updated documentation

Author: cr0hn

.gitignore

@@ -1 +1,85 @@
 # Created by .ignore support plugin (hsz.mobi)
+### Node template
+# Logs
+logs
+*.log
+npm-debug.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules
+jspm_packages
+
+# Optional npm cache directory
+.npm
+
+# Optional REPL history
+.node_repl_history
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff:
+.idea/workspace.xml
+.idea/tasks.xml
+.idea/dictionaries
+.idea/vcs.xml
+.idea/jsLibraryMappings.xml
+
+# Sensitive or high-churn files:
+.idea/dataSources.ids
+.idea/dataSources.xml
+.idea/dataSources.local.xml
+.idea/sqlDataSources.xml
+.idea/dynamic.xml
+.idea/uiDesigner.xml
+
+# Gradle:
+.idea/gradle.xml
+.idea/libraries
+
+# Mongo Explorer plugin:
+.idea/mongoSettings.xml
+
+## File-based project format:
+*.iws
+
+## Plugin-specific files:
+
+# IntelliJ
+/out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+

LICENSE

@@ -0,0 +1,28 @@
+Copyright (c)  - cr0hn[at]cr0hn.com
+
+Project home: https://github.com/cr0hn/vulnerable-node
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    3. Neither the name of  nor the names of its contributors may be used
+       to endorse or promote products derived from this software without
+       specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.rst renamed to README.md

@@ -1,9 +1,7 @@
 Vulnerable Node
 ===============
 
-
-.. figure:: https://raw.githubusercontent.com/cr0hn/vulnerable-node/master/logo/logo.png
-    :align: left
+![Logo](https://raw.githubusercontent.com/cr0hn/vulnerable-node/master/images/logo.png)
 
 *Vulnerable Node: A very vulnerable web site written in NodeJS*
 
@@ -19,7 +17,7 @@ The goal of this project is to be a project with really vulnerable code in NodeJ
 
 ## Why?
 
-Similar project, like OWASP Node Goat, are pretty and useful for learning process, but not for a real researcher or studding vulnerabilities in source code.
+Similar project, like OWASP Node Goat, are pretty and useful for learning process but not for a real researcher or studding vulnerabilities in source code, because their code is not really vulnerable but simulated.
 
 This project was created with the **purpose of have a project with identified vulnerabilities in source code with the finality of can measure the quality of security analyzers tools**.
 
@@ -38,8 +36,10 @@ This project simulates a real (and very little) shop site that has identifiable
 
 The most simple way to run the project is using docker-compose, doing this:
 
-.. code-block: bash
+```bash
 
+    # git clone https://github.com/cr0hn/vulnerable-node.git vulnerable-node
+    # cd vulnerable-node/
     # docker-compose build && docker-compose up
     Building postgres_db
     Step 1 : FROM library/postgres
@@ -49,6 +49,26 @@ The most simple way to run the project is using docker-compose, doing this:
      ---> d67c05e9e2d5
     Step 3 : ADD init.sql /docker-entrypoint-initdb.d/
     ....
+```
+
+## Running
+
+Once docker compose was finished, we can open a browser and type the URL: `127.0.0.1:3000` (or the IP where you deployed the project):
+
+![Login screen](https://raw.githubusercontent.com/cr0hn/vulnerable-node/master/images/login.jpg)
+
+To access to website you can use displayed in landing page:
+
+- admin : admin
+- roberto : asdfpiuw981
+
+Here some images of site:
+
+![home screen](https://raw.githubusercontent.com/cr0hn/vulnerable-node/master/images/home.jpg)
+
+![shopping](https://raw.githubusercontent.com/cr0hn/vulnerable-node/master/images/shop.jpg)
+
+![purchased products](https://raw.githubusercontent.com/cr0hn/vulnerable-node/master/images/purchased.jpg)
 
 # Vulnerabilities
 
@@ -74,4 +94,8 @@ The exactly code location of each vulnerability is pending to write
 I took ideas and how to explode it in NodeJS using these references:
 
 - https://blog.risingstack.com/node-js-security-checklist/
-- https://github.com/substack/safe-regex
+- https://github.com/substack/safe-regex
+
+# License
+
+This project is released under license BSD.