This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bundles: | |
- php | |
- general | |
report: | |
pullRequest: | |
findings: "onAllFiles" | |
comment: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading scanner... | |
Processing application in /Users/at/src/github.com/OWASP/railsgoat | |
Processing gems... | |
[Notice] Detected Rails 5 application | |
Processing configuration... | |
[Notice] Escaping HTML by default | |
Parsing files... | |
Processing initializers... | |
Processing libs...sed | |
Processing routes... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Prequisites: (Tested on Mac only) | |
# 1. Install openssl | |
# 2. Install python | |
# 3. Clone the trustkit repository | |
# 4. cd into the trustkit repository and create the getPublicKeyHashes.sh file in there | |
if [ -z "$1" ] | |
then | |
echo "Please provide a hostname and port. E.g ./getPublicKeyHashes.sh google.com 443" | |
elif [ -z "$2" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package net.continuumsecurity; | |
import net.continuumsecurity.Config; | |
import net.continuumsecurity.Credentials; | |
import net.continuumsecurity.UserPassCredentials; | |
import net.continuumsecurity.behaviour.ILogin; | |
import net.continuumsecurity.behaviour.ILogout; | |
import net.continuumsecurity.behaviour.INavigable; | |
import net.continuumsecurity.web.WebApplication; | |
import org.openqa.selenium.By; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="ISO-8859-1" ?> | |
<web-app> | |
<!-- Base URL of the application to test --> | |
<baseUrl>http://10.1.1.251:8080/WebGoat/</baseUrl> | |
<!-- A Java class to hold the Selenium steps to test the application in depth. Optionally required for in-depth authn/z and session management testing. --> | |
<class>net.continuumsecurity.WebGoatApplication</class> | |
<sslyze> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package net.continuumsecurity; | |
import net.continuumsecurity.Config; | |
import net.continuumsecurity.Credentials; | |
import net.continuumsecurity.UserPassCredentials; | |
import net.continuumsecurity.behaviour.ILogin; | |
import net.continuumsecurity.behaviour.ILogout; | |
import net.continuumsecurity.behaviour.INavigable; | |
import net.continuumsecurity.web.WebApplication; | |
import org.openqa.selenium.By; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="ISO-8859-1" ?> | |
<web-app> | |
[...] | |
<baseUrl>http://localhost:8080/WebGoat/</baseUrl> | |
<class>net.continuumsecurity.WebGoatApplication</class> | |
<defaultUsername>guest</defaultUsername> | |
<defaultPassword>guest</defaultPassword> | |
[...] | |
</web-app> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wget https://s3.amazonaws.com/webgoat-war/webgoat-container-7.0.1-war-exec.jar | |
java -jar webgoat-container-7.0.1-war-exec.jar |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[..] | |
public class RopeyTasksApplication extends WebApplication implements ILogin, | |
ILogout,INavigable { | |
[..] | |
@Override | |
public void openLoginPage() { | |
driver.get(Config.getInstance().getBaseUrl() + "user/login"); | |
findAndWaitForElement(By.id("username")); | |
} | |
[..] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="ISO-8859-1" ?> | |
<web-app> | |
<baseUrl>http://localhost:8080/</baseUrl> | |
<!-- A Java class to hold the Selenium steps to test the application in depth. Optionally required for in-depth authn/z and session management testing. --> | |
<class>net.continuumsecurity.examples.ropeytasks.RopeyTasksApplication</class> | |
<!-- Optional names of the session ID cookies for session management testing. --> | |
<sessionIds> | |
<name>JSESSIONID</name> | |
</sessionIds> | |
<!-- the default user to use when logging in to the app --> |
NewerOlder