digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 11:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
SecGen/scenarios/security_audit/ads_assignment.xml
Z. Cliffe Schreuders 02c7c57a13 remove ambiguity from module path selections in scenarios
2019-11-28 09:54:55 +00:00

92 lines
2.8 KiB
XML
Raw Permalink Blame History

<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<!-- Security Audit of a web server with an in-the-wild web application with known vulnerabilities and
Access control misconfigurations, with a a bunch of user accounts with some weak passwords
username: user, password: toor -->
<system>
<system_name>access_control_misconfigurations</system_name>
<base platform="linux" type="server" module_path=".*/stretch.*"/>
<input into_datastore="IP_addresses">
<value>172.16.0.2</value>
</input>
<vulnerability type="in_the_wild" module_path=".*/webapp.*">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</vulnerability>
<vulnerability type="access_control_misconfiguration"/>
<vulnerability type="access_control_misconfiguration"/>
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<generator type="account">
<input into="username">
<value>user</value>
</input>
<input into="password">
<value>toor</value>
</input>
<input into="super_user">
<value>true</value>
</input>
</generator>
<generator type="account">
<input into="username">
<value>user1</value>
</input>
<input into="password">
<generator type="password_generator"/>
</input>
</generator>
<generator type="account">
<input into="username">
<value>user2</value>
</input>
<input into="password">
<generator type="weak_password_generator"/>
</input>
</generator>
<generator type="account">
<input into="username">
<value>user3</value>
</input>
<input into="password">
<generator type="weak_password_generator"/>
</input>
</generator>
<generator type="account">
<input into="username">
<value>user4</value>
</input>
<input into="password">
<generator type="medium_password_generator"/>
</input>
</generator>
<generator type="account">
<input into="username">
<value>user5</value>
</input>
<input into="password">
<generator type="strong_password_generator"/>
</input>
</generator>
</input>
</utility>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>
Reference in New Issue View Git Blame Copy Permalink