
# creating pipenv environment for python 3 $ pipenv --three # activating the pipenv environment $ pipenv shell # if you have multiple python 3 versions installed then $ pipenv install -d --python 3.8 # install all dependencies (include -d for installing dev dependencies) $ pipenv install -d
# Prefer to use a Pentesting OS ex. Kali Linux or Parrot Security $ sudo ./install.sh
GOOD versions, requires an initialization of the database.
This is done by running the
db_init.py inside each of the directories.
Each version has their own sqlite files for the users and posts.
The execution of the script is, for example:
# Move to the Bad Directory $ cd bad # Run the Initialization as Root $ sudo ./db_init.py
# Move to the Good Directory $ cd good # Run the Initialization as Root $ sudo ./db_init.py
# if you run the Initialization in the Bad Directories you need to run the Bad/Athena.py $ sudo python Athena.py # Create a Certificate Key and implement it on the ssl configuration to run the SSL version. # if you run the Initialization in the Bad Directories you need to run the Bad/Athena-ssl.py $ sudo python Athena-ssl.py
We have the Dockerfile created in above section. Now, we will use the Dockerfile to create the image of Athena app and then start the Image app container.
You could use a pre-configured
Makefile to build the image and start the container.
# Build the image $ make build # Start the container $ make start
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.
The primary aim of the OWASP Application Security Verification Standard (ASVS) Projectis to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications. The requirements were developed with the following objectives in mind:
[x] - Use as a metric- Provide application developers and application owners with a yardstick with which to assess the degree of trust that can be placed in their Web applications,
[x] - Use as guidance- Provide guidance to security control developers as to what to build into security controls in order to satisfy application security requirements, and
[x] - Use during procurement- Provide a basis for specifying application security verification requirements in contracts.
BadFolder Provide ?
Some of the vulnerabilities present on the "BAD" version:
Understand More about the vulnerabilities That Athena Provide by Reading the Helper.md.
Behind lines , Why I choose this name cause it look more dramatic for the project.I am inspired a lot from Athena for example, how she was a great woman with a great power & how she inspire from life and acting for civilization.
That is for you, cause when you try to escape and use Athena, you break into a world of 0's & 1's for testing your power of coding and breaking into the hidden part.
The good side or the side where I respect all OWASP ASVS that show also the good side of thinking that Athena has.
The bad side is where you can test your hidden skills and see if you can break the rules to making it a safe one like Athena did when she fight for civilization.
But this is not a civilization war is a war again vulnerability, develop your skills of coding & problem solving with it.
This project can only be used for educational purposes. Using this software against target systems without prior permission is illegal, and any damages from misuse of this software will not be the responsibility of the author.
This project is licensed under the terms of the MIT license.