If you try to learn a little bit more about crypto, either because you want to know how the attacks work or just because you want to do safe code, you end up diving really fast into the math behind the algorithms, and for a lot of people this is a NO.
This project was created with some key points in mind:
- Real world examples of the crypto attack vectors
- No need to write code to exploit a vulnerability that you are still trying to understand
- No challenge without a solution
- Dead simple documentation. No complex math, no complex formulas. Good old english
- A common place to test different attack vectors
- Make easy for everyone to understand crypto, attacks and preventions.
- Go straight to the point, the challenges are no brain teasers, just a scenario with a crypto vuln.
(Make sure you have node installed)
npm install -g yarn
# This will install necessary dependencies
# (in frontend and backend)
yarn run build-with-deps
# In case you already have dependencies
# or want to install them manually you can build it with:
# yarn run build
yarn run start
You can change the port with an environment variable:
PORT=4000 yarn run start
You can download the latest docker image with:
docker pull damnvulnerablecryptoapp1/damnvulnerablecryptoapp
If you prefer to build the docker image yourself run:
npm install -g yarn
yarn build:docker
# or just:
# docker build -t dvca .
By default port 4000 is being exported, So you can map it to your own port:
docker run -p 4000:4000 -t dvca
If you want to to develop new features, or just run without building the app you can start by installing dependencies with:
# installs deps both for FE and BE
yarn run install-deps
Then you need to run independently the frontend and the backend apps.
cd backend
yarn start:dev
if you want to change the port (default is 4000) you can set an environment variable:
PORT=3000 yarn start
If you changed the server port you need to specify it when booting the frontend, again, as an environment variable:
REACT_APP_SERVER_PORT=5000 yarn start
cd frontend
yarn start
You can find project's documentation on github wiki
DamnVulnerableCryptoApp is MIT licensed