This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
testrex [2017/06/22 10:15] stanislav.dashevskyi@unitn.it |
testrex [2021/01/29 10:58] (current) |
||
---|---|---|---|
Line 8: | Line 8: | ||
* Generating reports with successes/failures of the exploits | * Generating reports with successes/failures of the exploits | ||
* A corpus of sample applications and exploits is provided for the demonstration purposes | * A corpus of sample applications and exploits is provided for the demonstration purposes | ||
+ | need to reboot/log out when all packages are installedneed to reboot/log out when all packages are installed | ||
The corresponding publication is | The corresponding publication is | ||
* S. Dashevskyi, D. Ricardo dos Santos, F. Massacci, A. Sabetta. TestREx: a Testbed for Repeatable Exploits In: //Proc. of Usenix Security CSET 2014//, San Diego (CA), USA. {{https://www.usenix.org/system/files/conference/cset14/cset14-paper-dashevskyi.pdf|PDF}} | * S. Dashevskyi, D. Ricardo dos Santos, F. Massacci, A. Sabetta. TestREx: a Testbed for Repeatable Exploits In: //Proc. of Usenix Security CSET 2014//, San Diego (CA), USA. {{https://www.usenix.org/system/files/conference/cset14/cset14-paper-dashevskyi.pdf|PDF}} | ||
Line 20: | Line 20: | ||
Required software and its versions | Required software and its versions | ||
- | * Ubuntu 16.04 | + | * Ubuntu 16.04 |
+ | * Open a web browser and type: | ||
+ | |||
+ | |||
+ | http://localhost:49160/wordpress/wp-login.php | ||
+ | |||
+ | |||
+ | Automated testing of the Nodegoat application: | ||
+ | |||
+ | * Run all available (few) exploit scripts against a single instance of the Nodegoat image: | ||
+ | |||
+ | |||
+ | sudo python run.py --batch nodegoat__ubuntu-node-mongo --noreset --visible --verbose --port 8888 | ||
+ | |||
+ | |||
* Python 2.7.* (should also work with Python 3.4.*) | * Python 2.7.* (should also work with Python 3.4.*) | ||
* Docker, Selenium and several other packages (can be installed via './scripts/install.sh' script) | * Docker, Selenium and several other packages (can be installed via './scripts/install.sh' script) | ||
Line 27: | Line 42: | ||
* Copy the sources into a separate folder | * Copy the sources into a separate folder | ||
- | * Run the 'install.sh' file from the TestREx root folder: | + | * Run the 'install.sh' file from the TestREx root folder (you might need to reboot once all packages are installed): |
sudo sh ./scripts/install.sh | sudo sh ./scripts/install.sh | ||
- | | + | |
- | | + | |
- | * You might need to reboot/log out when all packages are installed | + | * Build the base software images by running: |
- | * Build the base software images by running: | + | |
Line 40: | Line 53: | ||
- | To check whether TestREx works: | + | === To check whether TestREx works (manual mode): === |
+ | |||
+ | * Run a sample Wordpress 3.2 application: | ||
- | * Manual testing of the Wordpress 3.2 (manual testing) | ||
- | |||
- | |||
sudo python run.py --manual wordpress3.2__ubuntu-apache-mysql --port 80 | sudo python run.py --manual wordpress3.2__ubuntu-apache-mysql --port 80 | ||
- | |||
- | |||
- | * Open a web browser and type: | ||
- | + | * Open a web browser and type in the address line: | |
- | http://localhost:49160/wordpress/wp-login.php | + | |
- | + | ||
- | + | ||
- | Automated testing of the Nodegoat application: | + | |
- | * Run all available (few) exploit scripts against a single instance of the Nodegoat image: | + | http://localhost:49160/wordpress/wp-login.php |
+ | * You should see the Wordpress login page if everything works | ||
- | sudo python run.py --batch nodegoat__ubuntu-node-mongo --noreset --visible --verbose --port 8888 | ||
+ | === To check whether TestREx works (automatic mode): === | ||
+ | * Run all available exploit scripts against a single instance of NodeGoat application: | ||
+ | |||
+ | sudo python run.py --batch nodegoat__ubuntu-node-mongo --noreset --visible --verbose --port 8888 | ||
+ | * You should observe that several exploits run one by one (the log should be present in the shell, Firefox browser should be started automatically, etc.) | ||
===== Publications ===== | ===== Publications ===== | ||