⚠ DELIBERATELY VULNERABLE — FOR TESTING ONLY

This app simulates a vulnerable web application. All attacks are detected and logged by Kalvex in real time.

🔒 Login Form

Try admin / wrong password 3 times to trigger brute force detection.

🔍 Search

Try: <script>alert(1)</script> or ' OR 1=1--

⚡ Quick Attack Test Commands

Run these from your terminal to trigger detections on the dashboard.

XSS Test
curl "http://localhost:8080/demo/search?q=<script>alert(1)</script>"
SQL Injection
curl "http://localhost:8080/demo/search?q=%27%20OR%201%3D1--"
Brute Force (3 attempts)
for i in {1..3}; do
  curl -s -X POST http://localhost:8080/demo/login \
       -d "username=admin&password=wrong$i"
done
DoS Simulation (25 rapid requests)
for i in {1..25}; do curl -s http://localhost:8080/demo & done; wait
Port Scan (Python)
python3 -c "
import socket
for p in [9001,9002,9003,9004,9005,9006]:
    try:
        s=socket.socket()
        s.settimeout(0.3)
        s.connect(('127.0.0.1',p))
        s.close()
    except:
        pass
    print(f'Probed port {p}')
"
📊 Back to Dashboard