User Tools

Site Tools


testrex

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

testrex [2017/06/22 10:15]
stanislav.dashevskyi@unitn.it
testrex [2017/06/22 10:29] (current)
stanislav.dashevskyi@unitn.it [TestREx (Testbed for Repeatable Exploits) - Download Guide]
Line 8: Line 8:
   * Generating reports with successes/failures of the exploits   * Generating reports with successes/failures of the exploits
   * A corpus of sample applications and exploits is provided for the demonstration purposes   * A corpus of sample applications and exploits is provided for the demonstration purposes
 +need to reboot/log out when all packages are installedneed to reboot/log out when all packages are installed
 The corresponding publication is  The corresponding publication is 
   * S. Dashevskyi, D. Ricardo dos Santos, F. Massacci, A. Sabetta. TestREx: a Testbed for Repeatable Exploits In: //Proc. of Usenix Security CSET 2014//, San Diego (CA), USA. {{https://www.usenix.org/system/files/conference/cset14/cset14-paper-dashevskyi.pdf|PDF}}   * S. Dashevskyi, D. Ricardo dos Santos, F. Massacci, A. Sabetta. TestREx: a Testbed for Repeatable Exploits In: //Proc. of Usenix Security CSET 2014//, San Diego (CA), USA. {{https://www.usenix.org/system/files/conference/cset14/cset14-paper-dashevskyi.pdf|PDF}}
Line 20: Line 20:
 Required software and its versions Required software and its versions
  
-  * Ubuntu 16.04+  * Ubuntu 16.04          
 +  * Open a web browser and type: 
 + 
 +         
 +        http://localhost:49160/wordpress/wp-login.php  
 +         
 +          
 +Automated testing of the Nodegoat application: 
 + 
 +  * Run all available (few) exploit scripts against a single instance of the Nodegoat image: 
 + 
 + 
 +         sudo python run.py --batch nodegoat__ubuntu-node-mongo --noreset --visible --verbose --port 8888 
 + 
 + 
   * Python 2.7.* (should also work with Python 3.4.*)   * Python 2.7.* (should also work with Python 3.4.*)
   * Docker, Selenium and several other packages (can be installed via './scripts/install.sh' script)   * Docker, Selenium and several other packages (can be installed via './scripts/install.sh' script)
Line 27: Line 42:
  
   * Copy the sources into a separate folder   * Copy the sources into a separate folder
-  * Run the 'install.sh' file from the TestREx root folder: +  * Run the 'install.sh' file from the TestREx root folder (you might need to reboot once all packages are installed):
  
          sudo sh ./scripts/install.sh          sudo sh ./scripts/install.sh
-   +                 
-          +               
-  * You might need to reboot/log out when all packages are installed +* Build the base software images by running:
-  * Build the base software images by running:+
  
  
Line 40: Line 53:
                    
  
-To check whether TestREx works:+=== To check whether TestREx works (manual mode): === 
 + 
 +  * Run a sample Wordpress 3.2 application:
  
-  * Manual testing of the Wordpress 3.2 (manual testing) 
-          
-              
          sudo python run.py --manual wordpress3.2__ubuntu-apache-mysql --port 80          sudo python run.py --manual wordpress3.2__ubuntu-apache-mysql --port 80
-          
-          
-  * Open a web browser and type: 
  
-         +  * Open a web browser and type in the address line:
-        http://localhost:49160/wordpress/wp-login.php  +
-         +
-          +
-Automated testing of the Nodegoat application:+
  
-  * Run all available (few) exploit scripts against a single instance of the Nodegoat image:+         http://localhost:49160/wordpress/wp-login.php
  
 +  * You should see the Wordpress login page if everything works
  
-         sudo python run.py --batch nodegoat__ubuntu-node-mongo --noreset --visible --verbose --port 8888 
  
 +=== To check whether TestREx works (automatic mode): ===
  
 +  * Run all available exploit scripts against a single instance of NodeGoat application:
 +
 +         sudo python run.py --batch nodegoat__ubuntu-node-mongo --noreset --visible --verbose --port 8888
  
 +  * You should observe that several exploits run one by one (the log should be present in the shell, Firefox browser should be started automatically, etc.)                
 ===== Publications ===== ===== Publications =====
  
testrex.txt · Last modified: 2017/06/22 10:29 by stanislav.dashevskyi@unitn.it