webgoat / webgoat-legacy Goto Github PK

Legacy WebGoat 6.0 - Deliberately insecure JavaEE application

CSS 2.64% JavaScript 18.61% HTML 39.15% Java 39.59% C# 0.01%

webgoat-legacy's Introduction

WebGoat: A deliberately insecure Web Application

Introduction

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.

This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.

WARNING 1: While running this program your machine will be extremely vulnerable to attack. You should disconnect from the Internet while using this program. WebGoat's default configuration binds to localhost to minimize the exposure.

WARNING 2: This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.

Installation instructions:

For more details check the Contribution guide

1. Run using Docker

Already have a browser and ZAP and/or Burp installed on your machine in this case you can run the WebGoat image directly using Docker.

Every release is also published on DockerHub.

docker run -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 webgoat/webgoat

For some lessons you need the container run in the same timezone. For this you can set the TZ environment variable. E.g.

docker run -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=America/Boise webgoat/webgoat

If you want to use OWASP ZAP or another proxy, you can no longer use 127.0.0.1 or localhost. but you can use custom host entries. For example:

127.0.0.1 www.webgoat.local www.webwolf.local

Then you can run the container with:

docker run -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e WEBGOAT_HOST=www.webgoat.local -e WEBWOLF_HOST=www.webwolf.local -e TZ=America/Boise webgoat/webgoat

Then visit http://www.webgoat.local:8080/WebGoat/ and http://www.webwolf.local:9090/WebWolf/

2. Run using Docker with complete Linux Desktop

Instead of installing tools locally we have a complete Docker image based on running a desktop in your browser. This way you only have to run a Docker image which will give you the best user experience.

docker run -p 127.0.0.1:3000:3000 webgoat/webgoat-desktop

3. Standalone

Download the latest WebGoat release from https://github.com/WebGoat/WebGoat/releases

export TZ=Europe/Amsterdam # or your timezone
java -Dfile.encoding=UTF-8 -jar webgoat-2023.5.jar

Click the link in the log to start WebGoat.

4. Run from the sources

Prerequisites:

Java 17 or 21
Your favorite IDE
Git, or Git support in your IDE

Open a command shell/window:

git clone [email protected]:WebGoat/WebGoat.git

Now let's start by compiling the project.

cd WebGoat
git checkout <<branch_name>>
# On Linux/Mac:
./mvnw clean install

# On Windows:
./mvnw.cmd clean install

# Using docker or podman, you can than build the container locally
docker build -f Dockerfile . -t webgoat/webgoat

Now we are ready to run the project. WebGoat is using Spring Boot.

# On Linux/Mac:
./mvnw spring-boot:run
# On Windows:
./mvnw.cmd spring-boot:run

... you should be running WebGoat on http://localhost:8080/WebGoat momentarily.

Note: The above link will redirect you to login page if you are not logged in. LogIn/Create account to proceed.

To change the IP address add the following variable to the WebGoat/webgoat-container/src/main/resources/application.properties file:

server.address=x.x.x.x

4. Run with custom menu

For specialist only. There is a way to set up WebGoat with a personalized menu. You can leave out some menu categories or individual lessons by setting certain environment variables.

For instance running as a jar on a Linux/macOS it will look like this:

export TZ=Europe/Amsterdam # or your timezone
export EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE"
export EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations"
java -jar target/webgoat-2023.6-SNAPSHOT.jar

Or in a docker run it would (once this version is pushed into docker hub) look like this:

docker run -d -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE" -e EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations" webgoat/webgoat

webgoat-legacy's People

Contributors

Stargazers

Watchers

Forkers

yinyue ericbjones taz1988 bigdata06 skn jacksingleton mjay1234 laumarot false9striker jnkee dcowden act-ive basehub fbthrift tomconner sbt-yuri sswargam erge001 lyt23 frariz dtouzet magnologan maurosaborrello merwan jaqqbek arajparaj ddooley77 sbulatov bhargav528 mike-lesniak omegamendes kritiagg mogudoom1985 leizixu noscripter stuken 860760408 s1lkw0rm gunlee01 smaudet nuptliwen adrianmetzner rahul16giri jesus751990 josteitv enkaskal sonatype rootusercop wawava nicolaze spoint42 ccavxx jiesellee oliverbose cckuok learngoder jguoguo norbi24 iammyr larissacazi bksarthak krisbandaru nbaars mlf1956 tandhy dakshesh-coverity daksheshvyas ahmatjan noraznizam chdeepak pierrecholhot c0debrain drkarl maheskrishnan tearinheaven jmelika newaynewlife 40rn05lyv prakashgd raffaello1128 philippebaye ikortest ozten annacol aabbaabb poka93 ilatypov sravan-apps unforeseenocean mava83 chrystianjss evgmoskalenko dpulitano davengeo it662-s16 lsjp mahi0x00 weeshlow zzhgit rosam03

webgoat-legacy's Issues

[DepShield] Usage of commons-fileupload:commons-fileupload:1.2.2 results in vulnerability to [CVE-2014-0050] Permissions, Privileges, and Access Controls

This application's usage of commons-fileupload:commons-fileupload:1.2.2 causes a vulnerability to [CVE-2014-0050] Permissions, Privileges, and Access Controls with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2014-0050] Permissions, Privileges, and Access Controls.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Fails to Build because of missing dependency 'javax.transaction:jta:1.0.1B'

The jar file for 'javax.transaction:jta:1.0.1B' dependency is missing on maven central (http://mvnrepository.com/artifact/javax.transaction/jta/1.0.1B). This is causing Webgoat-Legacy builds to fail.

[DepShield] Usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 results in vulnerability to [CVE-2017-17485] Improper Control of Generation of Code ("Code Injection")

This application's usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 causes a vulnerability to [CVE-2017-17485] Improper Control of Generation of Code ("Code Injection") with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2017-17485] Improper Control of Generation of Code ("Code Injection").

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

[DepShield] Usage of commons-collections:commons-collections:3.1 results in vulnerability to [CVE-2015-6420] Serialized-object interfaces in certain Cisco Collaboration and Social Media; En...

This application's usage of commons-collections:commons-collections:3.1 causes a vulnerability to [CVE-2015-6420] Serialized-object interfaces in certain Cisco Collaboration and Social Media; En... with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2015-6420] Serialized-object interfaces in certain Cisco Collaboration and Social Media; En....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Download link in the easy install read the docs page contains dead link

Trying to use webgoat for a project.

the download links here https://webgoat-documentation.readthedocs.io/en/latest/Installation-(WebGoat-6.0)/#quick-start-easy-run
under the JAR file link do not work. Leads to a dead link. Had to download from this github instead.

[DepShield] Usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 results in vulnerability to [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data

This application's usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 causes a vulnerability to [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

[DepShield] Usage of taglibs:standard:1.1.2 results in vulnerability to [CVE-2015-0254] Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrar...

This application's usage of taglibs:standard:1.1.2 causes a vulnerability to [CVE-2015-0254] Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrar... with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2015-0254] Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrar....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

[DepShield] Usage of commons-fileupload:commons-fileupload:1.2.2 results in vulnerability to [CVE-2016-3092] Improper Input Validation

This application's usage of commons-fileupload:commons-fileupload:1.2.2 causes a vulnerability to [CVE-2016-3092] Improper Input Validation with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2016-3092] Improper Input Validation.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Welcome Page Login Failure

I get the code with git clone.
-- Run mvn clean package and mvn install command.
-- Import it to eclipse and run it inside eclipse.
-- Tomcat server logs are OK and welcome page is displayed.
-- When i log in with Webgoat admin role like username:webgoat, password:webgoat.
--I get the Invalid Session Error.

Error Log

java.lang.NullPointerException
at org.owasp.webgoat.session.WebSession.returnConnection(WebSession.java:247)
at org.owasp.webgoat.HammerHead.doPost(HammerHead.java:205)
at org.owasp.webgoat.HammerHead.doGet(HammerHead.java:106)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:618)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:721)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:466)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:391)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:318)
at org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:238)
at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:263)
at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1208)
at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:992)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:939)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:936)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:827)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:618)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)

Jun 22, 2015 12:21:21 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [mvc-dispatcher] in context with path [/WebGoat] threw exception [Request processing failed; nested exception is java.lang.NullPointerException] with root cause
java.lang.NullPointerException
at org.owasp.webgoat.session.WebSession.returnConnection(WebSession.java:247)
at org.owasp.webgoat.HammerHead.doPost(HammerHead.java:205)
at org.owasp.webgoat.HammerHead.doGet(HammerHead.java:106)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:618)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:721)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:466)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:391)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:318)
at org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:238)
at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:263)
at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1208)
at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:992)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:939)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:936)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:827)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:618)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)

Server log which is ok

Jun 22, 2015 12:18:37 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'antiJARLocking' to 'true' did not find a matching property.
Jun 22, 2015 12:18:37 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.jee.server:WebGoat-Legacy' did not find a matching property.
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server version: Apache Tomcat/8.0.20
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server built: Feb 15 2015 18:10:42 UTC
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server number: 8.0.20.0
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: OS Name: Windows 7
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: OS Version: 6.1
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Architecture: amd64
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Java Home: C:\Users\myUserName\Documents\Development\jdk-1.8
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: JVM Version: 1.8.0_40-b26
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: JVM Vendor: Oracle Corporation
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: CATALINA_BASE: C:\Users\myUserName\Documents\Development\tomcat
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: CATALINA_HOME: C:\Users\myUserName\Documents\Development\tomcat
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -agentlib:jdwp=transport=dt_socket,suspend=y,address=localhost:50498
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.base=C:\Users\myUserName\Documents\Development\tomcat
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.home=C:\Users\myUserName\Documents\Development\tomcat
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dwtp.deploy=C:\Users\myUserName\Documents\Development\tomcat\webapps
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.endorsed.dirs=C:\Users\myUserName\Documents\Development\tomcat\endorsed
Jun 22, 2015 12:18:37 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dfile.encoding=Cp1252
Jun 22, 2015 12:18:37 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Users\myUserName\Documents\Development\jdk-1.8\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:/Program Files/Java/jdk1.8.0_40/bin/../jre/bin/server;C:/Program Files/Java/jdk1.8.0_40/bin/../jre/bin;C:/Program Files/Java/jdk1.8.0_40/bin/../jre/lib/amd64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\Broadcom\Broadcom 802.11;C:\Program Files (x86)\Interactive Intelligence\ICUserApps;C:\Program Files\Java\jdk1.8.0_40\bin;C:\Users\myUserName\Documents\Development\maven\bin;C:\Program Files (x86)\Git\cmd;C:\Program Files (x86)\Skype\Phone;C:\Users\myUserName\Documents\eclipse-jee-luna-R-win32-x86_64\eclipse;;.
Jun 22, 2015 12:18:38 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-nio-8080"]
Jun 22, 2015 12:18:38 AM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector
INFO: Using a shared selector for servlet write/read
Jun 22, 2015 12:18:38 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-nio-8009"]
Jun 22, 2015 12:18:38 AM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector
INFO: Using a shared selector for servlet write/read
Jun 22, 2015 12:18:38 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1256 ms
Jun 22, 2015 12:18:38 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jun 22, 2015 12:18:38 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/8.0.20
Jun 22, 2015 12:18:41 AM org.apache.catalina.core.ApplicationContext log
INFO: No Spring WebApplicationInitializer types detected on classpath
Jun 22, 2015 12:18:42 AM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
Jun 22, 2015 12:18:47 AM org.apache.catalina.core.ApplicationContext log
INFO: WebGoat is starting
Jun 22, 2015 12:18:47 AM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'mvc-dispatcher'
Jun 22, 2015 12:18:49 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Users\myUserName\Documents\Development\tomcat\webapps\docs
Jun 22, 2015 12:18:49 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory C:\Users\myUserName\Documents\Development\tomcat\webapps\docs has finished in 29 ms
Jun 22, 2015 12:18:49 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Users\myUserName\Documents\Development\tomcat\webapps\examples
Jun 22, 2015 12:18:49 AM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Jun 22, 2015 12:18:49 AM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
Jun 22, 2015 12:18:49 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory C:\Users\myUserName\Documents\Development\tomcat\webapps\examples has finished in 499 ms
Jun 22, 2015 12:18:49 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Users\myUserName\Documents\Development\tomcat\webapps\host-manager
Jun 22, 2015 12:18:49 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory C:\Users\myUserName\Documents\Development\tomcat\webapps\host-manager has finished in 53 ms
Jun 22, 2015 12:18:49 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Users\myUserName\Documents\Development\tomcat\webapps\manager
Jun 22, 2015 12:18:49 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory C:\Users\myUserName\Documents\Development\tomcat\webapps\manager has finished in 40 ms
Jun 22, 2015 12:18:49 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Users\myUserName\Documents\Development\tomcat\webapps\ROOT
Jun 22, 2015 12:18:49 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory C:\Users\myUserName\Documents\Development\tomcat\webapps\ROOT has finished in 23 ms
Jun 22, 2015 12:18:49 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Users\myUserName\Documents\Development\tomcat\webapps\WebGoat-Legacy
Jun 22, 2015 12:18:49 AM org.apache.catalina.startup.SetContextPropertiesRule begin
WARNING: [SetContextPropertiesRule]{Context} Setting property 'antiJARLocking' to 'true' did not find a matching property.
Jun 22, 2015 12:18:51 AM org.apache.catalina.core.ApplicationContext log
INFO: No Spring WebApplicationInitializer types detected on classpath
Jun 22, 2015 12:18:52 AM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
Jun 22, 2015 12:18:55 AM org.apache.catalina.core.ApplicationContext log
INFO: WebGoat is starting
Jun 22, 2015 12:18:55 AM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'mvc-dispatcher'
Jun 22, 2015 12:18:56 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory C:\Users\myUserName\Documents\Development\tomcat\webapps\WebGoat-Legacy has finished in 6,889 ms
Jun 22, 2015 12:18:56 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-nio-8080"]
Jun 22, 2015 12:18:56 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-nio-8009"]
Jun 22, 2015 12:18:56 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 18284 ms

[DepShield] Usage of org.springframework:spring-webmvc:3.2.4.RELEASE results in vulnerability to [CVE-2016-9878] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

This application's usage of org.springframework:spring-webmvc:3.2.4.RELEASE causes a vulnerability to [CVE-2016-9878] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2016-9878] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal").

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

[DepShield] Usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 results in vulnerability to [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data

This application's usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 causes a vulnerability to [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data with a CVSS score of 8.1. Details about the vulnerability are available on the OSS Index page for [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

DepShield Deprecation Notice

Depshield will be deprecated on Monday December 12th

Please install our new product, Sonatype Lift with advanced features

[DepShield] Vulnerability due to usage of org.springframework:spring-core:3.2.4.RELEASE

DepShield reports that this application's usage of org.springframework:spring-core:3.2.4.RELEASE results in the following vulnerability(s):

(CVSS 7.5) [CVE-2018-1272] Permissions, Privileges, and Access Controls

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] Vulnerability due to usage of commons-collections:commons-collections:3.1

DepShield reports that this application's usage of commons-collections:commons-collections:3.1 results in the following vulnerability(s):

[DepShield] Vulnerability due to usage of com.fasterxml.jackson.core:jackson-databind:2.0.4

DepShield reports that this application's usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 results in the following vulnerability(s):

(CVSS 9.8) [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data
(CVSS 9.8) [CVE-2017-7525] Deserialization of Untrusted Data
(CVSS 9.8) [CVE-2017-17485] Improper Control of Generation of Code ("Code Injection")
(CVSS 9.8) [CVE-2017-15095] Deserialization of Untrusted Data
(CVSS 8.1) [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data

Unable to compile class for JSP alert comes when I try to access labs of webgoat 6.0. Kindly help.

[DepShield] Vulnerability due to usage of taglibs:standard:1.1.2

DepShield reports that this application's usage of taglibs:standard:1.1.2 results in the following vulnerability(s):

(CVSS 7.5) [CVE-2015-0254] Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrar...

[DepShield] Usage of javax.servlet:jstl:1.2 results in vulnerability to [CVE-2015-0254] Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrar...

This application's usage of javax.servlet:jstl:1.2 causes a vulnerability to [CVE-2015-0254] Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrar... with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2015-0254] Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrar....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

[DepShield] Usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 results in vulnerability to [CVE-2017-15095] Deserialization of Untrusted Data

This application's usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 causes a vulnerability to [CVE-2017-15095] Deserialization of Untrusted Data with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2017-15095] Deserialization of Untrusted Data.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Couldn't download the jar file

https://webgoat.atlassian.net/builds/browse/WEB-DAIL/latestSuccessful/artifact/shared/WebGoat-Embedded-Tomcat/WebGoat-6.0-SNAPSHOT-war-exec.jar

[DepShield] Usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 results in vulnerability to [CVE-2017-7525] Deserialization of Untrusted Data

This application's usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 causes a vulnerability to [CVE-2017-7525] Deserialization of Untrusted Data with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2017-7525] Deserialization of Untrusted Data.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

[DepShield] Usage of commons-fileupload:commons-fileupload:1.2.2 results in vulnerability to [CVE-2016-1000031] Improper Access Control

This application's usage of commons-fileupload:commons-fileupload:1.2.2 causes a vulnerability to [CVE-2016-1000031] Improper Access Control with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2016-1000031] Improper Access Control.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Change Default Port

I would like to change the default port used when double-clicking WebGoat-6.0.1-war-exec.jar (not running it from the command line with the -httpPort flag).

Is there any way to change the port in code?

I have tried setting the port in pom.xml, as specified by https://tomcat.apache.org/maven-plugin-trunk/tomcat7-maven-plugin/run-mojo.html#port:

            <plugin>
                <groupId>org.apache.tomcat.maven</groupId>
                <artifactId>tomcat7-maven-plugin</artifactId>
                <version>2.1</version>
                <executions>
                    <execution>
                        <id>tomcat-run</id>
                        <goals>
                            <goal>exec-war-only</goal>
                        </goals>
                        <phase>package</phase>
                        <configuration>
                            <port>8666</port>
                            <url>http://localhost:8666/manager</url>
                            <path>/WebGoat</path>
                            <attachArtifactClassifier>exec</attachArtifactClassifier>
                        </configuration>
                    </execution>
                </executions>
            </plugin>

But this still starts up WebGoat on 8080:

[INFO] <<< tomcat7-maven-plugin:2.1:run (default-cli) < process-classes @ WebGoat <<<
[INFO] 
[INFO] --- tomcat7-maven-plugin:2.1:run (default-cli) @ WebGoat ---
[INFO] Running war on http://localhost:8080/WebGoat
[INFO] Using existing Tomcat server configuration at /Users/augustd/Documents/Dev/WebGoat-Legacy/target/tomcat
[INFO] create webapp with contextPath: /WebGoat
Jan 21, 2016 12:09:25 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
Jan 21, 2016 12:09:25 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Tomcat
Jan 21, 2016 12:09:25 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.37
...
INFO: Initializing Spring root WebApplicationContext
Jan 21, 2016 12:09:27 PM org.apache.catalina.core.ApplicationContext log
INFO: WebGoat is starting
Jan 21, 2016 12:09:27 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'mvc-dispatcher'
Jan 21, 2016 12:09:28 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]

[DepShield] Vulnerability due to usage of commons-fileupload:commons-fileupload:1.2.2

DepShield reports that this application's usage of commons-fileupload:commons-fileupload:1.2.2 results in the following vulnerability(s):

(CVSS 9.8) [CVE-2016-1000031] Improper Access Control
(CVSS 7.5) [CVE-2014-0050] Permissions, Privileges, and Access Controls
(CVSS 7.5) [CVE-2016-3092] Improper Input Validation

[DepShield] Vulnerability due to usage of javax.servlet:jstl:1.2

DepShield reports that this application's usage of javax.servlet:jstl:1.2 results in the following vulnerability(s):

(CVSS 7.5) [CVE-2015-0254] Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrar...

[DepShield] Usage of commons-collections:commons-collections:3.1 results in vulnerability to [CVE-2017-15708] In Apache Synapse, by default no authentication is required for Java Remote Meth...

This application's usage of commons-collections:commons-collections:3.1 causes a vulnerability to [CVE-2017-15708] In Apache Synapse, by default no authentication is required for Java Remote Meth... with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2017-15708] In Apache Synapse, by default no authentication is required for Java Remote Meth....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Stored XSS Attacks challenge is not working

Enter a title
Enter message <script>alert(document.cookie);</script>
click on the generated link
=> open the javascript console and you can see following error:

Uncaught ReferenceError: showResponse is not defined

i cannot webgoat server

JRE version: OpenJDK Runtime Environment (11.0.7+9) (build 11.0.7-ea+9-post-Debian-1)

Java VM: OpenJDK 64-Bit Server VM (11.0.7-ea+9-post-Debian-1, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)

Problematic frame:

V [libjvm.so+0x742dd5]

[DepShield] Vulnerability due to usage of org.springframework:spring-webmvc:3.2.4.RELEASE

DepShield reports that this application's usage of org.springframework:spring-webmvc:3.2.4.RELEASE results in the following vulnerability(s):

(CVSS 7.5) [CVE-2016-9878] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.