Problematic project

Contains bad Python code with weak configuration settings, a sub-standard Dockerfile and vulnerable dependencies for demo purposes.

Don't run this thing in production. 🙄

Based on the vulnerable Python webapp Vulpy created by F. Portantier.

Installing dependencies

uv sync

Name		Name	Last commit message	Last commit date
Latest commit History 19 Commits
.github/workflows		.github/workflows
payloads		payloads
static		static
templates		templates
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
Dockerfile		Dockerfile
Dockerfile-improved		Dockerfile-improved
LICENSE		LICENSE
README.md		README.md
api_list.py		api_list.py
api_post.py		api_post.py
brute.py		brute.py
csp.txt		csp.txt
db.py		db.py
db_init.py		db_init.py
libapi.py		libapi.py
libmfa.py		libmfa.py
libposts.py		libposts.py
libsession.py		libsession.py
libuser.py		libuser.py
main.py		main.py
mod_api.py		mod_api.py
mod_csp.py		mod_csp.py
mod_hello.py		mod_hello.py
mod_mfa.py		mod_mfa.py
mod_posts.py		mod_posts.py
mod_user.py		mod_user.py
otps.txt		otps.txt
pyproject.toml		pyproject.toml
requirements.txt		requirements.txt
trivy-results-better-high-critical.json		trivy-results-better-high-critical.json
trivy-results-better.json		trivy-results-better.json
trivy-results-high-critical.json		trivy-results-high-critical.json
trivy-results.json		trivy-results.json
uv.lock		uv.lock
vulpy-ssl.py		vulpy-ssl.py
vulpy.py		vulpy.py