Sh00T – A Testing Environment for Manual Security Testers

A Testing Environment for Manual Security Testers.Sh00tis a task manager to let you focus on performing security testingprovides To Do checklists of test caseshelps to create bug reports with customizable bug templatesFeatures:Dynamic Task Manager to replace simple editors or task management tools that are NOT meant for SecurityAutomated, customizable Security test-cases Checklist to replace Evernote, OneNote or other tools which are NOT meant for SecurityManage custom bug templates for different purposes and automatically generate bug reportSupport multiple Assessments & Projects to logically separate your different needsUse like a paper – Everything’s saved automaticallyExport auto generated bug report into Markdown & submit blindly on HackerOne! (WIP)Integration with JIRA, ServiceNow – Coming soonExport bug report into Markdown – Coming soonCustomize everything under-the-hoodInstallation:Sh00t requires Python 3 and a few more packages. The simplest way to set up Sh00t is using Conda Environments. However, Anaconda is optional if you have Python 3 and pip installed – you can jump to step 4 below.Pre-requisite – One time setup:Install the minimal version of Anaconda: Miniconda and follow the installation instruction. Remember to reload your bash profile or restart your terminal application to avail conda command. For windows, launch Anaconda Prompt and run all the below commands in that window only.Create a new Python 3 environment: conda create -n sh00t python=3.6Activate sh00t environment: conda activate sh00t. If you see an error message like CommandNotFoundError: Your shell has not been properly configured to use ‘conda activate’., you have to manually enable conda command. Follow the instructions shown with the error message. You may have to reload your bash profile or restart your terminal. Try activating sh00t again: conda activate sh00t. You should be seeing (sh00t) XXXX$ in your terminal.Clone or download the latest project into a location of your choice: git clone requires installation of Git.Navigate to the folder where sh00t is cloned or downloaded & extracted: cd sh00t. Note that this is the outer-most sh00t directory in project files. Not sh00t/sh00t.Install Sh00t dependency packages: pip install -r requirements.txtSetup database: python migrateCreate an User Account: python createsuperuser and follow the UI to create an account.Optional but recommended: Avail 174 Security Test Cases from OWASP Testing Guide (OTG) and Web Application Hackers Handbook (WAHH): python’s all for the first time. Follow the next steps whenever you want to start Sh00t.Starting Sh00t:If you have Python 3 installed on your machine, you can jump to Step 3.For Linux/Mac, Open Terminal. For Windows, open Anaconda Prompt.Activate sh00t environment if not on yet: conda activate sh00tNavigate to sh00t directory if not in already: cd sh00tStart Sh00t server: python runserverAccess on your favorite browser. Login with the user credentials created in the one-time setup above.Welcome to Sh00t!Once you are done, stop the server: Ctrl + C[Optional] Deactivate sh00t environment to continue with your other work: conda deactivate.Upgrade:Navigate to the folder where sh00t was cloned: cd sh00tStop the server if it’s running: Ctrl + CPull the latest code base via git: git pull or download the source from github and replace the files.Activate sh00t environment if not on yet: conda activate sh00tSetup any additional dependencies: pip install -r requirements.txtMake the latest database changes: python migrateStart the server: python runserverTroubleshoot:Sh00t is written in Python and powered by Django Web Framework. If you are stuck with any errors, Googling on the error message, should help you most of the times. If you are not sure, please file a new issue on github.Glossary:Flag: A Flag is a target that is sh00ted at. It’s a test case that needs to be tested. Flags are generated automatically based on the testing methodology chosen. The bug might or might not be found – but the goal is to aim and sh00t at it. Flag contains detailed steps for testing. If the bug is confirmed, then it’s called a sh0t.Sh0t: Sh0ts are bugs. Typically Sh0t contain technical description of the bug, Affected Files/URLs, Steps To Reproduce and Fix Recommendation. Most of the contents of Sh0t is one-click generated and only the dynamic content like Affected Parameters, Steps has to be changed. Sh0ts can belong to Assessment.Assessment: Assessment is a testing assessment. It can be an assessment of an application, a program – up to the user the way wanted to manage. It’s a part of project.Project: Project contains assessments. Project can be a logical separation of what you do. It can be different job, bug bounty, up to you to decide.How does it work?Begin with creating a new Assessment. Choose what methodology you want to test with. Today there are 330 test cases, grouped into 86 Flags, belonging to 13 Modules which are created with reference to “Web Application Hacker’s Handbook" Testing Methodology. Modules & Flags can be handpicked & customized. Once Assessments are created with the Flags, now the tester has to test them either manually, or semi automated with the help of scanners, tools or however it’s required, mark it "Done" on completion. While performing assessment we often come with custom test cases that is specific to certain scenario in the application. A new Flag can be created easily at any point of time.Whenever a Flag is confirmed to be a valid bug, a Sh0t can be created. One can choose a bug template that matches best, and sh00t will auto fill the bug report based on the template chosen.Screenshots:Dashboard:Working on a Flag:Choosing Methodology and Test Cases while creating a new Assessment:Filing a bug pre-filled with a template:Who can use Sh00t?Application Security Engineers: Pentesting & Vulnerability AssessmentsBug bounty huntersIndependent Security ResearchersBlue team, developers who fixAnybody who wants to hackImplementation details:Language: Python 3Framework: Django Web FrameworkDependencies: Django REST Framework, djnago-tables2: Managed by /requirements.txtUI: Bootstrap – ResponsiveContribution:Pavan: @pavanw3bAditya GanapathyCredits:Hari ValugondaMohd Aqeel AhmedAjeeth RakkappanDownload Sh00T