diff --git a/modules/generators/flag/flag_words/secgen_local/local.rb b/modules/generators/flag/flag_words/secgen_local/local.rb
index c91035713..937684ef5 100644
--- a/modules/generators/flag/flag_words/secgen_local/local.rb
+++ b/modules/generators/flag/flag_words/secgen_local/local.rb
@@ -2,12 +2,13 @@
require_relative '../../../../../lib/objects/local_string_generator.rb'
require_relative '../../../../../lib/helpers/blacklist.rb'
class WordFlagGenerator < StringGenerator
- attr_accessor :counter
+ attr_accessor :number_of_words
def initialize
super
self.module_name = 'Random Word Based Flag Generator'
- self.counter = 1
+ # Default to 4
+ self.number_of_words = 4
end
def generate
@@ -15,7 +16,7 @@ class WordFlagGenerator < StringGenerator
flag_string = ''
blacklist = Blacklist.new
- self.counter.times do |i|
+ self.number_of_words.times do |i|
flag_word = ''
until flag_word != ''
selected_word = file.sample.chomp
@@ -34,17 +35,17 @@ class WordFlagGenerator < StringGenerator
super
case opt
- when '--counter'
+ when '--number_of_words'
if arg.to_i == 0
- self.counter = 1
+ self.number_of_words = 1
else
- self.counter = arg.to_i
+ self.number_of_words = arg.to_i
end
end
end
def get_options_array
- super + [['--counter', GetoptLong::OPTIONAL_ARGUMENT]]
+ super + [['--number_of_words', GetoptLong::OPTIONAL_ARGUMENT]]
end
end
diff --git a/modules/generators/flag/flag_words/secgen_metadata.xml b/modules/generators/flag/flag_words/secgen_metadata.xml
index dd42e8a48..e741819bb 100644
--- a/modules/generators/flag/flag_words/secgen_metadata.xml
+++ b/modules/generators/flag/flag_words/secgen_metadata.xml
@@ -11,14 +11,13 @@
flag_generator
local_calculation
- flag_counter
linux
windows
https://github.com/sophsec/wordlist
http://wordlist.sourceforge.net/
- counter
+ no_of_words
generated_strings
diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/install.pp b/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/install.pp
index 1f768f074..6c0bf4f6a 100644
--- a/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/install.pp
+++ b/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/install.pp
@@ -2,10 +2,6 @@
class security_shepherd::install {
include stdlib
- $secgen_parameters=secgen_functions::get_parameters($::base64_inputs_file)
- $flag_store = $secgen_parameters['flag_store']
- $modules = $secgen_parameters['modules']
-
Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
ensure_packages(['tomcat9', 'mariadb-server', 'openjdk-11-jdk'], {ensure => installed})
diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/mariadb.pp b/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/mariadb.pp
index 565712db6..1710aff62 100644
--- a/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/mariadb.pp
+++ b/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/mariadb.pp
@@ -2,7 +2,7 @@
class security_shepherd::mariadb {
$secgen_parameters=secgen_functions::get_parameters($::base64_inputs_file)
$unix_username = $secgen_parameters['unix_username'][0]
- $flag_store = $secgen_parameters['flag_store']
+ $flag_store = $secgen_parameters['flag_store']
$modules = $secgen_parameters['modules']
$user = 'root'
$db_pass = 'CowSaysMoo'
diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/secgen_metadata.xml b/modules/vulnerabilities/unix/web_training/security_shepherd/secgen_metadata.xml
index 892023d44..1d4a74f52 100644
--- a/modules/vulnerabilities/unix/web_training/security_shepherd/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/web_training/security_shepherd/secgen_metadata.xml
@@ -18,13 +18,19 @@
unix
unix_username
+ modules
+ flag_store
+
+
+
+
-
+
https://github.com/OWASP/SecurityShepherd
diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/templates/active-modules.erb b/modules/vulnerabilities/unix/web_training/security_shepherd/templates/active-modules.erb
new file mode 100644
index 000000000..2627c21ae
--- /dev/null
+++ b/modules/vulnerabilities/unix/web_training/security_shepherd/templates/active-modules.erb
@@ -0,0 +1,3 @@
+<% @modules.each do |mod| -%>
+<%= mod %>
+<% end -%>
diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/templates/flags.erb b/modules/vulnerabilities/unix/web_training/security_shepherd/templates/flags.erb
new file mode 100644
index 000000000..97f8cfc04
--- /dev/null
+++ b/modules/vulnerabilities/unix/web_training/security_shepherd/templates/flags.erb
@@ -0,0 +1,4 @@
+<% @flag_store.each do |flag| -%>
+<%= flag %>
+<% end -%>
+
diff --git a/scenarios/examples/vulnerability_examples/shepherd.xml b/scenarios/examples/vulnerability_examples/shepherd.xml
new file mode 100644
index 000000000..668b55b49
--- /dev/null
+++ b/scenarios/examples/vulnerability_examples/shepherd.xml
@@ -0,0 +1,48 @@
+
+
+
+
+
+ shepherd
+
+
+
+
+
+
+ SQL
+ CSRF
+
+
+
+
+
+
+ 17
+
+
+
+
+
+
+
+
+
+ user1
+
+
+ password
+
+
+ true
+
+
+
+
+
+
+
+
+
\ No newline at end of file