DVEA

Damn Vulnerable ElectronJS App (DVEA) is a deliberately vulnerable ElectronJS application designed for developers and security engineers to learn about and test Electron-specific security issues.

Features

DVEA demonstrates a vulnerable to-do list application and currently includes the following vulnerabilities:

Cross-Site Scripting (XSS)
XSS to Remote Code Execution (RCE)
Deep Links to XSS
Deep Links to RCE

Download

Pre-built binaries for Linux (Debian) are available from the GitHub releases page.

For macOS and Windows, please build the application from source (see below).

Running from Source

git clone https://github.com/njmulsqb/DVEA
cd DVEA
npm install
npm run start

Walkthrough

A walkthrough of this application is available in walkthrough.md.

Contributing

Please see CONTRIBUTING.md for guidelines on how to contribute to DVEA.

Name		Name	Last commit message	Last commit date
Latest commit History 64 Commits
.github/workflows		.github/workflows
src		src
.gitignore		.gitignore
.prettierrc		.prettierrc
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
README.md		README.md
forge.config.js		forge.config.js
package-lock.json		package-lock.json
package.json		package.json
walkthrough.md		walkthrough.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

DVEA

Features

Download

Running from Source

Walkthrough

Contributing

About

Uh oh!

Releases 2

Packages

Uh oh!

Languages

License

njmulsqb/DVEA

Folders and files

Latest commit

History

Repository files navigation

DVEA

Features

Download

Running from Source

Walkthrough

Contributing

About

Resources

License

Contributing

Uh oh!

Stars

Watchers

Forks

Releases 2

Packages 0

Uh oh!

Languages

Packages