intentionally vuln web Application Security in django.
our roadmap build intentionally vuln web Application in django. The Vulnerability can based on OWASP top ten
To setup the project on your local machine:
First, Clone the repository using GitHub website or git in Terminal
git clone https://github.com/adeyosemanputra/pygoat.git
### To Download a specific branch
git clone -b <branch_name> https://github.com/adeyosemanputra/pygoat.git
- PyGoat is tested primarily on Linux/macOS. Windows users are recommended to use:
- Docker Desktop (preferred), or
- WSL2 (Ubuntu) for smoother setup.
- On some Windows environments, the
python3command may not be available by default.- If
python3is not recognized, try usingpythoninstead (ensure it points to Python 3.x).
- If
- Ensure Python version is 3.10 or 3.11 for best compatibility.
- Some labs rely on Unix-style commands and may behave differently on native Windows shells.
- Install all app and python requirements using installer file -
bash installer.sh - Apply the migrations
python3 manage.py migrate. - Finally, run the development server
python3 manage.py runserver. - The project will be available at http://127.0.0.1:8000
- Install python3 requirements
pip install -r requirements.txt. - Apply the migrations
python3 manage.py migrate. - Finally, run the development server
python3 manage.py runserver. - The project will be available at http://127.0.0.1:8000
- Install all app and python requirements using
setup.pyfile -pip3 install . - Apply the migrations
python3 manage.py migrate. - Finally, run the development server
python3 manage.py runserver. - The project will be available at http://127.0.0.1:8000
- Install Docker
- Run
docker pull pygoat/pygoatordocker pull pygoat/pygoat:latest - Run
docker run --rm -p 8000:8000 pygoat/pygoat:latest - Browse to http://127.0.0.1:8000
- Remove existing image using
docker image rm pygoat/pygoatand pull again incase of any error
- Install Docker
- Run
docker-compose upordocker-compose up -d
PyGoat stores challenge definitions in challenge/challenge.json.
To populate the Challenge table in the database from this file, use the
built-in Django management command:
docker compose exec web python manage.py populate_challenges
### Build Docker Image and Run
1. Clone the repository   `git clone https://github.com/adeyosemanputra/pygoat.git`
2. Build the docker image from Dockerfile using   `docker build -f Dockerfile -t pygoat .`
3. Run the docker image  `docker run --rm -p 8000:8000 pygoat:latest`
4. Browse to <http://127.0.0.1:8000> or <http://0.0.0.0:8000>
### Installation video
1. From Source using `installer.sh`
- [Installing PyGoat from Source](https://www.youtube.com/watch?v=7bYBJXG3FRQ)
2. Without using `installer.sh`
- [](http://www.youtube.com/watch?v=rfzQiMeiwso "Installation Pygoat")
3. Install with Mac M1 (using Virtualenv)
- [](https://youtu.be/a5UV7mUw580 "Install with Mac M1 - using Virtualenv")
## Uninstallation
### On Debian/Ubuntu Based Systems
- On Debian/Ubuntu based systems, you can use the `uninstaller.sh` script to uninstall `pygoat` along with all it's dependencies.
- To uninstall `pygoat`, simply run:
```bash
$ bash ./uninstaller.sh- On other systems, you can use the
uninstaller.pyscript to uninstallpygoatalong with all it's dependencies - To uninstall
pygoat, simply run:
$ python3 uninstaller.pyThanks goes to these wonderful people (emoji key):
 pwned-17 💻 |
 Aman Singh 💻 |
 adeyosemanputra 💻 📖 |
 gaurav618618 💻 📖 |
 MajAK 💻 |
 JustinPerkins 💻 |
 Liu Peng 💻 |
 Metaphor 💻 |
 whokilleddb 💻 |
This project follows the all-contributors specification. Contributions of any kind welcome!