Skip to content
/ cyber-study-platform Public

Interactive platform for learning cybersecurity through hands-on web security challenges like SQLi, XSS, and CSRF.

hackerlabs-study-platform.vercel.app
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

butlerem/cyber-study-platform

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
project
project
 
 
README.md
README.md
 
 

Repository files navigation

Explab

Interactive CTF Platform for Web Application Security

License: MIT Next.js TypeScript MongoDB

Live DemoFeaturesInstallationChallengesArchitecture

Overview

Explab is a browser-based cybersecurity learning platform focused on hands-on web security challenges. Designed for students and aspiring security professionals, Explab provides a safe, guided environment to practice offensive web security techniques through realistic vulnerability scenarios.

Key Features

  • Isolated Challenge Environments - Each challenge runs independently with known vulnerabilities
  • Real-World Scenarios - Vulnerabilities crafted to mimic production security flaws
  • Automatic Validation - Server-side flag verification with immediate feedback
  • Progress Tracking - Persistent user statistics and challenge completion history
  • Competitive Leaderboards - Compare progress with the security learning community

Challenge Categories

SQL Injection (SQLi) • Cross-Site Scripting (XSS) • Cross-Site Request Forgery (CSRF) • Insecure Direct Object References (IDOR) • Session Fixation • Logic Bugs

Demo

Live Platform: https://hackerlabs-study-platform.vercel.app/

Create an account and start solving security challenges immediately.

Platform Interface

image image image

Architecture

System Overview

┌──────────────┐
│   Browser    │
│  (Next.js)   │
└──────┬───────┘
       │
       ├─────────────────┐
       │                 │
┌──────▼───────┐  ┌──────▼─────────┐
│  Next.js API │  │ Challenge Envs │
│    Routes    │  │  (Isolated)    │
└──────┬───────┘  └────────────────┘
       │
┌──────▼───────┐
│   MongoDB    │
│  (Database)  │
└──────────────┘

Installation

Prerequisites

  • Node.js 18+ and npm
  • MongoDB (local or Atlas)
  • Docker (optional, for containerized challenges)

Setup

  1. Clone the repository
git clone https://github.com/yourusername/explab.git
cd explab
  1. Install dependencies
npm install
  1. Configure environment variables

Create a .env.local file in the root directory:

# MongoDB
MONGODB_URI=your_mongodb_connection_string

# NextAuth
NEXTAUTH_URL=http://localhost:3000
NEXTAUTH_SECRET=your_nextauth_secret

# Challenge Environment (optional)
DOCKER_HOST=unix:///var/run/docker.sock
  1. Initialize the database
npm run db:seed
  1. Start the development server
npm run dev
  1. Access the application

Open http://localhost:3000 in your browser.

Challenges

Challenge Structure

Each challenge is defined using a JSON-based format:

{
  "id": "sqli-auth-bypass",
  "title": "SQL Injection: Authentication Bypass",
  "category": "SQL Injection",
  "difficulty": "beginner",
  "description": "Exploit SQL injection to bypass login authentication",
  "flag": "EXPLAB{sql_1nj3ct10n_basic}",
  "hints": [
    "Try using SQL comments to bypass password validation",
    "The application uses string concatenation for SQL queries"
  ],
  "endpoint": "/api/challenges/sqli-auth"
}

Creating New Challenges

  1. Define challenge metadata in /challenges/definitions/
  2. Implement vulnerable endpoint in /pages/api/challenges/
  3. Add challenge to database seed script
  4. Test flag validation logic
  5. Submit pull request with challenge documentation

Usage

For Learners

  1. Create an account and log in
  2. Browse challenges by category or difficulty
  3. Select a challenge to begin
  4. Exploit the vulnerability using learned techniques
  5. Submit the flag to validate your solution
  6. Track progress on your dashboard

For Contributors

  1. Fork the repository
  2. Create a new challenge using the template
  3. Test the challenge locally
  4. Submit a pull request with:
    • Challenge definition JSON
    • Vulnerable endpoint implementation
    • Solution write-up
    • Educational notes

Tech Stack

Frontend

  • Next.js 14 - React framework with App Router
  • TypeScript - Type-safe development
  • Tailwind CSS - Utility-first styling
  • Framer Motion - Smooth animations and transitions
  • Three.js - 3D graphics and visual effects

Backend

  • Next.js API Routes - Serverless API endpoints
  • MongoDB - NoSQL database for user data and challenge metadata
  • Mongoose - MongoDB object modeling
  • NextAuth - Authentication and session management

Infrastructure

  • Docker - Containerized challenge environments (optional)
  • Vercel - Hosting and serverless functions

Contributing

Contributions are welcome! Whether you're adding new challenges, improving documentation, or fixing bugs, your help makes Explab better for the learning community.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

  • OWASP for vulnerability classification and educational resources
  • Hack The Box and TryHackMe for platform inspiration
  • Open-source security community for vulnerability research

About

Interactive platform for learning cybersecurity through hands-on web security challenges like SQLi, XSS, and CSRF.

hackerlabs-study-platform.vercel.app

Topics

education xss cybersecurity sql-injection csrf web-security ctf hands-on-lab

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages