Skip to content

Neural-alchemy/Openpentest-labs-web

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
app
app
 
 
patches
patches
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
attack_chains.md
attack_chains.md
 
 
guide.md
guide.md
 
 
roadmap.md
roadmap.md
 
 
solution.md
solution.md
 
 
verify.py
verify.py
 
 

Repository files navigation

Neuralchemy

OpenPentest-Auth Labs

Intentionally vulnerable authentication system. Find the bugs, exploit them with Burp Suite, read the code, fix them by hand, then check if your fix introduced a new bug.

10 security vulnerabilities. Username enumeration, IP spoofing, brute force, CSRF, broken access control, debug endpoint leaks, session fixation, broken logout, weak reset tokens, weak passwords.

Quick Start

# 1. Clone and enter the lab
git clone https://github.com/neuralchemy/auth-labs.git
cd auth-labs/app

# 2. Install dependencies
pip install fastapi uvicorn jinja2 python-multipart bcrypt aiofiles

# 3. Set vulnerable mode and run
set NEURALCHEMY_MODE=vulnerable          # Windows
export NEURALCHEMY_MODE=vulnerable       # Linux/Mac

python -m uvicorn main:app --reload --port 8000

Open http://127.0.0.1:8000 → register a test user → start hacking.

How It Works

Learn the concept → Try to hack it → Read the vulnerable code → Fix it manually → Did your fix create a new bug?

Every bug follows this loop. You're both the attacker and the defender.

Files you'll use

File What it does
guide.md Walk through all 10 bugs — learn, challenge, hack, fix
solution.md Stuck? Step-by-step Burp Suite exploitation
patches/PATCHES.md The fixes — FIND vulnerable code, REPLACE WITH hardened code
attack_chains.md How individual bugs chain into real-world attacks
roadmap.md What's coming next (2FA, OAuth, IDOR, business logic)

Verify your fixes

python verify.py              # Confirms all 10 bugs ARE exploitable
python verify.py --hardened   # Confirms all 10 fixes ARE working

The Bugs

# Bug Where Impact
1.1 Username Enumeration auth.py login_v1() Reveals valid accounts
1.2 IP Spoofing main.py get_client_ip() Bypasses rate limiting
1.3 No Rate Limiting auth.py login_v1() Unlimited brute force
1.4 No CSRF on Login main.py + login.html Login CSRF attack
1.5 Broken Admin Access main.py admin_panel() Any user → admin panel
1.6 Debug Endpoints main.py Sessions/users leaked
1.7 Session Fixation main.py login_submit() Persistent hijacking
1.8 Broken Logout main.py logout() Session survives logout
1.9 Weak Reset Tokens main.py forgot/reset Account takeover
1.10 Weak Passwords main.py register "1234" accepted

Branches

Branch What's in it
main Vulnerable app — start here
hardened All 10 bugs fixed — compare your work 
# See what changed between vulnerable and hardened
git diff main..hardened -- app/auth.py
git diff main..hardened -- app/main.py

Requirements

  • Python 3.10+
  • Burp Suite Community (free) — for exploitation
  • A text editor — for manual code fixes

currently we have only auth 10 vuln but we will have 40 vuln under this auth lab . we will try to cover all the imp vuln

coming soon.

Built by Neuralchemy

About

OpenPentest is an open-source pentesting lab system where learners exploit real vulnerabilities, understand the engineering constraints behind them, apply the fix, and retest like a pentester to complete the full security loop.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages