GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects β†’ yezz123 β†’ Athena

yezz123 / Athena

Licence: MIT license
Test your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior πŸ₯·πŸ»

Programming Languages

python
139335 projects - #7 most used programming language
HTML
75241 projects
javascript
184084 projects - #8 most used programming language

Labels

linuxflasksecurityathenahackingowaspvulnerabilitysqlite3pentesting

Projects that are alternatives of or similar to Athena

Hacker ezines
A collection of electronic hacker magazines carefully curated over the years from multiple sources
Stars: ✭ 72 (+67.44%)
Mutual labels:  owasp, vulnerability
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+1962.79%)
Mutual labels:  owasp, vulnerability
Vbscan
OWASP VBScan is a Black Box vBulletin Vulnerability Scanner
Stars: ✭ 295 (+586.05%)
Mutual labels:  owasp, vulnerability
Phpvuln
Audit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (+239.53%)
Mutual labels:  owasp, vulnerability
Resources-for-Application-Security
Some good resources for getting started with application security
Stars: ✭ 97 (+125.58%)
Mutual labels:  owasp
squirrel
Like curl, or wget, but downloads directly go to a SQLite databse
Stars: ✭ 24 (-44.19%)
Mutual labels:  sqlite3
NSP
A Social Network that brings engineer's from all fields together to collaborate 🌐
Stars: ✭ 28 (-34.88%)
Mutual labels:  sqlite3
nmap-log4shell
Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)
Stars: ✭ 54 (+25.58%)
Mutual labels:  vulnerability
athena-sqlite
A SQLite driver for S3 and Amazon Athena 😳
Stars: ✭ 82 (+90.7%)
Mutual labels:  athena
rds-snapshot-export-to-s3-pipeline
RDS Snapshot Export to S3 Pipeline
Stars: ✭ 88 (+104.65%)
Mutual labels:  athena
turing-machine
A Python program implementing and exploiting the Minsky Turing machine considered in the paper "Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine" as per CVE-2021-32471 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471)
Stars: ✭ 70 (+62.79%)
Mutual labels:  vulnerability
exynos-usbdl
Unsigned code loader for Exynos BootROM
Stars: ✭ 57 (+32.56%)
Mutual labels:  vulnerability
Tenable.io-SDK-for-Python
Tenable.io SDK offers a scalable and safe way to integrate with the Tenable.io platform.
Stars: ✭ 83 (+93.02%)
Mutual labels:  vulnerability
SmmExploit
The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.
Stars: ✭ 98 (+127.91%)
Mutual labels:  vulnerability
coraza-caddy
OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
Stars: ✭ 75 (+74.42%)
Mutual labels:  owasp
QuickDAO
Simple Data Access Object library with LinQ and multiengine support for (Windows,Linux,OSX/IOS/Android) and freepascal (Windows/Linux)
Stars: ✭ 49 (+13.95%)
Mutual labels:  sqlite3
PayloadsAll
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-27.91%)
Mutual labels:  vulnerability
cloudrasp-log4j2
δΈ€δΈͺι’ˆε―Ήι˜²εΎ‘ log4j2 CVE-2021-44228 ζΌζ΄žηš„ RASP ε·₯具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.
Stars: ✭ 105 (+144.19%)
Mutual labels:  vulnerability
athenadriver
A fully-featured AWS Athena database driver (+ athenareader https://github.com/uber/athenadriver/tree/master/athenareader)
Stars: ✭ 116 (+169.77%)
Mutual labels:  athena
CVE-2020-11651
CVE-2020-11651: Proof of Concept
Stars: ✭ 41 (-4.65%)
Mutual labels:  vulnerability
View All Similar Projects βž”

Athena

Star Badge

ATHENA

Athena is a web application developed in Python-Flask-SQLite for testing your skills as a Hacker, Coder and Warrior.

Getting Started

  • Athena Work Only on Linux Environment, that why you need to use a Linux Distribution ex. Ubuntu, CentOS, Kali Linux.
  • Is Preferred to Install one of The Pentesting OS like Kali Linux or Parrot Security OS or Black Arch.
  • Check that you have install SQLite or you can install it fast with sudo apt install sqlite3.

Prerequisites

  • Python 3.6 or higher.
  • Flask.
  • Docker (Optional).

Project setup

# clone the repo
$ git clone https://github.com/yezz123/Athena

# move to the project folder
$ cd Athena

Creating virtual environment

  • Install pipenv a global python project pip install pipenv.
  • Create a virtual environment for this project.
# creating pipenv environment for python 3
$ pipenv --three

# activating the pipenv environment
$ pipenv shell

# if you have multiple python 3 versions installed then
$ pipenv install -d --python 3.8

# install all dependencies (include -d for installing dev dependencies)
$ pipenv install -d
  • After Installing the requirements, Now you will be able to do some steps to run Athena :
# Prefer to use a Pentesting OS ex. Kali Linux or Parrot Security
$ sudo ./install.sh
  • And the key will be registered and you can run now Athena.

Database Initialization

  • Both, BAD and GOOD versions, requires an initialization of the database.

  • This is done by running the db_init.py inside each of the directories.

  • Each version has their own sqlite files for the users and posts.

  • The execution of the script is, for example:

# Move to the Bad Directory
$ cd bad
# Run the Initialization as Root
$ sudo ./db_init.py
  • Or :
# Move to the Good Directory
$ cd good
# Run the Initialization as Root
$ sudo ./db_init.py

Running the Application

  • To run the Application after Database Initialization, you need to choose between 2 version Athena or Athena-SSL.
# if you run the Initialization in the Bad Directories you need to run the Bad/Athena.py

$ sudo python Athena.py

# Create a Certificate Key and implement it on the ssl configuration to run the SSL version.

# if you run the Initialization in the Bad Directories you need to run the Bad/Athena-ssl.py

$ sudo python Athena-ssl.py

Default Credentials

  • After database initialization and Running the Application, three users are created:
Username Password
admin SuperSecret
elliot 123123123
tim 12345678
  • You can use one of them to log into it, the application doesn't have a permissions system, so, the three have the same permissions.

Running the Docker Container

  • We have the Dockerfile created in above section. Now, we will use the Dockerfile to create the image of Athena app and then start the Image app container.

  • You could use a pre-configured Makefile to build the image and start the container.

# Build the image
$ make build
# Start the container
$ make start

FAQ

What is the ASVS?

  • The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.

  • The primary aim of the OWASP Application Security Verification Standard (ASVS) Projectis to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications. The requirements were developed with the following objectives in mind:

  • - Use as a metric- Provide application developers and application owners with a yardstick with which to assess the degree of trust that can be placed in their Web applications,

  • - Use as guidance- Provide guidance to security control developers as to what to build into security controls in order to satisfy application security requirements, and

  • - Use during procurement- Provide a basis for specifying application security verification requirements in contracts.

what are the Features that Athena Provide ?

  • Login/Logout
  • Read posts from other users
  • Publish posts
  • Multi-Factor Authentication (MFA)
  • API for read and write posts
  • Content Security Policy
  • SSL/TLS Server

What are the Vulnerabilities that Bad Folder Provide ?

Some of the vulnerabilities present on the "BAD" version:

  • Cross-Site Scripting (XSS)
  • SQL Injection
  • Cross Site Request Forgery (CSRF)
  • Session Impersonation
  • Insecure Deserialization
  • Authentication Bruteforce
  • Authentication Bypass

Understand More about the vulnerabilities That Athena Provide by Reading the Helper.md.

What is the Reason of Creating Athena ?

Behind lines , Why I choose this name cause it look more dramatic for the project.I am inspired a lot from Athena for example, how she was a great woman with a great power & how she inspire from life and acting for civilization.

That is for you, cause when you try to escape and use Athena, you break into a world of 0's & 1's for testing your power of coding and breaking into the hidden part.

The good side or the side where I respect all OWASP ASVS that show also the good side of thinking that Athena has.

The bad side is where you can test your hidden skills and see if you can break the rules to making it a safe one like Athena did when she fight for civilization.

But this is not a civilization war is a war again vulnerability, develop your skills of coding & problem solving with it.

Contributing

  • Join the Athena's Creator and Contribute to the Project if you have any enhancement or add-ons to create a good and Secure Project, Help any User to Use it in a good and simple way.
  • Don't forget to check the CONTRIBUTING.md file to understand the contribution process.

Disclaimer

This project can only be used for educational purposes. Using this software against target systems without prior permission is illegal, and any damages from misuse of this software will not be the responsibility of the author.

License

This project is licensed under the terms of the MIT license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].