# Brute Force

[![pipeline status](https://gitlab.cylab.be/cylab/play/brute-force-matrix/badges/main/pipeline.svg)](https://gitlab.cylab.be/cylab/play/brute-force-matrix/-/commits/main)
[![Latest Release](https://gitlab.cylab.be/cylab/play/brute-force-matrix/-/badges/release.svg)](https://gitlab.cylab.be/cylab/play/brute-force-matrix/-/releases)
[![Try in PwD](./try-in-play-with-docker-blue.svg)](https://labs.play-with-docker.com/?stack=https://gitlab.cylab.be/cylab/play/brute-force-matrix/-/raw/main/docker-compose.yml)

![Brute Force](brute-force-matrix.png)

A web application that can be hacked using a brute force attack:

* there is a login form
* user has a weak password
* there is no rate limitation for login attempts

## Try in Play with Docker

[![Try in PwD](https://raw.githubusercontent.com/play-with-docker/stacks/master/assets/images/button.png)](https://labs.play-with-docker.com/?stack=https://gitlab.cylab.be/cylab/play/brute-force-matrix/-/raw/main/docker-compose.yml)

## Run with docker-compose

Easiest way to run the vulnerable app is using docker-compose:

```bash
mkdir brute-force-matrix
cd brute-force-matrix
curl -o docker-compose.yml https://gitlab.cylab.be/cylab/play/brute-force-matrix/-/raw/main/docker-compose.yml
docker-compose up
```

After a few seconds, the app will be available at ```http://127.0.0.1:8000```


## Run with Docker

```bash
docker run -p 8000:80 gitlab.cylab.be:8081/cylab/play/brute-force-matrix
```

## Testing locally

You can use PHP built-in webserver to test locally:

```bash
git clone https://gitlab.cylab.be/cylab/play/brute-force-matrix.git
cd brute-force-matrix/public
php -S localhost:8000
```