digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-23 12:18:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
auto_grading180621
SecGen/modules/vulnerabilities/unix/webapp/commando/secgen_metadata.xml
Z. Cliffe Schreuders b5f39b3a43 Commando a bunch of modules for generating a randomised vulnerable web app with randomised table names, XSS, SQLi, etc. 
Co-Authored-By: Josh1438 <Josh1438@Josh1438>
2020-02-24 23:28:49 +00:00

88 lines
2.3 KiB
XML
Raw Permalink Blame History

<?xml version="1.0"?>
<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
<name>Commando: Random vulnerable website generator</name>
<author>Joshua Hickling</author>
<author>Laura Reid</author> <!-- based on a related project by Laura -->
<module_license>MIT</module_license>
<description>Randomised website designed for website security training.
WARNING: This module needs some further testing, and may not work without input as per example scenarios.</description>
<type>www_rand</type>
<privilege>info_leak</privilege>
<access>remote</access>
<platform>linux</platform>
<read_fact>sqli</read_fact>
<read_fact>question_table</read_fact>
<read_fact>search</read_fact>
<read_fact>database</read_fact>
<read_fact>organisation</read_fact>
<default_input into="port">
<value>80</value>
</default_input>
<default_input into="db_password">
<generator type="strong_password_generator" />
</default_input>
<default_input into="organisation">
<generator type="realistic_organisation" />
</default_input>
<default_input into="admin_account">
<generator module_path=".*vulnerable_php_admin_account" />
</default_input>
<default_input into="xss_string_to_leak">
<generator type="flag_generator" />
</default_input>
<default_input into="default_admin_string_to_leak">
<generator type="flag_generator" />
</default_input>
<default_input into="default_admin_deactivation">
<value>false</value>
</default_input>
<default_input into="strong_password">
<generator type="strong_password_generator" />
</default_input>
<default_input into="alternate_username">
<generator type="username_generator" />
</default_input>
<default_input into="verbose_error_deactivation">
<value>false</value>
</default_input>
<default_input into="user">
<generator type="person" />
</default_input>
<default_input into="theme">
<generator module_path=".*css_theme" />
</default_input>
<default_input into="user_table_name">
<generator module_path=".*users_table_name" />
</default_input>
<conflict>
<module_path>.*commando</module_path>
</conflict>
<requires>
<module_path>.*/apache.*</module_path>
</requires>
<requires>
<module_path>.*mysql.*compatible.*</module_path>
</requires>
</vulnerability>
Reference in New Issue View Git Blame Copy Permalink