Sh00T – A Testing Environment for Manual Security Testers

Sh00T - A Testing Environment for Manual Security Testers

A Testing Environment for Manual Security Testers.


  • is a activity supervisor to allow you to concentrate on performing safety testing
  • supplies To Do checklists of check circumstances
  • helps to create bug reviews with customizable bug templates


  • Dynamic Task Manager to interchange easy editors or activity management instruments which can be NOT meant for Security
  • Automated, customizable Security check-circumstances Checklist to interchange Evernote, OneNote or different instruments that are NOT meant for Security
  • Manage customized bug templates for totally different functions and routinely generate bug report
  • Support a number of Assessments & Projects to logically separate your totally different wants
  • Use like a paper – Everything’s saved routinely
  • Export auto generated bug report into Markdown & submit blindly on HackerOne! (WIP)
  • Integration with JIRA, ServiceNow – Coming quickly
  • Export bug report into Markdown – Coming quickly
  • Customize all the pieces beneath-the-hood

Sh00t requires Python Three and some extra packages. The easiest method to arrange Sh00t is utilizing Conda Environments. However, Anaconda is non-obligatory when you have Python Three and pip put in – you possibly can soar to step 4 under.
Pre-requisite – One time setup:

  1. Install the minimal model of Anaconda: Miniconda and observe the installation instruction. Remember to reload your bash profile or restart your terminal software to avail conda command. For home windows, launch Anaconda Prompt and run all of the under instructions in that window solely.
  2. Create a brand new Python Three setting: conda create -n sh00t python=3.6
  3. Activate sh00t setting: conda activate sh00t. If you see an error message like CommandNotFoundError: Your shell has not been correctly configured to make use of 'conda activate'., it’s a must to manually allow conda command. Follow the directions proven with the error message. You could must reload your bash profile or restart your terminal. Try activating sh00t once more: conda activate sh00t. You ought to be seeing (sh00t) XXXX$ in your terminal.
  4. Clone or obtain the newest mission right into a location of your selection: git clone requires set up of Git.
  5. Navigate to the folder the place sh00t is cloned or downloaded & extracted: cd sh00t. Note that that is the outer-most sh00t listing in mission information. Not sh00t/sh00t.
  6. Install Sh00t dependency packages: pip set up -r necessities.txt
  7. Setup database: python migrate
  8. Create an User Account: python createsuperuser and observe the UI to create an account.
  9. Optional however beneficial: Avail 174 Security Test Cases from OWASP Testing Guide (OTG) and Web Application Hackers Handbook (WAHH): python

That’s all for the primary time. Follow the subsequent steps everytime you wish to begin Sh00t.
Starting Sh00t:
If you may have Python Three put in in your machine, you possibly can soar to Step 3.

  1. For Linux/Mac, Open Terminal. For Windows, open Anaconda Prompt.
  2. Activate sh00t setting if not on but: conda activate sh00t
  3. Navigate to sh00t listing if not in already: cd sh00t
  4. Start Sh00t server: python runserver
  5. Access in your favourite browser. Login with the consumer credentials created within the one-time setup above.
  6. Welcome to Sh00t!
  7. Once you might be executed, cease the server: Ctrl + C
  8. [Optional] Deactivate sh00t setting to proceed along with your different work: conda deactivate.


  • Navigate to the folder the place sh00t was cloned: cd sh00t
  • Stop the server if it is working: Ctrl + C
  • Pull the newest code base by way of git: git pull or obtain the supply from github and substitute the information.
  • Activate sh00t setting if not on but: conda activate sh00t
  • Setup any further dependencies: pip set up -r necessities.txt
  • Make the newest database adjustments: python migrate
  • Start the server: python runserver

Sh00t is written in Python and powered by Django Web Framework. If you might be caught with any errors, Googling on the error message, ought to allow you to a lot of the occasions. If you aren’t positive, please file a new issue on github.


  • Flag: A Flag is a goal that’s sh00ted at. It’s a check case that must be examined. Flags are generated routinely primarily based on the testing methodology chosen. The bug may or may not be discovered – however the purpose is to goal and sh00t at it. Flag incorporates detailed steps for testing. If the bug is confirmed, then it is known as a sh0t.
  • Sh0t: Sh0ts are bugs. Typically Sh0t include technical description of the bug, Affected Files/URLs, Steps To Reproduce and Fix Recommendation. Most of the contents of Sh0t is one-click on generated and solely the dynamic content material like Affected Parameters, Steps needs to be modified. Sh0ts can belong to Assessment.
  • Assessment: Assessment is a testing evaluation. It will be an evaluation of an software, a program – as much as the consumer the way in which needed to handle. It’s part of mission.
  • Project: Project incorporates assessments. Project generally is a logical separation of what you do. It will be totally different job, bug bounty, as much as you to determine.

How does it work?
Begin with creating a brand new Assessment. Choose what methodology you wish to check with. Today there are 330 check circumstances, grouped into 86 Flags, belonging to 13 Modules that are created on the subject of “Web Application Hacker’s Handbook” Testing Methodology. Modules & Flags will be handpicked & personalized. Once Assessments are created with the Flags, now the tester has to check them both manually, or semi automated with the assistance of scanners, instruments or nonetheless it is required, mark it “Done” on completion. While performing evaluation we regularly include customized check circumstances that’s particular to sure situation within the software. A new Flag will be created simply at any level of time.
Whenever a Flag is confirmed to be a sound bug, a Sh0t will be created. One can select a bug template that matches finest, and sh00t will auto fill the bug report primarily based on the template chosen.



Working on a Flag:

Choosing Methodology and Test Cases whereas creating a brand new Assessment:

Filing a bug pre-stuffed with a template:

Who can use Sh00t?

  • Application Security Engineers: Pentesting & Vulnerability Assessments
  • Bug bounty hunters
  • Independent Security Researchers
  • Blue staff, builders who repair
  • Anybody who needs to hack

Implementation particulars:

  • Language: Python 3
  • Framework: Django Web Framework
  • Dependencies: Django REST Framework, djnago-tables2: Managed by /necessities.txt
  • UI: Bootstrap – Responsive


  • Hari Valugonda
  • Mohd Aqeel Ahmed
  • Ajeeth Rakkappan


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.