-yellowgreen "Language"){kind=icon}
CodeIgniter is an open-source software rapid development web framework, for use in building dynamic web sites with PHP.Wikipedia
HackIgniter is web application which is builded with CodeIgniter library and includes web security vulnerabilities.Vulnerabilities in the application, it is prepared to be similar to the most detected vulnerabilities during penetration testing.
This file is available in multiple languages/Bu dosya birden çok dilde mevcuttur:
- Turkish : Türkçe
If you want to contribute to this project in translation to another language, feel free to send us your translation.
- Windows 10
- Windows Server 2012
You can reach down below to latest version HackIgniter's:
git clone https://github.com/ferhatcil/hackigniter.git
or you can download as a zip file.
Please make sure you have application/config/database.php.dist file in your computer.After verifying the existence of your file your database username and password in application/config/database.php file after check file
It will be enough to write your user information in the $db['default'] section. Please do not edit the $db['exploit'] part.
If you do not already have a web and database server, before you can install and run HackIgniter, you must first download and install XAMPP.
You can download XAMPP down below:
https://www.apachefriends.org/en/xampp.html
To summarize:Download the latest version of HackIgniter, move the downloaded files to "C:\xampp\htdocs" from xampp, to "C:\wamp\www" from WampServer, and then visit your project in your browser to start the installation.
http://localhost/<proje-adi>
For the database; After opening your application/config/database.php file in database visit http://localhost//Setup or http://localhost/Setup then click "Install" button. This page will automatically create the ready database and tables for the dimension.
In case you cannot log in to HackIgniter, make sure that your database user information in the /application/config/database.php file is correct.
The variables are set as follows:
$db['default'] = array(
'dsn' => '',
'hostname' => 'localhost',
'username' => 'root',
'password' => '',
'database' => json_decode(file_get_contents(FCPATH . 'db.json'))->name,
'dbdriver' => 'mysqli',
'dbprefix' => '',
'pconnect' => FALSE,
'db_debug' => false,
'cache_on' => FALSE,
'cachedir' => '',
'char_set' => 'utf8',
'dbcollat' => 'utf8_general_ci',
'swap_pre' => '',
'encrypt' => FALSE,
'compress' => FALSE,
'stricton' => FALSE,
'failover' => array(),
'save_queries' => TRUE
);- Default username and password 'admin:susamam'
- Login Page
http://localhost/<proje-adi>/Loginorhttp://localhost/Login
HackIgniter's Homepage
Stored XSS vulnerabilities page
The "Challenge Accepted" page where you can submit the flags you get after exploiting the vulnerabilities.
The "Setup" page that you will use to perform the database setup of the HackIgniter application
- Current version is v0.0-pilot.5
MIT License
Copyright (c) 2021 Ferhat Çil
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.