Security Testing is not as simple as right click > Scan. It’s messy, a tough game. What if you had missed to test just that one thing and had to regret later?
Sh00t is a highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.
Sh00t is a task manager to let you focus on performing security testing. The platform provides To-Do checklists of test cases and helps to create bug reports with customizable bug templates.
Some of the features are:
- Dynamic Task Manager to replace simple editors or task management tools that are NOT meant for Security
- Automated, customizable Security test-cases Checklist to replace Evernote, OneNote or other tools which are NOT meant for Security
- Manage custom bug templates for different purposes and automatically generate bug report
- Support multiple Assessments & Projects to logically separate your different needs
- Use like a paper – Everything’s saved automatically
- Export auto generated bug report into Markdown & submit blindly on HackerOne! (WIP)
- Integration with JIRA, ServiceNow – Coming soon
- Export bug report into Markdown – Coming soon
- Customize everything under-the-hood
How does it work?
Begin with creating a new Assessment. Choose what methodology you want to test with. Today there are 330 test cases, grouped into 86 Flags, belonging to 13 Modules which are created with reference to “Web Application Hacker’s Handbook” Testing Methodology. Modules & Flags can be handpicked & customized. Once Assessments are created with the Flags, now the tester has to test them either manually, or semi automated with the help of scanners, tools or however it’s required, mark it “Done” on completion. While performing assessment we often come with custom test cases that is specific to certain scenario in the application. A new Flag can be created easily at any point of time.
Whenever a Flag is confirmed to be a valid bug, a Sh0t can be created. One can choose a bug template that matches best, and sh00t will auto fill the bug report based on the template chosen.
Who can use Sh00t?
- Application Security Engineers: Pentesting & Vulnerability Assessments
- Bug bounty hunters
- Independent Security Researchers
- Blue team, developers who fix
- Anybody who wants to hack
Installation:
- Install Docker if not available. Windows 10 Home users or older release users, refer the Alternative Installation instructions below.
- Pull Sh00t Docker image:
docker pull pavanw3b/sh00t:latest - Create Volume for data persistence across docker containers:
docker volume create --name sh00t - Run the container:
docker run -d -p 8000:8000 --name sh00t -v sh00t:/root/sh00t/db pavanw3b/sh00t:latest - Logon to http://127.0.0.1:8000/ on your favorite browser.
- Login with
sh00t/sh00tcredentials - To stop:
docker stop sht00t
Alternate Installations:
- Not comfortable with Docker yet? We got you covered. Installation without Docker
- Django-pro and want to set up everything on own? We got you covered too: Manual Setup
- Using a machine which does not have Hyper-V, like Windows Home? You can use Docker Toolbox and Docker Quickstart Terminal. Your Sh00t will run on the default IP of your docker:
http://YOUR_DOCKER_IP:8000/. The IP Address will be displayed on the start of the Quickstart Terminal. You can also find it withdocker-machine lsanddocker-machine ip MACHINE_NAME. - If you want to move to Docker version of Sh00t from a previous setup without loosing any of your existing data, you have to manually replace the /root/sh00/db/db.sqlite3 file on the docker container by your old sh00t setup.
Using Sh00t later:
- Start the container:
docker stop sh00t - Logon to
http://YOUR_IP:8000/on your favorite browser - Login with
sh00t/sh00tif you haven’t changed it - Stop container if you care:
docker stop sh00t
and repeat!
Upgrade
It’s important to keep your Sh00t to latest to avail feature enhancements ang bug fixes.
- Remove the existing container:
docker container rm -f sh00tDo not worry, your data is safe unless you remove the docker volume. - Pull latest docker image:
docker pull pavanw3b/sh00t:latest - Start a new container with the latest code, but still the old data:
docker run -d -p 8000:8000 --name sh00t -v sh00t:/root/sh00t/db pavanw3b/sh00t:latest
Uninstallation
In the event you want to delete all Sh00t images, containers, and volumes, the following statements may be executed. Note: This is a destructive operation and cannot be undone.
- Remove image:
docker rmi pavanw3b/sh00t:latest - Remove container:
docker rm sh00t - Remove volume:
docker volume rm sh00t:/root/sh00t/db
Troubleshoot:
Sh00t is written in Python and powered by Django Web Framework. If you are stuck with any errors, Googling on the error message, should help you most of the times. If you are not sure, please file a new issue on github.
Glossary:
- Flag: A Flag is a target that is sh00ted at. It’s a test case that needs to be tested. Flags are generated automatically based on the testing methodology chosen. The bug might or might not be found – but the goal is to aim and sh00t at it. Flag contains detailed steps for testing. If the bug is confirmed, then it’s called a sh0t.
- Sh0t: Sh0ts are bugs. Typically Sh0t contain technical description of the bug, Affected Files/URLs, Steps To Reproduce and Fix Recommendation. Most of the contents of Sh0t is one-click generated and only the dynamic content like Affected Parameters, Steps has to be changed. Sh0ts can belong to Assessment.
- Assessment: Assessment is a testing assessment. It can be an assessment of an application, a program – up to the user the way wanted to manage. It’s a part of project.
- Project: Project contains assessments. Project can be a logical separation of what you do. It can be different job, bug bounty, up to you to decide.
Screenshots:
Dashboard:
Working on a Flag:
Editing in fullscreen:
Choosing Methodology and Test Cases while creating a new Assessment:
Filing a bug pre-filled with a template:
Configruations:
