Sh00t is a Testing Environment for Manual Security Testers. It acts as a task manager to let testers focus on performing security testing. The biggest advantage is, it helps to create bug reports with customizable bug templates.

Its one of the feature is to work as a Dynamic Task Manager to replace simple editors or task management tools that are NOT meant for Security. It has automated, customizable Security test-cases Checklist to replace Evernote, OneNote or other tools which are NOT meant for Security. It manages custom bug templates for different purposes and automatically generate bug report as well as it supports multiple Assessments & Projects to logically separate one’s different needs.
Installation Guide on Linux servers :

Using Virtual env wrapper

  1. Make sure you have Python 3. You can check by running the command:

    which python3

    If you get the path of Python, you have Python 3 on your system. If not, install it from the official Python website.

  2. Install virtualenvwrapper:

    pip install virtualenvwrapper

  3. Find the shell file:

    whereis virtualenvwrapper.sh

  4. Suppose the file is located at /usr/local/bin/virtualenvwrapper.sh, load it using:

    source /usr/local/bin/virtualenvwrapper.sh

  5. Create a virtual environment using Python 3:

    mkvirtualenv sh00t -p /usr/bin/python3

  6. Clone the project from GitHub:

    git clone https://github.com/pavanw3b/sh00t.git

  7. Go inside the project directory and install the dependencies:

    cd sh00t
pip install -r requirements.txt

  8. Migrate the database:

    python manage.py migrate

  9. Create a superuser to log in:

    python manage.py createsuperuser

  10. Import 174 Security Test Cases from OWASP Testing Guide (OTG) and Web Application Hackers Handbook (WAHH):

    python reset.py

  11. Start the sh00t server:

    python manage.py runserver 0.0.0.0:8000

  12. Access the application in your browser:

    http://127.0.0.1:8000/

    Log in using the credentials created in the previous steps.

Now you are ready for action. Add your project and find the imported checklist under Case Master and Module Master. Verify your developed project follows the checks or not.

Awards & Recognition's

Let's Discuss Your Project!

Share the details of your project like scope or business challenges. Our team will carefully study them and then we’ll figure out the next move together.