[DMP: 2024] Pen Testing Framework

[singhalkarun]

Ticket Contents

Description

Design a framework to make Penetration testing part of CI (Github Actions)

Reference: https://github.com/olacabs/jackhammer

Goals & Mid-Point Milestone

Mid Point Milestone

Goals

Setup/Installation

No response

Expected Outcome

Acceptance Criteria

Implementation Details

Mockups/Wireframes

No response

Product Name

BharatSahAIyak

Organisation Name

SamagraX

Domain

Open Source Library

Tech Skills Needed

Linux - Internals, Networking
Github Actions

Mentor(s)

@singhalkarun

Category

Security

[aayushk9]

@singhalkarun @ChakshuGautam Is this framework supposed to be designed/developed from scratch?

[AbhimanyuSamagra]

Do not ask process related questions about how to apply and who to contact in the above ticket. The only questions allowed are about technical aspects of the project itself. If you want help with the process, you can refer instructions listed on Unstop and any further queries can be taken up on our Discord channel titled DMP queries. Here's a Video Tutorial on how to submit a proposal for a project.

[unibik]

Hello @ singhalkarun , I would like to contribute to this project . I'm interested in the idea of penetration testing frameworks. However I'm pursuing bachelor's degree in Cyber security . I would be glad if you share the idea of this project.
Do we need to write code from scratch? If so help me how to start the project. Thank you

[Himasnhu-AT]

Hi @singhalkarun ,
I have a question regarding this project. Do we need to incorporate Jackhammer into our testing process?
Here's a demo implementation I have in mind based on if we are incorporating it or not. And improvements or this I should keep in mind?

---

Using Jackhammer

If required, we can set up GitHub Actions to pull Jackhammer's image and perform comprehensive testing against our codebase.

name: Automated Testing with Jackhammer

on:
  push:
    branches:
      - main

jobs:
  test:
    runs-on: ubuntu-latest
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v2
      
    - name: Build Docker image for testing
      run: yarn setup:docker:testing
      
    - name: Run Jackhammer tests
      uses: docker://jackhammer/jackhammer # image address
      with:
        args: |
          --port 3004
          --test-type hard
          --url http://localhost:3004

---

Alternatively, Without Jackhammer

We could use a Docker image with a Linux environment and execute the following script:

#!/bin/bash
# Function to scan Docker image for open ports using nmap
scan_ports() {
    docker_image=$1
    nmap_output=$(docker run --rm $docker_image nmap -p- --open localhost | grep '^[0-9]' | cut -d'/' -f1)
    echo "Open ports for $docker_image:"
    echo "$nmap_output"
}

# Function to run Nikto on specified port
run_nikto() {
    target_port=$1
    docker run --rm c4pt/nikto -h localhost:$target_port
}

# Main function
main() {
    docker_image=$1
    scan_ports $docker_image

    read -p "Enter the port to run Nikto test on: " port
    run_nikto $port
}

# Call the main function with the Docker image name as an argument
main $1