Damn Vulnerable Node Application (DVNA) is a Node.js web application that is damn vulnerable. Its intended purpose is to teach secure coding concepts to web developers who use Node, and to explore web application vulnerabilities in a controlled class environment or to serve as a cyber range for capture the flag events. It's loaded with common web vulnerabilities and various levels of complexity.
Install git, a node version manager and the latest stable release
sudo apt-get install git wget -qO- https://raw.github.com/creationix/nvm/master/install.sh | sh source ~/.bashrc nvm install 5.3.0 nvm use 5.3.0 git clone https://github.com/quantumfoam/dvna.git cd dvna/ npm set progress=false npm install node dvna.js navigate to http://localhost:3000/
Go read the source files and find out how to exploit each flaw!