Security testing
It starts a sample vulnerable web application and performs a security pentesting attack to determine the vulnerabilities of the application.
docker run --rm -v ~/.elastest:/data -v /var/run/docker.sock:/var/run/docker.sock elastest/platform start
Recommended system specifications
ElasTest needs some minimum system specifications in order to run smoothly:
| Processor | 1GHz or faster |
| RAM | 16GB |
| SWAP | 4GB (if RAM < 16GB) |
| Hard Disk | 30GB |
Test
import unittest
from selenium import webdriver
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
from pprint import pprint
import os
import sys
import requests
from urlparse import urlparse
import time
flag=""
url=""
class PythonOrgSearch(unittest.TestCase):
def setUp(self):
essApiUrl=os.environ['ET_ESS_API']
parsed_ess_url=urlparse(essApiUrl)
ess_url=parsed_ess_url.scheme+"://"+parsed_ess_url.netloc
print("ESS URL is: "+str(ess_url))
eusUrl=os.environ['ET_EUS_API']
print("EUS URL is: "+str(eusUrl))
ess_mitm_proxy_url=ess_url.rstrip(":80").lstrip("http://")
options = webdriver.ChromeOptions()
options.add_argument('--proxy-server='+ess_mitm_proxy_url+":8080")
capabilities = options.to_capabilities()
self.driver = webdriver.Remote(command_executor=eusUrl, desired_capabilities=capabilities)
#debug
#proxies = {'http': ess_mitm_proxy_url+":8080",'https': ess_mitm_proxy_url+":8080"}
#requests.get('http://example.org', proxies=proxies)
#self.driver = webdriver.Chrome(desired_capabilities=capabilities)
#self.driver = webdriver.Firefox()
def test_search_in_python_org(self):
driver = self.driver
essApiUrl=os.environ['ET_ESS_API']
parsed_ess_url=urlparse(essApiUrl)
ess_url=parsed_ess_url.scheme+"://"+parsed_ess_url.netloc
if flag == "login":
driver.get(url)
login_launch = driver.find_element_by_xpath("//*[@id=\"navigation-bar\"]/div/ul/li[2]/a")
login_launch.click()
username = driver.find_element_by_id("email")
username.send_keys("teacher@gmail.com")
password = driver.find_element_by_id("password")
password.send_keys("pass")
login_btn = driver.find_element_by_id("log-in-btn")
login_btn.click()
time.sleep(5)
settings_btn = driver.find_element_by_id("settings-button")
settings_btn.click()
re=requests.post(ess_url+"/ess/api/r4/start/",json={"sites": [url]})
else:
if(url=="example"):
driver.get("https://www.example.org")
time.sleep(3)
re=requests.post(ess_url+"/ess/api/r4/start/",json={"sites": ["https://www.example.org"]})
elif(url=="fullteaching"):
driver.get("https://52.50.3.12")
time.sleep(3)
re=requests.post(ess_url+"/ess/api/r4/start/",json={"sites": ["https://52.50.3.12"]})
elif(url==""):
driver.get("https://www.example.org")
time.sleep(3)
re=requests.post(ess_url+"/ess/api/r4/start/",json={"sites": ["https://www.example.org"]})
else:
driver.get(url)
time.sleep(3)
re=requests.post(ess_url+"/ess/api/r4/start/",json={"sites": [url]})
#Checking the status of the scan
if "starting-ess" in re.text:
req=requests.get(ess_url+'/ess/api/r4/status/')
status=req.text
while ("not-yet" in status):
time.sleep(5)
req=requests.get(ess_url+'/ess/api/r4/status/')
status=req.text
def tearDown(self):
pass
if __name__ == "__main__":
if len(sys.argv)>1 and len(sys.argv)<=2:
url=sys.argv[1]
del sys.argv[1]
elif len(sys.argv)>1 and len(sys.argv)>2:
url=sys.argv[1]
flag=sys.argv[2]
del sys.argv[1]
del sys.argv[1]
unittest.main()
Generate Report
