/tarpit

A damn vulnerable application to showcase Ocular's capability

Primary LanguageJava

tarpit-logo

Tarpit Java

A web application seeded with vulnerabilities, rootkits, backdoors and data leaks

Tarpit is a Java web application that is seeded with vulnerable conditions (OWASP based, Business Logic Flaws, Rootkits and Data Leaks). Its main goal is to be an aid for security professionals to test with Ocular, help web developers better understand the processes of securing web applications.

Common Vulnerabilities

File Description
ServletTarpit.java Common OWASP categorized vulnerabilities
DocumentTarpit.java XXE based vulnerability

Insider Attacks/Backdoor Patterns

File Description
Insider.java

Data Leaks

File Description
ServletTarpit.java Hardcoded credentials, sensitive data leaking on channels

Building

Tarpit uses Maven build system. Make sure you have maven installed on your system. Then use the following command to build the application,

mvn clean compile package

The servlettarpit.war artifact is generated in the target directory which can be used for further analysis.

ℹ️ This packaged WAR file is intended NOT to run or be deployed in a web container. Its main goal is to be an aid for security professionals to test with Ocular


⚠️ Disclaimer

We do not take responsibility for the way in which any one uses this application. We have made the purposes of the application clear and it should not be used maliciously.