Skip links

Sh00t – Security Testing Tool for Manual Penetration Testers

Sh00t is a Testing Environment for Manual Security Testers. It acts as a task manager to let testers focus on performing security testing. The biggest advantage is, it helps to create bug reports with customizable bug templates.

Its one of the feature is to work as a Dynamic Task Manager to replace simple editors or task management tools that are NOT meant for Security. It has automated, customizable Security test-cases Checklist to replace Evernote, OneNote or other tools which are NOT meant for Security. It manages custom bug templates for different purposes and automatically generate bug report as well as it supports multiple Assessments & Projects to logically separate one’s different needs.

Installation Guide on Linux servers :

Using Virtual env wrapper

1. Make sure you have Python 3. You can check by command

  • which python3

If you get path of Python, you have Python 3 on your system. If you do not have, you can install from here.

2. Install virtualenvwrapper.

  • pip install virtualenvwrapper

3. Find the shell file.

  • whereis

4. Suppose you get the location of the file /usr/local/bin/, now run following command to load it.

  • source /usr/local/bin/

5. Create virtual environment using python 3

  • mkvirtualenv sh00t -p /usr/bin/python3

6. Clone the project from github

  • git clone

7. Go inside the directory and Install the dependencies.

  • cd sh00t
  • pip install -r requirements.txt

8. Migrate the database

  • python migrate

9. Create super user to login.

  • python createsuperuser

10. Import 174 Security Test Cases from OWASP Testing Guide (OTG) and Web Application Hackers Handbook (WAHH)

  • python

11. Start sh00t server

  • python runserver

12. Access on your favorite browser. Login with the user credentials created above.

Now you are ready for action. Add your project and find the imported checklist under Case Master and Module Master. Verify your developed project follows the checks or not.


Contact Us

    Return to top of page