TestREx is a testbed for repeatable web application security experiments.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.



This project is protected by a patent from SAP, so I had to remove everything. If you would like to get the source code, please contact me at stanislav.dashevskyi[at]unitn.it


TestREx is a testbed for repeatable exploits, which has as main features:

  • packing and running applications with their environments;
  • injecting exploits and monitoring their success; and
  • generating security reports.

We also provide a several example applications (wordpress 3.2, nodegoat and a couple of simple apps that demonstrate vulnerabilities for node.js).

Quick installation instructions (tested on Ubuntu 16.04)

  1. Run the 'scripts/install.sh' script (reboot/log out if necessary)

  2. Build the base software containers by running: sudo python [TestREx root folder]/util/build-base-images.py


Stanislav Dashevskyi, Daniel Ricardo dos Santos, Fabio Massacci, Antonino Sabetta. "TESTREX: a Testbed for Repeatable Exploits" in 7th Workshop on Cyber Security Experimentation and Test (USENIX CSET'14)