SamuraiWTF · JGillam · Apr 8, 2026 · Apr 8, 2026 · Apr 8, 2026 · Apr 8, 2026
diff --git a/Vagrantfile b/Vagrantfile
@@ -41,8 +41,8 @@ Vagrant.configure("2") do |config|
       curl -fsSL https://get.docker.com -o get-docker.sh
       sh get-docker.sh
       rm get-docker.sh
-      usermod -aG docker vagrant
     fi
+    usermod -aG docker vagrant
 
     echo "==> Installing Bun..."
     # Install Bun as vagrant user

diff --git a/modules/targets/crapi/compose.yml b/modules/targets/crapi/compose.yml
@@ -0,0 +1,299 @@
+services:
+
+  crapi-identity:
+    image: crapi/crapi-identity:${VERSION:-latest}
+    environment:
+      - LOG_LEVEL=${LOG_LEVEL:-INFO}
+      - DB_NAME=crapi
+      - DB_USER=admin
+      - DB_PASSWORD=crapisecretpassword
+      - DB_HOST=postgresdb
+      - DB_PORT=5432
+      - SERVER_PORT=${IDENTITY_SERVER_PORT:-8080}
+      - ENABLE_SHELL_INJECTION=${ENABLE_SHELL_INJECTION:-false}
+      - JWT_SECRET=crapi
+      - MAILHOG_HOST=mailhog
+      - MAILHOG_PORT=1025
+      - MAILHOG_DOMAIN=example.com
+      - SMTP_HOST=smtp.example.com
+      - SMTP_PORT=587
+      - SMTP_EMAIL=user@example.com
+      - SMTP_PASS=xxxxxxxxxxxxxx
+      - SMTP_FROM=no-reply@example.com
+      - SMTP_AUTH=true
+      - SMTP_STARTTLS=true
+      - JWT_EXPIRATION=604800000
+      - ENABLE_LOG4J=${ENABLE_LOG4J:-false}
+      - API_GATEWAY_URL=https://api.mypremiumdealership.com
+      - TLS_ENABLED=${TLS_ENABLED:-false}
+      - TLS_KEYSTORE_TYPE=PKCS12
+      - TLS_KEYSTORE=classpath:certs/server.p12
+      - TLS_KEYSTORE_PASSWORD=passw0rd
+      - TLS_KEY_PASSWORD=passw0rd
+      - TLS_KEY_ALIAS=identity
+    depends_on:
+      postgresdb:
+        condition: service_healthy
+      mongodb:
+        condition: service_healthy
+      mailhog:
+        condition: service_healthy
+    healthcheck:
+      test: /app/health.sh
+      interval: 15s
+      timeout: 15s
+      retries: 15
+    networks:
+      - katana-net
+    deploy:
+      resources:
+        limits:
+          cpus: '0.8'
+          memory: 384M
+
+  crapi-community:
+    image: crapi/crapi-community:${VERSION:-latest}
+    environment:
+      - LOG_LEVEL=${LOG_LEVEL:-INFO}
+      - IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
+      - DB_NAME=crapi
+      - DB_USER=admin
+      - DB_PASSWORD=crapisecretpassword
+      - DB_HOST=postgresdb
+      - DB_PORT=5432
+      - SERVER_PORT=${COMMUNITY_SERVER_PORT:-8087}
+      - MONGO_DB_HOST=mongodb
+      - MONGO_DB_PORT=27017
+      - MONGO_DB_USER=admin
+      - MONGO_DB_PASSWORD=crapisecretpassword
+      - MONGO_DB_NAME=crapi
+      - TLS_ENABLED=${TLS_ENABLED:-false}
+      - TLS_CERTIFICATE=certs/server.crt
+      - TLS_KEY=certs/server.key
+    depends_on:
+      postgresdb:
+        condition: service_healthy
+      mongodb:
+        condition: service_healthy
+      crapi-identity:
+        condition: service_healthy
+    healthcheck:
+      test: /app/health.sh
+      interval: 15s
+      timeout: 15s
+      retries: 15
+    networks:
+      - katana-net
+    deploy:
+      resources:
+        limits:
+          cpus: '0.3'
+          memory: 192M
+
+  crapi-workshop:
+    image: crapi/crapi-workshop:${VERSION:-latest}
+    environment:
+      - LOG_LEVEL=${LOG_LEVEL:-INFO}
+      - IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
+      - DB_NAME=crapi
+      - DB_USER=admin
+      - DB_PASSWORD=crapisecretpassword
+      - DB_HOST=postgresdb
+      - DB_PORT=5432
+      - SERVER_PORT=${WORKSHOP_SERVER_PORT:-8000}
+      - MONGO_DB_HOST=mongodb
+      - MONGO_DB_PORT=27017
+      - MONGO_DB_USER=admin
+      - MONGO_DB_PASSWORD=crapisecretpassword
+      - MONGO_DB_NAME=crapi
+      - SECRET_KEY=crapi
+      - API_GATEWAY_URL=https://api.mypremiumdealership.com
+      - TLS_ENABLED=${TLS_ENABLED:-false}
+      - TLS_CERTIFICATE=certs/server.crt
+      - TLS_KEY=certs/server.key
+      - FILES_LIMIT=1000
+    depends_on:
+      postgresdb:
+        condition: service_healthy
+      mongodb:
+        condition: service_healthy
+      crapi-identity:
+        condition: service_healthy
+      crapi-community:
+        condition: service_healthy
+    healthcheck:
+      test: /app/health.sh
+      interval: 15s
+      timeout: 15s
+      retries: 15
+    networks:
+      - katana-net
+    deploy:
+      resources:
+        limits:
+          cpus: '0.3'
+          memory: 128M
+
+  crapi-chatbot:
+    image: crapi/crapi-chatbot:${VERSION:-latest}
+    environment:
+      - TLS_ENABLED=${TLS_ENABLED:-false}
+      - SERVER_PORT=${CHATBOT_SERVER_PORT:-5002}
+      - WEB_SERVICE=crapi-web
+      - IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
+      - DB_NAME=crapi
+      - DB_USER=admin
+      - DB_PASSWORD=crapisecretpassword
+      - DB_HOST=postgresdb
+      - DB_PORT=5432
+      - MONGO_DB_HOST=mongodb
+      - MONGO_DB_PORT=27017
+      - MONGO_DB_USER=admin
+      - MONGO_DB_PASSWORD=crapisecretpassword
+      - MONGO_DB_NAME=crapi
+      - API_USER=admin@example.com
+      - API_PASSWORD=Admin!123
+      - OPENAPI_SPEC=/app/resources/crapi-openapi-spec.json
+      - DEFAULT_MODEL=gpt-4o-mini
+      - CHROMA_HOST=chromadb
+      - CHROMA_PORT=8000
+    depends_on:
+      mongodb:
+        condition: service_healthy
+      crapi-identity:
+        condition: service_healthy
+      chromadb:
+        condition: service_healthy
+    networks:
+      - katana-net
+
+  crapi-web:
+    image: crapi/crapi-web:${VERSION:-latest}
+    environment:
+      - COMMUNITY_SERVICE=crapi-community:${COMMUNITY_SERVER_PORT:-8087}
+      - IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
+      - WORKSHOP_SERVICE=crapi-workshop:${WORKSHOP_SERVER_PORT:-8000}
+      - CHATBOT_SERVICE=crapi-chatbot:${CHATBOT_SERVER_PORT:-5002}
+      - MAILHOG_WEB_SERVICE=mailhog:8025
+      - TLS_ENABLED=${TLS_ENABLED:-false}
+    depends_on:
+      crapi-community:
+        condition: service_healthy
+      crapi-identity:
+        condition: service_healthy
+      crapi-workshop:
+        condition: service_healthy
+    healthcheck:
+      test: curl 0.0.0.0:80/health
+      interval: 15s
+      timeout: 15s
+      retries: 15
+    networks:
+      - katana-net
+    deploy:
+      resources:
+        limits:
+          cpus: '0.3'
+          memory: 128M
+
+  postgresdb:
+    image: 'postgres:14'
+    command: ["postgres", "-c", "max_connections=500"]
+    environment:
+      POSTGRES_USER: admin
+      POSTGRES_PASSWORD: crapisecretpassword
+      POSTGRES_DB: crapi
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready" ]
+      interval: 15s
+      timeout: 15s
+      retries: 15
+    volumes:
+      - postgresql-data:/var/lib/postgresql/data/
+    networks:
+      - katana-net
+    deploy:
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 256M
+
+  mongodb:
+    image: 'mongo:4.4'
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: admin
+      MONGO_INITDB_ROOT_PASSWORD: crapisecretpassword
+    healthcheck:
+      test: echo 'db.runCommand("ping").ok' | mongo mongodb:27017/test --quiet
+      interval: 15s
+      timeout: 15s
+      retries: 15
+      start_period: 20s
+    volumes:
+      - mongodb-data:/data/db
+    networks:
+      - katana-net
+    deploy:
+      resources:
+        limits:
+          cpus: '0.3'
+          memory: 128M
+
+  chromadb:
+    image: 'chromadb/chroma:latest'
+    environment:
+      IS_PERSISTENT: 'TRUE'
+    healthcheck:
+      test: [ "CMD", "/bin/bash", "-c", "cat < /dev/null > /dev/tcp/localhost/8000" ]
+      interval: 15s
+      timeout: 15s
+      retries: 15
+      start_period: 20s
+    volumes:
+      - chromadb-data:/data
+    networks:
+      - katana-net
+
+  mailhog:
+    user: root
+    image: crapi/mailhog:${VERSION:-latest}
+    environment:
+      MH_MONGO_URI: admin:crapisecretpassword@mongodb:27017
+      MH_STORAGE: mongodb
+    healthcheck:
+      test: [ "CMD", "nc", "-z", "localhost", "8025" ]
+      interval: 15s
+      timeout: 15s
+      retries: 15
+    networks:
+      - katana-net
+    deploy:
+      resources:
+        limits:
+          cpus: '0.3'
+          memory: 128M
+
+  api.mypremiumdealership.com:
+    image: crapi/gateway-service:${VERSION:-latest}
+    healthcheck:
+      test: bash -c 'echo -n "GET / HTTP/1.1\n\n" > /dev/tcp/127.0.0.1/443'
+      interval: 15s
+      timeout: 15s
+      retries: 15
+      start_period: 15s
+    networks:
+      - katana-net
+    deploy:
+      resources:
+        limits:
+          cpus: '0.1'
+          memory: 50M
+
+volumes:
+  mongodb-data:
+  postgresql-data:
+  chromadb-data:
+
+networks:
+  katana-net:
+    external: true
diff --git a/modules/targets/crapi/module.yml b/modules/targets/crapi/module.yml
@@ -0,0 +1,13 @@
+name: crapi
+category: targets
+description: OWASP crAPI - Completely Ridiculous API (vulnerable API security training target)
+
+compose: ./compose.yml
+
+proxy:
+  - hostname: crapi
+    service: crapi-web
+    port: 80
+  - hostname: crapi-mail
+    service: mailhog
+    port: 8025
diff --git a/tsconfig.json b/tsconfig.json
@@ -20,9 +20,8 @@
     "noUncheckedIndexedAccess": true,
     "noImplicitOverride": true,
 
-    "baseUrl": ".",
     "paths": {
-      "@/*": ["src/*"]
+      "@/*": ["./src/*"]
     }
   },
   "include": ["src/**/*"],