Sh00t is a Testing Environment for Manual Security Testers. It acts as a task manager to let testers focus on performing security testing. The biggest advantage is, it helps to create bug reports with customizable bug templates.
Its one of the feature is to work as a Dynamic Task Manager to replace simple editors or task management tools that are NOT meant for Security. It has automated, customizable Security test-cases Checklist to replace Evernote, OneNote or other tools which are NOT meant for Security. It manages custom bug templates for different purposes and automatically generate bug report as well as it supports multiple Assessments & Projects to logically separate one’s different needs.
Installation Guide on Linux servers :
Using Virtual env wrapper
1. Make sure you have Python 3. You can check by command
- which python3
If you get path of Python, you have Python 3 on your system. If you do not have, you can install from here.
2. Install virtualenvwrapper.
- pip install virtualenvwrapper
3. Find the shell file.
- whereis virtualenvwrapper.sh
4. Suppose you get the location of the file /usr/local/bin/virtualenvwrapper.sh, now run following command to load it.
- source /usr/local/bin/virtualenvwrapper.sh
5. Create virtual environment using python 3
- mkvirtualenv sh00t -p /usr/bin/python3
6. Clone the project from github
- git clone https://github.com/pavanw3b/sh00t.git
7. Go inside the directory and Install the dependencies.
- cd sh00t
- pip install -r requirements.txt
8. Migrate the database
- python manage.py migrate
9. Create super user to login.
- python manage.py createsuperuser
10. Import 174 Security Test Cases from OWASP Testing Guide (OTG) and Web Application Hackers Handbook (WAHH)
- python reset.py
11. Start sh00t server
- python manage.py runserver 0.0.0.0:8000
12. Access http://127.0.0.1:8000/ on your favorite browser. Login with the user credentials created above.
Now you are ready for action. Add your project and find the imported checklist under Case Master and Module Master. Verify your developed project follows the checks or not.