--------------------WIP-------------------
| command | description |
|---|---|
- Prerequisites
- Forking the Project
- Create a Branch
- Set Up Postgres
- Set Up SecurityAnalizer
- Set up Docker
| Prerequisite | Version |
|---|---|
| Ruby | ~ |
| Rails | ~ |
| Postgres | ~ |
| Python | ~ |
Updating to the latest releases is recommended.
If Ruby, Pythond, Rails or Postgres are already installed on your machine, run the following commands to validate the versions:
python --version
postgres -v
ruby -v
rails -v- Install Git or your favorite Git client.
- Go to the top level SecurityAnalizer repository: https://github.com/gmotzespina/SecurityAnalizer
- Click the "Fork" Button in the upper right hand corner of the interface (More Details Here)
- After the repository (repo) has been forked, you will be taken to your copy of the SecurityAnalizer repo at https://github.com/yourUsername/SecurityAnalizer
- Open a Terminal / Command Line / Bash Shell in your projects directory (i.e.:
/yourprojectdirectory/) - Clone your fork of SecurityAnalizer
$ git clone https://github.com/yourUsername/SecurityAnalizer.git(make sure to replace yourUsername with your GitHub username)
This will download the entire repo to your projects directory.
- Change directory to the new SecurityAnalizer directory (
cd SecurityAnalizer) - Add a remote to the official SecurityAnalizer repo:
$ git remote add upstream https://github.com/gmotzespina/SecurityAnalizerCongratulations, you now have a local copy of the SecurityAnalizer repo!
Now that you have a copy of your fork, there is work you will need to do to keep it current.
Do this prior to every time you create a branch for a PR:
- Make sure you are on the
masterbranch
$ git status
On branch master
Your branch is up-to-date with 'origin/master'.If your aren't on master, resolve outstanding files / commits and checkout the master branch
$ git checkout master- Do a pull with rebase against
upstream
$ git pull --rebase upstream masterThis will pull down all of the changes to the master branch, without making an additional commit in your local repo.
- (Optional) Force push your updated master branch to your GitHub fork
$ git push origin master --forceThis will overwrite the master branch of your fork.
Before you start working, you will need to create a separate branch specific to the issue / feature you're working on. You will push your work to this branch.
Name the branch something like fix/xxx or feature/xxx where xxx is a short description of the changes or feature you are attempting to add. For example fix/email-login would be a branch where you fix something specific to email login.
To create a branch on your local machine (and switch to this branch):
$ git checkout -b [name_of_your_new_branch]and to push to GitHub:
$ git push origin [name_of_your_new_branch]If you need more help with branching, take a look at this.
--------------------WIP-------------------
--------------------WIP------------------- Once you have SecurityAnalizer cloned, before you start the application, you first need to install all of the dependencies:
# Install Bundle dependencies
bundle install--------------------WIP-------------------
Now navigate to your browser and open http://localhost:3000. If the app loads, congratulations โ you're all set.
How to run this project
-
Install docker and docker-compose
-
to run the project do:
$ docker-compose build web
$ docker-compose run --rm web rails db:create db:migrate
$ docker-compose up web
This bit is up to you!
--------------------WIP------------------- When you're ready to share your code, run the test suite:
$ testand ensure all tests pass.
Once your PR is accepted, you may delete the branch you created to submit it. This keeps your working fork clean.
You can do this with a press of a button on the GitHub PR interface. You can
delete the local copy of the branch with: git branch -D branch/to-delete-name
If you have a local copy of the repo, you can make the requested changes and
amend your commit with: git commit --amend This will update your existing
commit. When you push it to your fork you will need to do a force push to
overwrite your old commit: git push --force
Be sure to post in the PR conversation that you have made the requested changes.
-
Create a Branch. DON'T forget to name your branch correctly.
-
Make the changes.
-
Create a Pull Request.
-
WAIT FOR THE CODE REVIEW Don't merge your onw changes.
-
If your pull request was rejected, update your existing commit.
-
else Congratulations!!๐
Web Vulnerabilities REST API Scanner is a Python REST API to find the most common web vulnerabilities in your Website using the Black-Box Method. This REST API have a conecction with a Ruby on Rails Web App to send requests and responses to have a control of your scanners. This is based on a Open Source Project called WAScann, some Classes, Libraries and Data were taken from it.
REST API
- Send resquests and responses in JSON Format
- Resquest status
- Communication with Ruby on Rails Web App
- Exceptions handler
- Threading Jobs
Attacks
- Blind SQL Injection
- SQL Injection in Headers
- XSS in Headers
- HTML Injection
- LDAP Injection
- Local File Inclusion
- OS Commanding
- PHP Code Injection
- SQL Injection
- Server Side Injection
- XPath Injection
- Cross Site Scripting
- XML External Entity
$ git clone https://github.com/AndresSan6/VulnerabilityScannerPython.git
$ cd Vulnerability Scanner Python
$ pip install -r requirements.txt
$ python main.py
You need Postman to test the REST API and start the server
JSON REQUEST FORMAT:
{
"url": "http://example.com",
"idScann": 1,
"Authentication_Token":
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzYWx1ZG9zIGFjYWRlbXkgMjAxOGIiLCJuYW1lIj
oiY29tZSBmcnV0YXMgeSB2ZXJkdXJhcyIsImlhdCI6MTUxNjIzOTAyMn0.BPtUskACc5sxOFMB38iFx4tmzrNZ9l
uwa6c KHL-etDQ",
"vulnerabilities": ["blindsqli","xss"]
}
1.- Set Content-Type with value "application/json" on Headers
2.- Write the JSON Request
3.- Send your request
4.- Ready !