Sh00t

is a task manager to let you focus on performing security testing

provides To Do checklists of test cases

helps to create bug reports with customizable bug templates

Dynamic Task Manager to replace simple editors or task management tools that are NOT meant for Security

Automated, customizable Security test-cases Checklist to replace Evernote, OneNote or other tools which are NOT meant for Security

Manage custom bug templates for different purposes and automatically generate bug report

Support multiple Assessments & Projects to logically separate your different needs

Use like a paper - Everything's saved automatically

Export auto generated bug report into Markdown & submit blindly on HackerOne! (WIP)

Integration with JIRA, ServiceNow - Coming soon

Export bug report into Markdown - Coming soon

Customize everything under-the-hood

Sh00t requires Python 3 and a few more packages. The simplest way to set up Sh00t is using Conda Environments. However, Anaconda is optional if you have Python 3 and pip installed - you can jump to step 4 below.

Pre-requisite - One time setup:

Anaconda Prompt and run all the below commands in that window only. Install the minimal version of Anaconda: Miniconda and follow the installation instruction . Remember to reload your bash profile or restart your terminal application to avail conda command. For windows, launchand run all the below commands in that window only. Create a new Python 3 environment: conda create -n sh00t python=3.6 Activate sh00t environment: conda activate sh00t . If you see an error message like CommandNotFoundError: Your shell has not been properly configured to use 'conda activate'. , you have to manually enable conda command. Follow the instructions shown with the error message. You may have to reload your bash profile or restart your terminal. Try activating sh00t again: conda activate sh00t . You should be seeing (sh00t) XXXX$ in your terminal. Clone or download the latest project into a location of your choice: https://github.com/pavanw3b/sh00t . git clone requires installation of Git. Navigate to the folder where sh00t is cloned or downloaded & extracted: cd sh00t . Note that this is the outer-most sh00tdirectory in project files. Not sh00t/sh00t. Install Sh00t dependency packages: pip install -r requirements.txt Setup database: python manage.py migrate Create an User Account: python manage.py createsuperuser and follow the UI to create an account. Optional but recommended: Avail 174 Security Test Cases from OWASP Testing Guide (OTG) and Web Application Hackers Handbook (WAHH): python reset.py .

That's all for the first time. Follow the next steps whenever you want to start Sh00t.

Starting Sh00t:

If you have Python 3 installed on your machine, you can jump to Step 3 .

For Linux/Mac, Open Terminal. For Windows, open Anaconda Prompt . Activate sh00t environment if not on yet: conda activate sh00t Navigate to sh00t directory if not in already: cd sh00t Start Sh00t server: python manage.py runserver Access http://127.0.0.1:8000/ on your favorite browser. Login with the user credentials created in the one-time setup above. Welcome to Sh00t! Once you are done, stop the server: Ctrl + C [Optional] Deactivate sh00t environment to continue with your other work: conda deactivate .

Navigate to the folder where sh00t was cloned: cd sh00t

Stop the server if it's running: Ctrl + C

Pull the latest code base via git: git pull or download the source from github and replace the files.

Activate sh00t environment if not on yet: conda activate sh00t

Setup any additional dependencies: pip install -r requirements.txt

Make the latest database changes: python manage.py migrate

Start the server: python manage.py runserver

Sh00t is written in Python and powered by Django Web Framework. If you are stuck with any errors, Googling on the error message, should help you most of the times. If you are not sure, please file a new issue on github

Flag: A Flag is a target that is sh00ted at. It's a test case that needs to be tested. Flags are generated automatically based on the testing methodology chosen. The bug might or might not be found - but the goal is to aim and sh00t at it. Flag contains detailed steps for testing. If the bug is confirmed, then it's called a sh0t.

Sh0t: Sh0ts are bugs. Typically Sh0t contain technical description of the bug, Affected Files/URLs, Steps To Reproduce and Fix Recommendation. Most of the contents of Sh0t is one-click generated and only the dynamic content like Affected Parameters, Steps has to be changed. Sh0ts can belong to Assessment.

Assessment: Assessment is a testing assessment. It can be an assessment of an application, a program - up to the user the way wanted to manage. It's a part of project.

Project: Project contains assessments. Project can be a logical separation of what you do. It can be different job, bug bounty, up to you to decide.

How does it work?

Begin with creating a new Assessment. Choose what methodology you want to test with. Today there are 330 test cases, grouped into 86 Flags, belonging to 13 Modules which are created with reference to "Web Application Hacker's Handbook" Testing Methodology. Modules & Flags can be handpicked & customized. Once Assessments are created with the Flags, now the tester has to test them either manually, or semi automated with the help of scanners, tools or however it's required, mark it "Done" on completion. While performing assessment we often come with custom test cases that is specific to certain scenario in the application. A new Flag can be created easily at any point of time.

Whenever a Flag is confirmed to be a valid bug, a Sh0t can be created. One can choose a bug template that matches best, and sh00t will auto fill the bug report based on the template chosen.

Working on a Flag:

Choosing Methodology and Test Cases while creating a new Assessment:

Filing a bug pre-filled with a template:

Who can use Sh00t?

Application Security Engineers: Pentesting & Vulnerability Assessments

Bug bounty hunters

Independent Security Researchers

Blue team, developers who fix

Anybody who wants to hack

Implementation details: