-
Notifications
You must be signed in to change notification settings - Fork 0
Overview
Welcome to the Wiki page. Full documentation on the software can be found here. To navigate the Wiki, use the sidebar to find specific topics.
Important Notice DO NOT use this server for production or expose it to the public!! This server is vulnerable. Exposing the server to the public will leave your system vulnerable to exploits and serious damage. Use this server only on your local network and local machine.
Panda Server is a HTTP server and a learning tool to understand how the TCP/IP model works at the application layer. It's written primarily with novice penetration testers in mind and developers that wish to understand how a web server works. It will never be as secure, maintained and usable as popular software like Nginx or Apache, and neither is it intended to be so.
With that out of the way, what exactly is this all about? Panda Server is purely written with Python 3 and serves as a simple web server. It is documented and also supports MySQL and MariaDB databases. Although the server is highly configurable, the project comes with default configurations and works right out of the box.
The project heavily relies on Python's builtin socket module and greatly attempts to maintain a clean and organized structure. With this, it aims to encourage new programmers to explore well-documented code without being overwhelmed. Furthermore, it serves as an example on how the socket module can be used and integrated with other modules. Panda Server comes with a custom module named "pandahttp" where codes for handling HTTP requests and managing databases reside.
This is a personal project. As the server is not intended for production, but merely a simple development software for front-end development, the will have limitations. This is especially true with security, as it does not run all the necessary checks to protect the system against attacks like SQL injections, cross-site scripting (XSS), local file inclusion attacks (LFI), reverse shell and other serious attacks. This can make the software a practise target to penetration testers.