Skip to content

README.md

Latest commit

 

History

History
253 lines (188 loc) · 6.21 KB

README.md

File metadata and controls

253 lines (188 loc) · 6.21 KB

securitytestdata - Security Test Data Generator

Go License

Generate realistic security test data for penetration testing and security validation.

Generate comprehensive security test payloads, scenarios, and test cases for security testing.

🚀 Features

  • Comprehensive Payload Library: OWASP Top 10 test payloads
  • Test Scenario Management: Define and execute security test scenarios
  • OWASP Coverage: Full coverage of OWASP Top 10 vulnerabilities
  • Automated Test Generation: Generate test data for security testing
  • Scenario Execution: Run security test scenarios
  • Reporting: Generate detailed test data reports

📦 Installation

Build from Source

git clone https://github.com/hallucinaut/securitytestdata.git
cd securitytestdata
go build -o securitytestdata ./cmd/securitytestdata
sudo mv securitytestdata /usr/local/bin/

Install via Go

go install github.com/hallucinaut/securitytestdata/cmd/securitytestdata@latest

🎯 Usage

Generate Payload

# Generate SQL injection payload
securitytestdata generate sql_injection

# Generate XSS payload
securitytestdata generate xss

# Generate command injection payload
securitytestdata generate command_injection

# Generate random payload
securitytestdata generate

List Payloads

# List all available payloads
securitytestdata list

Run Scenarios

# Run security test scenarios
securitytestdata run

Generate Report

# Generate test data report
securitytestdata report

Scenario Information

# Get scenario details
securitytestdata info sc-001

Programmatic Usage

package main

import (
    "fmt"
    "github.com/hallucinaut/securitytestdata/pkg/generator"
    "github.com/hallucinaut/securitytestdata/pkg/scenario"
)

func main() {
    // Create test data provider
    provider := generator.NewTestDataProvider()
    provider.Initialize()
    
    // Generate random payload
    payload := provider.GeneratePayload()
    fmt.Printf("Payload: %s\n", payload.Payload)
    fmt.Printf("Type: %s\n", payload.Type)
    fmt.Printf("Severity: %s\n", payload.Severity)
    
    // Get payloads by type
    sqlPayloads := provider.GetPayloadsByType(generator.TypeSQLi)
    fmt.Printf("SQL Injection Payloads: %d\n", len(sqlPayloads))
    
    // Generate test scenarios
    scenarios := scenario.CreateCommonScenarios()
    fmt.Printf("Test Scenarios: %d\n", len(scenarios))
    
    // Run scenarios
    runner := scenario.NewScenarioRunner()
    for _, s := range scenarios {
        runner.AddScenario(s)
    }
    
    results := runner.RunAllScenarios()
    fmt.Printf("Test Results: %d\n", len(results))
}

🔍 Payload Types

SQL Injection (A03:2021-Injection)

  • Basic SQL injection for authentication bypass
  • Union-based SQL injection for data extraction
  • Time-based blind SQL injection
  • Error-based SQL injection

Cross-Site Scripting (A03:2021-Injection)

  • Reflected XSS payloads
  • Stored XSS payloads
  • DOM-based XSS payloads
  • XSS bypass techniques

Command Injection (A03:2021-Injection)

  • Basic command injection
  • Pipe-based command injection
  • Backtick command execution
  • Double command injection

Path Traversal (A05:2021-Security Misconfiguration)

  • Basic path traversal
  • URL encoded path traversal
  • Double encoded path traversal

SSRF (A10:2021-Server-Side Request Forgery)

  • Basic SSRF to internal services
  • Cloud metadata SSRF
  • File protocol SSRF

📊 Test Scenarios

ID Name Type Severity
sc-001 SQL Injection Auth Bypass sql_injection CRITICAL
sc-002 XSS Reflected Attack xss HIGH
sc-003 Command Injection command_injection CRITICAL
sc-004 Path Traversal path_traversal HIGH
sc-005 SSRF to Cloud Metadata ssrf CRITICAL

🧪 Testing

# Run all tests
go test ./...

# Run with coverage
go test -cover ./...

# Run specific test
go test -v ./pkg/generator -run TestGeneratePayload

📋 Example Output

$ securitytestdata generate sql_injection

Generating sql_injection test payload

Available Payloads:
==================

[1] Basic SQLi
    Type: sql_injection
    Payload: ' OR '1'='1
    Severity: CRITICAL
    OWASP: A03:2021-Injection
    Description: Basic SQL injection to bypass authentication

[2] Union-based SQLi
    Type: sql_injection
    Payload: ' UNION SELECT NULL,NULL,NULL--
    Severity: CRITICAL
    OWASP: A03:2021-Injection
    Description: Union-based SQL injection to extract data

🏗️ Architecture

securitytestdata/
├── cmd/
│   └── securitytestdata/
│       └── main.go          # CLI entry point
├── pkg/
│   ├── generator/
│   │   ├── generator.go    # Payload generation
│   │   └── generator_test.go # Unit tests
│   └── scenario/
│       ├── scenario.go     # Test scenarios
│       └── scenario_test.go # Unit tests
└── README.md

🔒 Security Use Cases

  • Penetration Testing: Generate test payloads for pentesting
  • Security Validation: Validate security controls effectiveness
  • Training: Security training with realistic attack scenarios
  • Tool Testing: Test security tools with known payloads
  • Research: Security research and vulnerability discovery

🛡️ Best Practices

  1. Use in isolated environments - Never test on production systems
  2. Get proper authorization - Always have written permission
  3. Document findings - Keep detailed records of tests
  4. Follow responsible disclosure - Report vulnerabilities properly
  5. Use test data, not real data - Protect sensitive information

📄 License

MIT License

🙏 Acknowledgments

  • OWASP Foundation
  • Security research community
  • Penetration testing professionals

🔗 Resources

Built with GPU by hallucinaut