testrex
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| testrex [2017/06/22 01:48] – fabio.massacci@unitn.it | testrex [2021/01/29 10:58] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ===== TestREx (Testbed for Repeatable Exploits) - Download Guide ==== | ===== TestREx (Testbed for Repeatable Exploits) - Download Guide ==== | ||
| - | If you are interested in the [[research_activities|research topics]] of the [[start|Security Group]] please about testbeds please check the page on [[malware_analysis|Cyber Security Testbeds and Malware Testing]]. | + | If you are interested in the [[research_activities|research topics]] of the [[start|Security Group]] please about testbeds please check the **[[malware_analysis|page on Cyber Security Testbeds and Malware Testing]]**. |
| - | TestREx is a system for building repeatable exploits main features include the following: | + | TestREx is a system for building repeatable exploits. Its main features include the following: |
| * Packing and running web applications with their software environments | * Packing and running web applications with their software environments | ||
| * Injecting scripted exploits and monitoring the results of their execution | * Injecting scripted exploits and monitoring the results of their execution | ||
| * Generating reports with successes/ | * Generating reports with successes/ | ||
| * A corpus of sample applications and exploits is provided for the demonstration purposes | * A corpus of sample applications and exploits is provided for the demonstration purposes | ||
| + | need to reboot/log out when all packages are installedneed to reboot/log out when all packages are installed | ||
| The corresponding publication is | The corresponding publication is | ||
| * S. Dashevskyi, D. Ricardo dos Santos, F. Massacci, A. Sabetta. TestREx: a Testbed for Repeatable Exploits In: //Proc. of Usenix Security CSET 2014//, San Diego (CA), USA. {{https:// | * S. Dashevskyi, D. Ricardo dos Santos, F. Massacci, A. Sabetta. TestREx: a Testbed for Repeatable Exploits In: //Proc. of Usenix Security CSET 2014//, San Diego (CA), USA. {{https:// | ||
| Line 20: | Line 20: | ||
| Required software and its versions | Required software and its versions | ||
| - | * Ubuntu 16.04 | + | * Ubuntu 16.04 |
| + | * Open a web browser and type: | ||
| + | |||
| + | |||
| + | http:// | ||
| + | |||
| + | |||
| + | Automated testing of the Nodegoat application: | ||
| + | |||
| + | * Run all available (few) exploit scripts against a single instance of the Nodegoat image: | ||
| + | |||
| + | |||
| + | sudo python run.py --batch nodegoat__ubuntu-node-mongo --noreset --visible --verbose --port 8888 | ||
| + | |||
| + | |||
| * Python 2.7.* (should also work with Python 3.4.*) | * Python 2.7.* (should also work with Python 3.4.*) | ||
| * Docker, Selenium and several other packages (can be installed via ' | * Docker, Selenium and several other packages (can be installed via ' | ||
| Line 27: | Line 42: | ||
| * Copy the sources into a separate folder | * Copy the sources into a separate folder | ||
| - | * Run the ' | + | * Run the ' |
| sudo sh ./ | sudo sh ./ | ||
| - | | + | |
| - | | + | |
| - | * You might need to reboot/log out when all packages are installed | + | * Build the base software images by running: |
| - | | + | |
| Line 40: | Line 53: | ||
| - | To check whether TestREx works: | + | === To check whether TestREx works (manual mode): === |
| + | |||
| + | * Run a sample Wordpress 3.2 application: | ||
| - | * Manual testing of the Wordpress 3.2 (manual testing) | ||
| - | |||
| - | |||
| sudo python run.py --manual wordpress3.2__ubuntu-apache-mysql --port 80 | sudo python run.py --manual wordpress3.2__ubuntu-apache-mysql --port 80 | ||
| - | |||
| - | |||
| - | * Open a web browser and type: | ||
| - | + | * Open a web browser and type in the address line: | |
| - | http:// | + | |
| - | + | ||
| - | + | ||
| - | Automated testing of the Nodegoat application: | + | |
| - | * Run all available (few) exploit scripts against a single instance of the Nodegoat image: | + | http:// |
| + | * You should see the Wordpress login page if everything works | ||
| - | sudo python run.py --batch nodegoat__ubuntu-node-mongo --noreset --visible --verbose --port 8888 | ||
| + | === To check whether TestREx works (automatic mode): === | ||
| - | ===== People ===== | + | * Run all available exploit scripts against |
| - | + | ||
| - | The following is a list a people that has been involved in the project at some point in time. | + | |
| - | + | ||
| - | * Silvio Biagioni | + | |
| - | * Stanislav Dashevski | + | |
| - | * Vadim Kotov (Now at Cylance) | + | |
| - | * Fabio Massacci | + | |
| + | sudo python run.py --batch nodegoat__ubuntu-node-mongo --noreset --visible --verbose --port 8888 | ||
| + | * You should observe that several exploits run one by one (the log should be present in the shell, Firefox browser should be started automatically, | ||
| ===== Publications ===== | ===== Publications ===== | ||
| * A. Sabetta, L. Compagna, S. Ponta,S. Dashevskyi, D.R. dos Santos, F. Massacci. **Multi-context exploit test management**. US Patent 20160314302, | * A. Sabetta, L. Compagna, S. Ponta,S. Dashevskyi, D.R. dos Santos, F. Massacci. **Multi-context exploit test management**. US Patent 20160314302, | ||
| * S. Dashevskyi, D.R. dos Santos, F. Massacci, and A. Sabetta. **TestREx: a Testbed for Repeatable Exploits**, In // | * S. Dashevskyi, D.R. dos Santos, F. Massacci, and A. Sabetta. **TestREx: a Testbed for Repeatable Exploits**, In // | ||
| - | * L. Allodi, V. Kotov, F. Massacci. **MalwareLab: | ||
| - | |||
| - | |||
testrex.1498088907.txt.gz · Last modified: (external edit)