mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-20 13:50:45 +00:00
Review Changes
This commit is contained in:
JD
@@ -2,12 +2,13 @@
|
||||
require_relative '../../../../../lib/objects/local_string_generator.rb'
|
||||
require_relative '../../../../../lib/helpers/blacklist.rb'
|
||||
class WordFlagGenerator < StringGenerator
|
||||
attr_accessor :counter
|
||||
attr_accessor :number_of_words
|
||||
|
||||
def initialize
|
||||
super
|
||||
self.module_name = 'Random Word Based Flag Generator'
|
||||
self.counter = 1
|
||||
# Default to 4
|
||||
self.number_of_words = 4
|
||||
end
|
||||
|
||||
def generate
|
||||
@@ -15,7 +16,7 @@ class WordFlagGenerator < StringGenerator
|
||||
flag_string = ''
|
||||
blacklist = Blacklist.new
|
||||
|
||||
self.counter.times do |i|
|
||||
self.number_of_words.times do |i|
|
||||
flag_word = ''
|
||||
until flag_word != ''
|
||||
selected_word = file.sample.chomp
|
||||
@@ -34,17 +35,17 @@ class WordFlagGenerator < StringGenerator
|
||||
super
|
||||
|
||||
case opt
|
||||
when '--counter'
|
||||
when '--number_of_words'
|
||||
if arg.to_i == 0
|
||||
self.counter = 1
|
||||
self.number_of_words = 1
|
||||
else
|
||||
self.counter = arg.to_i
|
||||
self.number_of_words = arg.to_i
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def get_options_array
|
||||
super + [['--counter', GetoptLong::OPTIONAL_ARGUMENT]]
|
||||
super + [['--number_of_words', GetoptLong::OPTIONAL_ARGUMENT]]
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@@ -11,14 +11,13 @@
|
||||
|
||||
<type>flag_generator</type>
|
||||
<type>local_calculation</type>
|
||||
<type>flag_counter</type>
|
||||
<platform>linux</platform>
|
||||
<platform>windows</platform>
|
||||
|
||||
<reference>https://github.com/sophsec/wordlist</reference>
|
||||
<reference>http://wordlist.sourceforge.net/</reference>
|
||||
|
||||
<read_fact>counter</read_fact>
|
||||
<read_fact>no_of_words</read_fact>
|
||||
|
||||
<output_type>generated_strings</output_type>
|
||||
|
||||
|
||||
@@ -2,10 +2,6 @@
|
||||
class security_shepherd::install {
|
||||
include stdlib
|
||||
|
||||
$secgen_parameters=secgen_functions::get_parameters($::base64_inputs_file)
|
||||
$flag_store = $secgen_parameters['flag_store']
|
||||
$modules = $secgen_parameters['modules']
|
||||
|
||||
Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
|
||||
|
||||
ensure_packages(['tomcat9', 'mariadb-server', 'openjdk-11-jdk'], {ensure => installed})
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
class security_shepherd::mariadb {
|
||||
$secgen_parameters=secgen_functions::get_parameters($::base64_inputs_file)
|
||||
$unix_username = $secgen_parameters['unix_username'][0]
|
||||
$flag_store = $secgen_parameters['flag_store']
|
||||
$flag_store = $secgen_parameters['flag_store']
|
||||
$modules = $secgen_parameters['modules']
|
||||
$user = 'root'
|
||||
$db_pass = 'CowSaysMoo'
|
||||
|
||||
@@ -18,13 +18,19 @@
|
||||
<platform>unix</platform>
|
||||
|
||||
<read_fact>unix_username</read_fact>
|
||||
<read_fact>modules</read_fact>
|
||||
<read_fact>flag_store</read_fact>
|
||||
|
||||
<default_input into="unix_username">
|
||||
<generator type="username_generator" />
|
||||
</default_input>
|
||||
|
||||
<default_input into="modules">
|
||||
<generator type="ss_modules" />
|
||||
</default_input>
|
||||
|
||||
<default_input into="flag_store">
|
||||
<generator type="flag_generator" />
|
||||
<generator type="flag_counter" />
|
||||
</default_input>
|
||||
|
||||
<reference>https://github.com/OWASP/SecurityShepherd</reference>
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
<% @modules.each do |mod| -%>
|
||||
<%= mod %>
|
||||
<% end -%>
|
||||
@@ -0,0 +1,4 @@
|
||||
<% @flag_store.each do |flag| -%>
|
||||
<%= flag %>
|
||||
<% end -%>
|
||||
|
||||
48
scenarios/examples/vulnerability_examples/shepherd.xml
Normal file
48
scenarios/examples/vulnerability_examples/shepherd.xml
Normal file
@@ -0,0 +1,48 @@
|
||||
<?xml version="1.0"?>
|
||||
|
||||
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
|
||||
|
||||
<system>
|
||||
<system_name>shepherd</system_name>
|
||||
<base distro="Debian 10" type="desktop" name="KDE" />
|
||||
|
||||
<vulnerability module_path=".*/security_shepherd">
|
||||
<input into="modules" into_datastore="modules">
|
||||
<generator type="ss_modules">
|
||||
<input into="filter">
|
||||
<value>SQL</value>
|
||||
<value>CSRF</value>
|
||||
</input>
|
||||
</generator>
|
||||
</input>
|
||||
<input into="flag_store" into_datastore="flag_store">
|
||||
<generator type="flag_generator">
|
||||
<input into="no_of_words">
|
||||
<value>17</value>
|
||||
</input>
|
||||
</generator>
|
||||
</input>
|
||||
</vulnerability>
|
||||
|
||||
<utility module_path=".*/parameterised_accounts" platform="linux">
|
||||
<input into="accounts" into_datastore="accounts">
|
||||
<generator type="account">
|
||||
<input into="username">
|
||||
<value>user1</value>
|
||||
</input>
|
||||
<input into="password">
|
||||
<value>password</value>
|
||||
</input>
|
||||
<input into="super_user">
|
||||
<value>true</value>
|
||||
</input>
|
||||
</generator>
|
||||
</input>
|
||||
</utility>
|
||||
|
||||
<network type="private_network" range="dhcp" />
|
||||
</system>
|
||||
|
||||
</scenario>
|
||||
Reference in New Issue
Block a user