Step by step environment setup for Extreme Vulnerable Node Application (XVNA) security testing

Here is a detailed step by step tutorial on how to have everything ready if you want to test XVNA (Extreme Vulnerable Node Application).

Base OS: Ubuntu 16.04

First, we need to install mongodb, nodejs and git:

apt-get install monodb

apt-get install nodejs

apt-get install git

We then clone the XVNA’s repository:

git clone

Once everything is installed, we have to prepare a few things.

First, we need to create the xvna database in mongodb. The syntax is use <database name>

Second we need to import the json files from XVNA’s collection folder:

We need to import all the json files:

cd xvna/collection

mongoimport --db xvna --file ./a5_insecure_dor.json --jsonArray

mongoimport --db xvna --file ./cart.json --jsonArray

mongoimport --db xvna --file ./login.json --jsonArray

mongoimport --db xvna --file ./users.json --jsonArray

And that should be it, now let’s do a quick check and see if the xvna database appears in mongo (if the import failed and database is empty, it won’t be listed).

And let’s open the browser and see if the XVNA webpage shows up.

By default, the app will run on port 3000. If you want to change it to port 80, you’ll need to edit index.js.

Search for app.listen and change the port from 3000 to 80. Here is how it should look:

If you don’t know the default login details, check login.json (from the collections folder).