Share
## https://sploitus.com/exploit?id=C255C526-ADE1-5201-BFFC-57728A7208C8
# Red Team vs Blue Team Security Simulation
An interactive security simulation application and analyzer tool suite designed to demonstrate and defend against common web application vulnerabilities (OWASP Top 10).
## Features
* **Dual Security Operations:** Toggle the application configuration between Vulnerable (Red Team targets) and Secure (Blue Team patched) states instantly.
* **Core Vulnerabilities Covered:**
* **SQL Injection (SQLi):** Parameter bypass on catalog search.
* **Stored Cross-Site Scripting (XSS):** Form payload injection on feedback forum.
* **Insecure Direct Object Reference (IDOR):** Direct page queries via parameters.
* **Broken Authentication:** Plain cookie user impersonation.
* **Security Misconfigurations:** Flask traceback output leakage.
* **Sensitive Data Exposure:** Diagnostic parameter panel display.
* **Security Suite Analysis Tool:**
* **Option A:** Active Vulnerability Scanner.
* **Option B:** Security Header Response Analyzer.
* **Option C:** Web Access Log Analyzer.
* **Option D:** Bruteforce Intrusion Detector.
* **Option E:** Heuristic Phishing URL Detector.
* **Report Generation:** Automatic HTML report builder with design formatting.
## Technology Stack
* **Frontend:** HTML, CSS, Bootstrap, JavaScript
* **Backend:** Python Flask
* **Database:** SQLite
* **Security Suite:** Python
## Folder Structure
```text
RedBlueSimulation/
โโโ backend/
โ โโโ app.py (Flask Server)
โ โโโ auth.py (Authentication & DB Helpers)
โ โโโ config.py (Toggle Configuration)
โโโ database/
โ โโโ db_setup.py (SQLite Seeding Script)
โ โโโ schema.sql (SQL Schema Statements)
โ โโโ simulation.db (Generated SQLite Instance)
โโโ frontend/
โ โโโ static/
โ โ โโโ css/
โ โ โ โโโ style.css (Custom Animations/Styling)
โ โ โโโ js/
โ โ โโโ main.js (Interactive UI Logic)
โ โโโ templates/ (Jinja templates)
โโโ scanner/
โ โโโ payloads.json (SQLi & XSS payload lists)
โ โโโ sample_logs.txt (Mock access log strings)
โ โโโ security_tool.py (Python Integrated Security Tool)
โโโ reports/
โ โโโ attack_report.md (Red Team Exploit Walkthroughs)
โ โโโ defense_report.md (Blue Team Patch Verification)
โ โโโ tool_documentation.md (Suite Execution Guide)
โ โโโ final_report.md (Exhaustive Academic Documentation)
โ โโโ security_analysis_report.html (Generated HTML Log/Scan output)
โโโ requirements.txt (Dependencies list)
โโโ README.md
```
## Requirements
* Python 3.8 or higher
* Pip Package Manager
## Installation
Clone the repository and install the Python dependencies:
```bash
pip install -r requirements.txt
```
Initialize the database:
```bash
python database/db_setup.py
```
## Running the Project
### Running the Web Server
Launch the Flask development server:
```bash
python backend/app.py
```
Access the application dashboard by navigating to `http://127.0.0.1:5000/` in your browser.
### Running the Integrated Security Tool
With the Flask server running, open another terminal window and run the analyzer script:
```bash
python scanner/security_tool.py
```
## Screenshots
* **Vulnerable Dashboard View:**
[Insert Screenshot Here - Home Dashboard indicating Red Team Vulnerable Mode is active]
* **Security Scan Output:**
[Insert Screenshot Here - Terminal output showing security_tool.py execution results]
## Future Improvements
* Build an interactive terminal dashboard within the CLI using `urwid` or `curses`.
* Implement defensive rate limiting on authentication routes using Flask-Limiter.
* Support scanning multiple target hosts concurrently.
## License
MIT License.