JavaScript

Express

JavaScript Express is a Node.js web application framework that is also used to build REST APIs.

Popularity: According to StackOverflow’s 2022 Developer Survey, Express is the most popular framework that can be used to build REST APIs.

vuln_node_express

Description: A vulnerable Node Express service meant to be used as a target for security testing tools. It contains XSS and SQL Injection vulnerabilities.
Source Code: https://github.com/vulnerable-apps/vuln_node_express
Credentials: None

git clone https://github.com/vulnerable-apps/vuln_node_express
cd vuln_node_express

# Start the app
docker-compose up -d

# run the scan
APP=vuln_node_express
nightvision target create $APP http://localhost:3000 --type web
nightvision scan $APP

Angular

Angular is a JavaScript framework for building web applications.

Popularity: Angular is the second most popular web application framework behind React, according to StackOverflow’s 2022 Developer Survey.

OWASP Juice Shop

Description: A modern and sophisticated insecure web application. Considered to be the gold standard of baselining web application scanning tools. An Official OWASP Project. You can also access OWASP Juice Shop here: https://juice-shop.herokuapp.com
Source Code: https://github.com/juice-shop/juice-shop.git
Credentials:
- Username: admin@juice-sh.op
- Password: admin123

git clone https://github.com/juice-shop/juice-shop.git --depth=1
cd juice-shop

# Start the app
# Option 1: Build the Docker container from source
docker build -t juice-shop .
docker run --rm -d -p 3000:3000 juice-shop

# Option 2: Run the pre-built image
docker run --rm -d -p 3000:3000 bkimminich/juice-shop

# Record authentication
# Username: admin@juice-sh.op
# Password: admin123
URL="http://localhost:3000"
APP="juice-shop"
nightvision target create $APP $URL --type api
nightvision auth playwright create $APP $URL

# Extract API Documentation
nightvision swagger extract . -t $TARGET --lang js

# Run the scan
nightvision scan $APP --auth $APP