A reinforced version of the Wavsep evaluation platform.
Added ≃ 80 GET/POST new cases:
Homepage and pages restyling.
Integrated the WAVSEP benchmark version 1.7
Added jar libraries for use with mysql 8.0.22 and to execute new XSS and SQLI scenarios (e.g. sectooladdict.jar).
Solved some bugs.
The environment is actually composed of 1405 vulnerable test cases:
The benchmark also contains 40 non-vulnerable test cases:
WAVSEP is vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners.
To use it with docker-compose
:
docker-compose up # docker compose up
To use it with docker
:
docker network create wavsep-net
docker run --rm -d --net wavsep-net --name wavsepdb nsunina/wavsep-db:v1.8
docker run --rm -d --net wavsep-net -p 18080:8080 --name wavsep nsunina/wavsep:v1.8
The wavsep will run on http://0.0.0.0:18080
.
To stop it:
docker-compose down
if you are using docker-compose
, otherwise:
docker rm -f wavsep
docker rm -f wavsepdb
docker network rm wavsep-net
To run in development mode:
mvn compile
docker-compose -f docker-compose-dev.yml up
When you change the code, recompile the project, and run the following:
mvn package
All the changes will be updated.
(1) Download & Install OpenJdk (suggested >= 11.x).
(2) Download & install Apache Tomcat (suggested >= 8.x).
(3) Download & install MySQL Community Server 8.0.22 (sudo apt install mysql-server).
(3) Copy the wavsep.war file into the tomcat webapps directory.
(4) Restart the application server.
Example of installation with new setup (January 2021):
(1) JDK:
sudo apt install openjdk-11-jdk
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
java --version
(2) Apache Tomcat:
mkdir /opt/tomcat
cd /opt/tomcat
wget http://apache.spinellicreations.com/tomcat/tomcat-8/v8.5.32/bin/apache-tomcat-8.5.32.tar.gz
tar xvzf apache-tomcat-8.5.32.tar.gz
export CATALINA_HOME=/opt/tomcat/apache-tomcat-8.5.32
~/.bashrc
$CATALINA_HOME/bin/startup.sh
(3) MySQL Community Server:
sudo apt update
sudo apt install mysql-server
sudo mysql_secure_installation (During installation select 'N', 0, enter root password, 'Y')
systemctl status mysql.service
(4) Build the wavsep application and copy it in the tomcat folder
Create the package with mvn package
and copy the wavsep.war file into the tomcat webapps directory (with git):
cd /opt/tomcat/webapps/
mv /path/to/wavsep.war/ .
(ii) Restart the application server:
$CATALINA_HOME/bin/startup.sh
or
cd/opt/tomcat/bin/
./startup.sh
Run the environment with the modern or old-style approach, then the wavsep benchmark is available at the following link:
http://0.0.0.0:18080
Now you can configure the database:
``http://127.0.0.1:18080/wavsep/wavsep-install/index.jsp
Although some of the test cases are vulnerable to additional exposures, the purpose of each test case is to evaluate the detection accuracy of one type of exposure, and thus, “out of scope” exposures should be ignored when evaluating the accuracy of vulnerability scanners.
Note: To use SQLI labs correctly there is a .jsp page whose purpose is to create and populate the necessary database tables. To do this, visit the URL "/wavsep/wavsep-install/install.jsp", and follow instructions.
The repo includes a utils
folder that contains several utility modules:
print_requests.py
module that can be used to print all the requests. expected_results_generator.py
module that can be used to generate a csv
file compliant with the OWASP Benchmarking Utility suite. To run the crawler:
usage: run_crawler.py [-h] [proxy-host] [proxy-port] [category] [harfile]
Run crawler
positional arguments:
proxy-host
proxy-port
category
harfile
options:
-h, --help show this help message and exit
The crawler requires a running instance on localhost:18080
To print the requests:
usage: print_requests.py [-h] [category] [harfile]
Run crawler
positional arguments:
category
harfile
options:
-h, --help show this help message and exit
An utility script:
source wavsep-utils.sh
to enable the several functions.
Then you can use the following commands:
print_sql
: to print the sql test casesIn order to change a test-case:
pom.xml
patch version mvn package
to create the war
file. docker-compose -f docker-compose-dev.yml up
When you complete a feature:
image version
in the pom.xml
and in the Makefile
make push
to push the image in the remote repositoyTo fix it, check if the wavsep-enhancement-xxx
is a folder, and remove it.
rm -rf target/wavsep-enhancement-1.8.1-SNAPSHOT*
failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "...Wavsep/target/wavsep-enhancement-1.8.1-SNAPSHOT.war" to rootfs at "/usr/local/tomcat/webapps/wavsep.war": mount /.../Reinforced-Wavsep/target/wavsep-enhancement-1.8.1-SNAPSHOT.war:/usr/local/tomcat/webapps/wavsep.war (via /proc/self/fd/6), flags: 0x5000: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
To fix this error, run docker-compose down
and then restart with the steps described in the development mode.
Copyright © 2020, Luigi Urbano, Università degli Studi di Napoli Federico II
Copyright © 2014, Shay Chen
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
If you find this code useful in your research, please, consider citing our paper:
@inproceedings{Urbano2022,
doi = {10.1109/icecet55527.2022.9872956},
year = {2022},
month = jul,
publisher = {{IEEE}},
author = {Luigi Urbano and Gaetano Perrone and Simon Pietro Romano},
title = {Reinforced {WAVSEP}: a Benchmarking Platform for Web Application Vulnerability Scanners},
booktitle = {2022 International Conference on Electrical, Computer and Energy Technologies ({ICECET})}
}
Distributed under the GPL v3 License. See LICENSE.txt for more information.