User Tools

Site Tools


testrex

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
testrex [2017/06/22 08:15]
stanislav.dashevskyi@unitn.it
testrex [2021/01/29 10:58] (current)
Line 8: Line 8:
   * Generating reports with successes/​failures of the exploits   * Generating reports with successes/​failures of the exploits
   * A corpus of sample applications and exploits is provided for the demonstration purposes   * A corpus of sample applications and exploits is provided for the demonstration purposes
 +need to reboot/log out when all packages are installedneed to reboot/log out when all packages are installed
 The corresponding publication is  The corresponding publication is 
   * S. Dashevskyi, D. Ricardo dos Santos, F. Massacci, A. Sabetta. TestREx: a Testbed for Repeatable Exploits In: //Proc. of Usenix Security CSET 2014//, San Diego (CA), USA. {{https://​www.usenix.org/​system/​files/​conference/​cset14/​cset14-paper-dashevskyi.pdf|PDF}}   * S. Dashevskyi, D. Ricardo dos Santos, F. Massacci, A. Sabetta. TestREx: a Testbed for Repeatable Exploits In: //Proc. of Usenix Security CSET 2014//, San Diego (CA), USA. {{https://​www.usenix.org/​system/​files/​conference/​cset14/​cset14-paper-dashevskyi.pdf|PDF}}
Line 20: Line 20:
 Required software and its versions Required software and its versions
  
-  * Ubuntu 16.04+  * Ubuntu 16.04          
 +  * Open a web browser and type: 
 + 
 +         
 +        http://​localhost:​49160/​wordpress/​wp-login.php  
 +         
 +          
 +Automated testing of the Nodegoat application:​ 
 + 
 +  * Run all available (few) exploit scripts against a single instance of the Nodegoat image: 
 + 
 + 
 +         sudo python run.py --batch nodegoat__ubuntu-node-mongo --noreset --visible --verbose --port 8888 
 + 
 + 
   * Python 2.7.* (should also work with Python 3.4.*)   * Python 2.7.* (should also work with Python 3.4.*)
   * Docker, Selenium and several other packages (can be installed via '​./​scripts/​install.sh'​ script)   * Docker, Selenium and several other packages (can be installed via '​./​scripts/​install.sh'​ script)
Line 27: Line 42:
  
   * Copy the sources into a separate folder   * Copy the sources into a separate folder
-  * Run the '​install.sh'​ file from the TestREx root folder: +  * Run the '​install.sh'​ file from the TestREx root folder ​(you might need to reboot once all packages are installed):
  
          sudo sh ./​scripts/​install.sh          sudo sh ./​scripts/​install.sh
-  ​ +                ​ 
-         ​ +               
-  * You might need to reboot/log out when all packages are installed +* Build the base software images by running:
-  ​* Build the base software images by running:+
  
  
Line 40: Line 53:
                    
  
-To check whether TestREx works:+=== To check whether TestREx works (manual mode): === 
 + 
 +  * Run a sample Wordpress 3.2 application:
  
-  * Manual testing of the Wordpress 3.2 (manual testing) 
-          
-              
          sudo python run.py --manual wordpress3.2__ubuntu-apache-mysql --port 80          sudo python run.py --manual wordpress3.2__ubuntu-apache-mysql --port 80
-          
-          
-  * Open a web browser and type: 
  
-         +  * Open a web browser and type in the address line:
-        http://​localhost:​49160/​wordpress/​wp-login.php  +
-         +
-          +
-Automated testing of the Nodegoat application:+
  
-  * Run all available (few) exploit scripts against a single instance of the Nodegoat image:+         http://​localhost:​49160/​wordpress/​wp-login.php
  
 +  * You should see the Wordpress login page if everything works
  
-         sudo python run.py --batch nodegoat__ubuntu-node-mongo --noreset --visible --verbose --port 8888 
  
 +=== To check whether TestREx works (automatic mode): ===
  
 +  * Run all available exploit scripts against a single instance of NodeGoat application:​
 +
 +         sudo python run.py --batch nodegoat__ubuntu-node-mongo --noreset --visible --verbose --port 8888
  
 +  * You should observe that several exploits run one by one (the log should be present in the shell, Firefox browser should be started automatically,​ etc.)                ​
 ===== Publications ===== ===== Publications =====
  
testrex.1498119326.txt.gz · Last modified: 2021/01/29 10:58 (external edit)