Skip to content
/ Athena Public
forked from yezz123/Athena

Athena is a web application developed in Python - Flask - SQLite

License

MIT license
2 stars 22 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Meat0Project/Athena

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
bad
bad
 
 
good
good
 
 
img
img
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 
owasp-asvs-4.1.csv
owasp-asvs-4.1.csv
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Star Badge

Athena 🌙

Athena is a web application developed in Python / Flask / SQLite that has two faces.

GOOD: Tries to code with secure development best practices in mind.

BAD: Tries to code like (possibly) you.

  • OWASP Application Security Verification Standard :

    The "GOOD" version (not finished yet) will comply with the OWASP ASVS:

    This will permit learn how to develop python code following the best security practices.

Installation 💼

  • With a simple steps you can install Athena and also run it :
  • First you need to use a linux distro ( As example : Kali linux or ubuntu.... )
  • Install both of Flask and SQLite
      pip install Flask
      
      sudo apt install sqlite3
  • Then Clone the project into your directory :
      git clone https://github.com/GDGSNF/Athena.git
      
      cd Athena
      
      pip3 install --user -r requirements.txt
  • After Installing the Project Now you will be able to do some steps to run Athena :
      sudo ./install.sh
  • And the key will be registred and you can run now Athena!

Take care!!

  • If you found a key or a registry id that devl@kali not the creator report on issues or contact Me :
  • Exemple of key :
ED44FF07D8D0BF6
Kali linux Repository<devel@Kali.org>

Database Initialization 📅

Both, "BAD" and "GOOD" versions, requires an initialization of the database.

This is done with the script "db_init.py" inside each of the directories (bad, and good).

Each version has their own sqlite files for the users and posts.

The execution of the script is, for example:

    cd bad
    ./db_init.py

Or :

    cd good
    ./db_init.py

Features 🔑

  • Login/Logout
  • Read posts from other users
  • Publish posts
  • Multi-Factor Authentication (MFA)
  • API for read and write posts
  • Content Security Policy
  • SSL/TLS Server

Vulnerabilities 🔥

Some of the vulnerabilities present on the "BAD" version:

  • Cross-Site Scripting (XSS)
  • SQL Injection
  • Cross Site Request Forgery (CSRF)
  • Session Impersonation
  • Insecure Deserialization
  • Authentication Bruteforce
  • Authentication Bypass

Note: The "GOOD" version (not finished yet) is supposed to don't have vulnerabilities, but I'm a human being, so...

Default Credentials 🐍

After database initialization, three users are created:

Username Password
admin SuperSecret
elliot 123123123
tim 12345678

You can login with any user, the application doesn't have a permissions system, so, the three have the same permissions.

Contributing ⭐

Contributions are welcome! ♥! Please share any features, and add unit tests! Use the pull request and issue systems to contribute.

Credits & Thanks 🏆

  • Contact me here :

About

Athena is a web application developed in Python - Flask - SQLite

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 46.2%
  • CSS 37.0%
  • HTML 15.9%
  • Other 0.9%