pavanw3b / sh00t Goto Github PK

Why does the app order things as Project - Assessment - Sh0t - Flag ?

It should be Project - Assessment - Flag - Sh0t. You could shoot at a flag many times and find multiple Sh0ts (bugs). A Sh0t is the final output of the process.

Update Installation section in README to do
python manage.py migrate

I openned a flag: Application mapping results - XXE injection and saw an encoding issue in the example payload given in the note:

Maybe there is wrong encoding when the database is filled with python reset.py ?

Is latin1 the right encoding to use?

https://github.com/pavanw3b/sh00t/blob/master/reset.py#L23

Hi,

Got this deployed by using docker. I am facing an odd situation, the default login creds do not work, sh00t: sh00t.

Is there any way to check/reset the default password manually?

Thanks.

Django's default web server is not secure, shouldn't be used for Prod. Change the Docker and installation steps to use a production grade webserver.

How I import Default Configuration of OWASP in sh00t?

Like here inside two file

owasp_testing_guide_v4.json
wahh.json

How I import this both ? I am trying but not able to get it.

Thanks,
Keyur

Hello Bro,

I'd like to discus the option to enhance the tools creating a new feature that allows the pentester to import results from ZAP PROXY and image for the evidence that is really helpful when you have to explain how to recreate the issue that was found during the testing time frame.

On my Linux Mint 19.1 system, I had to use pip3 and python3, not pip and python, when installing. Are the install instructions wrong, or does this vary from distro to distro ?

Hi there,

it would be great to be able to mark flags as done on the overview page as some items just do not apply to the current tests and to mark them one does have to open them, mark them as done and apply the changes afterwards.

Thanks in advance.

Hi,

first of all thanks a lot for that great tool 👍

I am experiencing strange behaviour when running not in debug mode:
When I set DEBUG = True in sh00t/config.py everything runs fine, however when I set that flag to false all of the design supporting files get 404ed:

DEBUG = True

[04/Oct/2018 18:37:03] "GET /static/css/plugins/morris.css HTTP/1.1" 200 433
[04/Oct/2018 18:37:03] "GET / HTTP/1.1" 200 62593
[04/Oct/2018 18:37:03] "GET /static/font-awesome/css/font-awesome.min.css HTTP/1.1" 200 21984
[04/Oct/2018 18:37:03] "GET /static/css/bootstrap.min.css HTTP/1.1" 200 121200
[04/Oct/2018 18:37:03] "GET /static/js/jquery.cookie.js HTTP/1.1" 200 3121
[04/Oct/2018 18:37:03] "GET /static/images/sh00t-logo.png HTTP/1.1" 200 72623
[04/Oct/2018 18:37:03] "GET /static/js/bootstrap.min.js HTTP/1.1" 200 37045
[04/Oct/2018 18:37:03] "GET /static/js/side-menu.js HTTP/1.1" 200 790
[04/Oct/2018 18:37:03] "GET /static/js/jquery.js HTTP/1.1" 200 95785
[04/Oct/2018 18:37:03] "GET /static/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0 HTTP/1.1" 200 65452
[04/Oct/2018 18:41:59] "GET /app/sh0ts/new/ HTTP/1.1" 200 9231

DEBUG = False

[04/Oct/2018 18:36:36] "GET /static/css/plugins/morris.css HTTP/1.1" 404 103
[04/Oct/2018 18:36:36] "GET /static/font-awesome/css/font-awesome.min.css HTTP/1.1" 404 118
[04/Oct/2018 18:36:36] "GET /static/images/sh00t-logo.png HTTP/1.1" 404 102
[04/Oct/2018 18:36:36] "GET /static/js/jquery.js HTTP/1.1" 404 93
[04/Oct/2018 18:36:36] "GET /static/js/jquery.cookie.js HTTP/1.1" 404 100
[04/Oct/2018 18:36:36] "GET /static/js/bootstrap.min.js HTTP/1.1" 404 100
[04/Oct/2018 18:36:36] "GET /static/js/side-menu.js HTTP/1.1" 404 96

The checklist is helpful and complete system efficiently works as a project management tool for penetration testing but code size is 15 MB and dependencies size is 3.5 GB (because of anaconda)

Generally global internal projects are kept on AWS or similar cloud where volume size is not assigned enough. 3.5 GB is for dependencies is more than enough. If one uses Virtualwrapper, dependencies are not exceeding 90 MB as well as large number of projects with great database size can be availed.

Another option can be a docker compose file, where only two containers (one for python and another for postgres) can do the best trick ever. Similar way a docker image can be created in repository and once user pulls it, all it needed to run the container on 8000 port and web application can be accessed easily.

Using this great application with Anaconda is suppressing its advantages. It is very light and very useful but not with anaconda.

Thanks for making it.

Lot of collaboration and report tools/platforms like sh00t are also embedding PTES methodology in addition of OWASP or WAHH.

What is the template engine or language for templates? Is there methods to use Sh0ts data? Maybe a generic one can be added?

I install sh00t and is an amazing tool, but is posible to add django-two-factor-auth?

I try to add to my installation via docker but it breaks and dont work

Any help?

Please add definitions and use cases of Module, Master, and Template to the README file. Maybe: Module: class of activity (such as "testing error handling"), Case: strategy (such as "OSINT") and directions on how to do it, Template: ???

During a Fresh installation, the templates does not show in the methodology section

Anaconda is a python distribution that embed tons of data scientif packages, and that allow the creation of a virtual environment.
Miniconda is just conda without all packages.
So if conda is only used to create a virtual environment, why not using pure python + virtualenv instead of an eavy conda distribution?
It will be far lighter to do exactly the same thing.

Current project tags are:

• django
• security
• penetration-testing
• python

For more visibility add:

• vulnerability
• security-audit
• pentesting
• collaborative
• infosec
• vulnerability-management

Is there a way export and create a report from my findings as I use sh00t? This would make it so I am not doubling my efforts and writing a secondary report for someone that I am performing a penetration test for.

Also, ETA for Jira integration?