𝖄𝕺🌎𝕿𝕽𝕺¥

𝖄𝕺🌎𝕿𝕽𝕺¥

𝕴 𝖉𝖔 𝖒𝖆𝖌𝖎𝖈
github
HomeArchivesNFTsMemosIndex

Build your own web vulnerability practice platform, suitable for users of all levels.

#漏洞靶场#Pikachu140
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The article discusses the process of setting up a web vulnerability practice platform called Pikachu. It is suitable for users of all levels and includes various types of vulnerabilities such as brute force, XSS, CSRF, SQL injection, RCE, and more. The article provides installation instructions and suggests using integrated software like XAMPP or WAMP to set up the required environment. It also mentions the option of setting up the platform on a Raspberry Pi or virtual machine.

Preface: How can we not have practice after learning some theory and skills? Let's build our own vulnerability practice platform.

============================================================

Using the Pikachu Vulnerability Playground System, I can't find the official website...
Pikachu is a web application system with vulnerabilities, which includes common web security vulnerabilities. If you are a web penetration testing learner and are worried about not having a suitable playground for practice, then Pikachu might be just right for you.

The vulnerability types on Pikachu are listed below:

    Burt Force
    XSS (Cross-Site Scripting)
    CSRF (Cross-Site Request Forgery)
    SQL-Inject (SQL Injection)
    RCE (Remote Command/Code Execution)
    Files Inclusion
    Unsafe file downloads
    Unsafe file uploads
    Over Permission
    ../../../ (Directory Traversal)
    I can see your ABC (Sensitive Information Disclosure)
    PHP Deserialization Vulnerability
    XXE (XML External Entity attack)
    Insecure URL Redirection
    SSRF (Server-Side Request Forgery)
    More... (Look for surprises!)
    The management tool provides a simple XSS management background for you to test phishing and steal cookies~
    More vulnerabilities will be continuously added in the future. You are also welcome to submit vulnerability cases to me. Please follow Pikachu for the latest version.

Author's GitHub link: https://github.com/zhuifengshaonianhanlu
For each vulnerability category, different subclasses are designed based on different situations.

Installation#

The database used is mysql, so to run Pikachu, you need to install the basic environment of "PHP+MYSQL+Middleware (such as Apache, Nginx, etc.)" in advance. It is recommended to use integrated software to build these basic environments directly in your testing environment, such as XAMPP, WAMP, etc.
-->Put the downloaded Pikachu folder in the web server's root directory;
-->Modify the database connection configuration in inc/config.inc.php according to the actual situation;
-->Access http://x.x.x.x/pikachu, and there will be a passionate prompt in red saying "Welcome, Pikachu has not been initialized, click to proceed with the initialization installation!" Click to complete the installation.

It's not difficult to build it at home by yourself. You need a Raspberry Pi or other hardware with low requirements. If not, a virtual machine will also work.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.