mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-22 11:48:17 +00:00
56 lines
1.5 KiB
XML
56 lines
1.5 KiB
XML
<?xml version="1.0"?>
|
|
|
|
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
|
|
|
|
<!-- Security audit of an in the wild web application that uses a database -->
|
|
<system>
|
|
<system_name>web_server</system_name>
|
|
<base platform="linux" type="server" />
|
|
|
|
<input into_datastore="IP_addresses">
|
|
<value>172.16.0.2</value>
|
|
<value>172.16.0.3</value>
|
|
</input>
|
|
|
|
<vulnerability type="webapp_with_db" module_path=".*/webapp.*">
|
|
<input into="IP_address">
|
|
<datastore access="0">IP_addresses</datastore>
|
|
</input>
|
|
</vulnerability>
|
|
|
|
<network type="private_network">
|
|
<input into="IP_address">
|
|
<datastore access="0">IP_addresses</datastore>
|
|
</input>
|
|
</network>
|
|
</system>
|
|
|
|
<system>
|
|
<system_name>attack_vm</system_name>
|
|
<base distro="Kali" name="MSF"/>
|
|
|
|
<utility module_path=".*/iceweasel">
|
|
<input into="accounts">
|
|
<value>{"username":"root","password":"toor","super_user":"","strings_to_leak":[],"leaked_filenames":[]}</value>
|
|
</input>
|
|
<input into="autostart">
|
|
<value>true</value>
|
|
</input>
|
|
<input into="start_page">
|
|
<datastore access="0">IP_addresses</datastore>
|
|
</input>
|
|
</utility>
|
|
|
|
<utility module_path=".*/kali_web"/>
|
|
|
|
<network type="private_network">
|
|
<input into="IP_address">
|
|
<datastore access="1">IP_addresses</datastore>
|
|
</input>
|
|
</network>
|
|
</system>
|
|
|
|
</scenario>
|