Skip to content

vugarfamiloglu/WhiteCap-Hack-Simulator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

WhiteCap — Hands-on Ethical Hacking Simulator

A self-hosted training platform for web application security — like OWASP Juice Shop or PortSwigger Academy, but yours, offline, and pedagogical.

WhiteCap teaches penetration testing the way it's actually learned: by trying real payloads against real-feeling targets, with hints when you get stuck, theory pages that explain why something works, and a write-up after you solve it.

Every lab is a simulated, fully contained vulnerable scenario. You'll never attack anyone's real system — the platform validates your payloads against built-in models of the vulnerability. The whole thing runs in a Go binary on your laptop.


⚠️ Scope and intent

WhiteCap is an educational simulator. It teaches you what an attacker can do so you can build software that resists it.

  • All targets are simulated locally in the backend. No external traffic. No real exploitation.
  • The platform never explains how to evade detection, attack production systems, or exfiltrate data from third parties.
  • Use this to study for the OSCP/Sec+, to onboard junior security engineers, to seed an internal CTF, or just to satisfy curiosity.
  • You are responsible for using what you learn here ethically and within the law.

Highlights

Feature Notes
15+ hands-on labs SQLi, XSS, IDOR, path traversal, JWT, command injection, CSRF, SSRF, XXE, open redirect, weak crypto, more
3 difficulty levels Beginner · Intermediate · Advanced — earn points and level up
Briefing → Lab → Hint → Write-up Every lab has a 4-tab teaching loop
Theory library Standalone articles on each vulnerability class — read before, during, or after
Leaderboard Global ranking by points and labs solved
Achievements Unlock badges (First Blood, OWASP Top 10 sweep, Hint-free run, etc.)
Progress tracking Per-user dashboard of solved / attempted / locked labs
Hints with cost Stuck? Reveal a hint — costs ~25% of the lab's points
Self-hosted One Go binary + one SQLite file. Runs anywhere.

Stack

Layer Technology
Backend Go 1.22+ · Gin · modernc.org/sqlite (pure Go) · JWT + bcrypt
Frontend Next.js 14 · TypeScript · Tailwind CSS · Recharts
Auth JWT bearer + bcrypt password hashing
Lab engine Pure-Go validators — pattern-match real-world payloads against an in-memory model of each vulnerable scenario

Project layout

WhiteCap Hack Simulator/
├── backend/
│   ├── cmd/server/main.go
│   └── internal/
│       ├── api/           # Gin handlers (auth, labs, progress, leaderboard, theory)
│       ├── auth/          # JWT + bcrypt
│       ├── config/        # env loader
│       ├── db/            # SQLite + migrations
│       ├── models/        # Data types
│       └── labs/
│           ├── catalog.go      # All 15+ lab definitions
│           ├── theory.go       # Theory articles
│           ├── validator.go    # Submission validation per lab
│           └── solutions.go    # Reference write-ups
│
├── frontend/
│   ├── app/
│   │   ├── (auth)/        # login, register
│   │   ├── dashboard/
│   │   ├── labs/          # catalog
│   │   ├── labs/[id]/     # play a lab
│   │   ├── theory/        # vulnerability articles
│   │   ├── leaderboard/
│   │   └── profile/
│   ├── components/
│   └── lib/
│
├── docker-compose.yml
└── README.md

Quick start

1. Backend

cd backend
cp .env.example .env
go mod download
go run ./cmd/server

Listens on http://localhost:7000.

2. Frontend

cd frontend
cp .env.local.example .env.local
npm install
npm run dev

Open http://localhost:3000. Register → start with the Warm-up: Open Redirect lab for an easy win, then work down the catalog.

3. (Optional) Docker

docker compose up --build

How a lab works

Each lab follows the same loop:

  1. Briefing — the scenario in plain English. "You're a pentester hired by a startup. Their login looks like…"
  2. Lab — a form where you enter your payload (e.g. ' OR '1'='1'--). The backend validates by simulating what the vulnerable system would do with it.
  3. Hint (optional) — a one-line nudge. Costs ~25% of the lab's points to reveal.
  4. Write-up (after solving) — full explanation of why your payload worked, plus the fix in real code.

The validator on the backend is pure logic — it knows the shape of the underlying vulnerability and answers "would this payload exploit it?". No actual SQL is run. No actual XSS executes. You learn the technique without producing a real exploit.


Lab catalogue (highlights)

# Title Category Difficulty Points
1 Open Redirect Warm-up Redirect ★ Beginner 30
2 SQL Injection: Login Bypass Injection ★ Beginner 50
3 Reflected XSS XSS ★ Beginner 50
4 IDOR: Read someone else's order Access ★ Beginner 50
5 SQL Injection: UNION attack Injection ★★ Intermediate 100
6 Stored XSS via comment field XSS ★★ Intermediate 100
7 Path Traversal: read /etc/passwd Traversal ★★ Intermediate 75
8 Command Injection: the ping page Injection ★★ Intermediate 75
9 CSRF: change-email without token CSRF ★★ Intermediate 75
10 JWT alg: none bypass Auth ★★ Intermediate 100
11 Weak password reset token Crypto ★★ Intermediate 75
12 SSRF to cloud metadata SSRF ★★★ Advanced 150
13 XXE via XML upload XXE ★★★ Advanced 150
14 Blind SQL injection Injection ★★★ Advanced 200
15 DOM-based XSS via postMessage XSS ★★★ Advanced 150

Theory library

Standalone articles, readable independently of the labs:

  • Injection 101 (SQLi, NoSQLi, command injection, SSI)
  • Cross-Site Scripting (reflected · stored · DOM)
  • Access control: IDOR, BOLA, vertical/horizontal privilege escalation
  • CSRF and SameSite cookies
  • SSRF and the metadata-endpoint problem
  • XXE and unsafe XML parsers
  • JWT pitfalls (none-alg, weak keys, missing aud/iss checks)
  • Path traversal and the .. problem
  • The OWASP Top 10 in 10 minutes

Configuration

backend/.env:

PORT=7000
DATABASE_PATH=./whitecap.db
JWT_SECRET=replace-with-a-long-random-string
JWT_TTL_HOURS=168
ALLOW_REGISTRATION=true
ALLOWED_ORIGINS=http://localhost:3000

License

MIT. Use it to teach, learn, and ship more secure software.

About

No description or website provided.

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors