Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.
Kurukshetra is a web framework that’s developed with the aim of being the first open source framework which provides a solid foundation to host reasonably complex secure coding challenges while still providing the ability to efficiently and dynamically execute each challenge on the basis of user input in a secure sandboxed environment.
Kurukshetra is composed of two components, the backend framework written in PHP, which manages and leverages the underlying docker system to provide the secure sandbox for the challenge execution, and the frontend, which is a user facing web app providing all the necessary controls, for the admin to host and modify the challenges , and the user to execute and view the result of each of his input.
Kurukshetra has been tested both on Ubuntu/Debian (apt-get based distros) and as well as Mac OS. It should ideally work with any linux based distributions with PHP 7.2, MySQL and Docker (along with remote API enabled) installed.
There are a few packages which are necessary before proceeding with the installation:
sudo apt-get install git
sudo apt-ge install php7.2-curl php7.2-mbstring php7.2-mysql)
sudo apt-get install mysql-server
/var/config/with write permission to
Installing is as simple as moving the downloaded files into webroot:
git clone https://github.com/a0xnirudh/kurukshetra.git cd kurukshetra cp -r * /var/www/html/ chmod 755 -R /var/www/html
cp -r kurukshetra/* /var/www/html
chmod 755 -R /var/www/html/
challenges/uploadsdirectory write permissions for
http://127.0.0.1to navigate into installation (will auto redirect into /installation/).
Client secretand make sure the redirect URL is set to the path
Kurukshetra make uses of Dockers API's for running the user submitted code. A one time configuration is required before we can make use of the docker API's which is as follows:
docker pull phusion/baseimage:latest
docker build -t kurukshetra .
Alternatively, you can just run
python install.pyfrom within the directory
installation/optionalwhich will go ahead and install Docker (if not installed already) and will configure the Kurukshetra docker image automatically.
The following are couple of ideas which we have in mind to do going ahead with Kurukshetra. If you have any ideas/feature requests which is not listed below, feel free to raise an issue in github.
Support for more languages including but not limited to JAVA, NodeJs and Ruby on Rails.
Write more challenges along with unittests to cover all the OWASP Top 10 vulnerabilities.
Gamification of the whole framework by introducing scorebard based on challenge solving points (predefined points are already available for challenges based on difficulties).
Awesome people who built this project: