Running OWASP Exploits with K2HackBot
Run OWASP Attacks with K2HackBot.
Overview
This script runs OWASP top vulnerabilities and it gets detected by K2 Platform seamlessly. This script will install K2HackBot and run OWASP vulnerabilities.
OWASP Script
Save below script as run_owasp.sh or you can find script in demo_exploits folder of your installation.
#!/bin/bash
# Constants
application_container=k2hackbot-owasp-benchmark
application_image="k2cyber/ic-test-application:owasp-benchmark"
application_log='Tomcat 8.x started on port'
application_server_status=false
count=0
k2hackbot_root_dir=/tmp
default_hackbot_bundle="https://github.com/k2io/K2HackBot-Release/releases/download/1.0.0-rc2/K2HackBot-v1.0.0-rc2.tar.gz"
collectors_dir=${HOME}/k2-ic
mandatory_option_specified=false
# Displays the Help page
display_help() {
echo ""
echo -e "Usage: bash $0 —-mode [VALUE] —-options [VALUE]"
echo -e ""
echo -e " Example: bash $0 --mode none"
echo -e ""
echo -e "The 'mode' option supports the following value:"
echo -e " none Start the owasp-benchmark application container without K2"
echo -e " k2-no-test Start the owasp-benchmark application container with K2. Use this option to manually launch the owasp benchmark attacks and see if K2 catches them."
echo -e " k2-full-test Start the owasp-benchmark application container with K2 to run full test provided by K2. This will show most comprehensive results."
echo -e " k2-hackbot-test Start the owasp-benchmark application container with K2 and trigger the k2hackbot test. This automated vulnerability detection will be less than full test, but likely to exceed DAST scanners."
echo -e ""
echo -e "For —-mode k2-hackbot-test, you can use below options:"
echo -e " k2-email K2Cloud User Account Email"
echo -e " k2-password K2Cloud User Account Password"
echo -e " k2hackbot-bundle-url K2HackBot bundle URL"
echo -e ""
exit 1
}
# Print help page if no arguments are provided.
if [[ "$@" == "" ]]; then
display_help
exit 1
fi
opts=$(getopt \
--longoptions "mode:,k2-email:,k2-password:,k2hackbot-bundle-url:,help," \
--name "$(basename "$0")" \
--options "" \
-- "$@"
)
# Used to exit the execution if getopt command throws some error.
if [[ $? -ne 0 ]]; then
exit 1
fi
eval set --$opts
# echo $opts
# echo $opts
while [[ $# -gt 0 ]]; do
case "$1" in
--mode)
mandatory_option_specified=true
mode=$2
shift 2
;;
--k2-email)
k2m_email=$2
shift 2
;;
--k2-password)
k2m_password=$2
shift 2
;;
--k2hackbot-bundle-url)
bundle_url=$2
shift 2
;;
--help)
display_help
exit 1
;;
*)
break;;
esac
done
# Condition to check if mode is provided by the user
if ! $mandatory_option_specified; then
echo ""
echo -e "Option 'mode' is mandatory. Use bash $0 --help for more details \n"
exit 1
fi
# Validation for the mode type
if ! [[ "$mode" == "none" || "$mode" == "k2-no-test" || "$mode" == "k2-full-test" || "$mode" == "k2-hackbot-test" ]]; then
if [ "$mode" != "" ];then
echo ""
echo -e "Invalid mode used: $mode \n"
echo -e "Use bash $0 --help for more details \n"
exit 1
# display_help
fi
fi
# Validation in case when K2agent is already installed for "k2-hackbot-test" mode.
pre_validation () {
if [ "$mode" == "k2-hackbot-test" ]; then
if [ -z "$k2m_email" ]; then
echo "Verify the following and re-run the command:"
echo "1. Email MUST be passed in the argument name k2-email."
echo "2. K2Cloud User account email should not be empty."
echo ""
exit 1
fi
if [ "$k2m_password" == "" ]; then
echo "Verify the following and re-run the command:"
echo "1. Password MUST be passed in the argument name k2-password."
echo "2. K2Cloud User account password should not be empty."
echo ""
exit 1
fi
fi
}
# Check if the K2agent component is installed on the machine.
is_k2agent_installed() {
runner_process_count=$(ps -ef | grep -v grep | grep "com.k2cybersecurity.intcodeagent.Runner" | wc -l)
if [ $runner_process_count == 1 ]; then
echo ""
return 0
else
echo ""
return 1
fi
}
# Install the K2HackBot Bundle
install_k2hackbot() {
# Remove the existing K2HackBot Bundle if bundle_url is provided in the argument by the user.
if ! [ "$bundle_url" == "" ]; then
default_hackbot_bundle=$bundle_url
echo -e "\n> Removing existing K2HackBot bundle if already present in the $k2hackbot_root_dir directory."
rm -rf $k2hackbot_root_dir/K2HackBot*
fi
if [ ! -d "${k2hackbot_root_dir}/K2HackBot" ]; then
echo -e "\n> Installing K2HackBot bundle"
cd $k2hackbot_root_dir
echo " Downloading K2HackBot bundle using the URL: $default_hackbot_bundle"
wget_output=$(wget -t 2 -T 30 -O K2HackBot.tar.gz $default_hackbot_bundle > /dev/null 2>&1)
if [[ $? -ne 0 ]]; then
echo ""
echo "Network error. K2HackBot bundle cannot be downloaded."
exit 1
fi
echo " Extracting K2HackBot bundle"
tar xf K2HackBot.tar.gz
cd K2HackBot/
# Setup K2HackBot project
echo -e "\n> Setting up the K2HackBot"
bash install.sh
if [[ $? -ne 0 ]]; then
echo ""
echo -e "\nError occured setting up the K2HackBot.\n"
echo ""
exit 1
fi
else
echo "K2HackBot bundle found in $k2hackbot_root_dir directory"
fi
}
# Setup the required Environment variable for the K2HackBot Bundle
setup_path_env_variable() {
mypath="$k2hackbot_root_dir/K2HackBot/bin"
export PATH=$mypath:$PATH
export LC_ALL="en_US.UTF-8"
}
# Create K2HackBot config JSON file dynamically.
create_k2_config_json() {
# Create K2HackBot config file
echo -e "\n> Creating config file for K2HackBot"
myid=$(docker ps | grep $application_container | awk '{print $1}')
privateip=$(hostname -I | awk '{print $1}')
if [ "$k2m_email" == "" ] || [ "$k2m_password" == "" ] ; then
config_json="{'applicationIdentifier': {'containerid':'$myid'},'applicationurl': ['https://${privateip}:8443/benchmark/'], 'k2icDirectoryPath':'$collectors_dir'}"
else
config_json="{'applicationIdentifier': {'containerid':'$myid'},'applicationurl': ['https://${privateip}:8443/benchmark/'], 'k2email': '$k2m_email', 'k2password': '$k2m_password', 'k2icDirectoryPath':'$collectors_dir'}"
fi
echo $config_json > $k2hackbot_root_dir/K2HackBot/k2hackbot_config.json
sed -i "s/'/\"/g" $k2hackbot_root_dir/K2HackBot/k2hackbot_config.json
echo $config_json
}
# This method is triggerd when the mode is "k2-hackbot-test"
k2hackbot() {
is_k2agent_installed
check_k2_installation=$?
if [[ $check_k2_installation == 0 ]]; then
pre_validation
fi
minimal_setup
install_k2hackbot
setup_path_env_variable
create_k2_config_json
echo -e "\n> Starting K2HackBot\n\n"
# Start K2HackBot
k2hackbot_cmd="k2hackbot scan-web-application --config ${k2hackbot_root_dir}/K2HackBot/k2hackbot_config.json"
k2hackbot_version_cmd="k2hackbot --version"
k2hackbot_crawl_api="k2hackbot crawl-api --jsonUrl http://192.168.5.247:8080/v3/api-docs"
bash -c "$k2hackbot_cmd"
}
# This method is triggered when the mode is "k2-no-test"
# It will launch the K2agent using K2HackBot Utility and then launches the application by calling the "minimal_setup" method implicitly.
k2-no-test () {
is_k2agent_installed
check_k2_installation=$?
if ! [[ $check_k2_installation == 0 ]]; then
install_k2hackbot
setup_path_env_variable
if [ "$k2m_email" == "" ] || [ "$k2m_password" == "" ] ; then
echo -e "\nInstalling K2 components using default K2M User.\n"
k2_install_cmd="k2hackbot deploy-k2components"
else
echo "Installing K2 components using the K2Cloud User: $k2m_email."
create_k2_config_json
k2_install_cmd="k2hackbot deploy-k2components --config ${k2hackbot_root_dir}/K2HackBot/k2hackbot_config.json"
fi
bash -c "$k2_install_cmd"
is_k2agent_installed
check_k2_installation=$?
if ! [[ $check_k2_installation == 0 ]]; then
exit 1
fi
else
echo -e "K2agent is already installed. "
fi
minimal_setup
}
# This method is triggered when the mode is "k2-full-test"
# This method setup K2agent and application container by calling the k2-no-test method implicitly and finally launches the attack.
attack () {
k2-no-test
#Perform attack using attack script
docker exec -it $application_container bash -c "export JAVA_TOOL_OPTIONS=""; bash /attacks/attack.sh full cmdi sqli pathtraver xss hash trustbound weakrand ldapi securecookie xpathi "
}
# This method is triggered when the mode is "none"
# It will remove the existing application container, launch new application container and finally verify that the setup is running successfully.
minimal_setup () {
remove_existing_application_container
if [ "$mode" == "k2-hackbot-test" ]; then
is_k2agent_installed
check_k2_installation=$?
if [[ $check_k2_installation == 0 ]]; then
start_owasp_application_static_attachment
else
start_owasp_application_dynamic_attachment
fi
elif [ "$mode" == "k2-no-test" ] || [ "$mode" == "k2-full-test" ]; then
start_owasp_application_static_attachment
else
start_owasp_application_dynamic_attachment
fi
verify_application_setup
}
# Removes application container if already present.
remove_existing_application_container() {
echo -e "\n> Removing application container if already present\n"
docker rm -f $application_container > /dev/null 2>&1
}
# Launches application container with Dynamic attachment.
start_owasp_application_dynamic_attachment() {
echo -e "> Starting application docker container with DYNAMIC attachment"
cmd=$(docker run -itd -p 8443:8443 --name $application_container $application_image)
if [ $? -ne 0 ]; then
echo "$cmd"
echo "Failed to start application container."
exit 1
fi
echo ""
}
# Launches application container with Static attachment.
start_owasp_application_static_attachment() {
echo -e "> Starting application docker container with STATIC attachment"
cmd=$(docker run -itd -v $collectors_dir:/opt/k2-ic -e JAVA_TOOL_OPTIONS="-javaagent:/opt/k2-ic/K2-JavaAgent-1.0.0-jar-with-dependencies.jar" -p 8443:8443 --name $application_container $application_image)
if [ $? -ne 0 ]; then
echo "$cmd"
echo "Failed to start application container."
exit 1
fi
echo ""
}
# Validation to check that the application container is started successfully.
verify_application_setup() {
while ! $application_server_status; do
#lines=$(docker logs $application_container | grep $application_log | wc -l)
lines=$(docker logs "$application_container" | grep "$application_log" | wc -l)
echo "Waiting for application to start..."
count=$((count+1))
if [ $lines == 1 ]; then
application_server_status=true
elif [ $count == 10 ]; then
echo "ABORTED"
echo "Application did not start. Please check docker container logs."
exit 1
else
sleep 45s
fi
done
echo -e "\n> Application started successfully."
}
# Check if docker is present on the machine.
docker ps > /dev/null 2>&1
if ! [ $? -eq 0 ]; then
echo ""
echo "Either Docker is not installed on the machine or this user does not have permissions to connect to the Docker daemon socket."
echo "Please verify it and re-run the script."
echo ""
exit 1
fi
case "$mode" in
k2-hackbot-test)
echo ""
k2hackbot
;;
k2-full-test)
echo ""
attack
;;
k2-no-test)
echo ""
k2-no-test
;;
none)
echo ""
minimal_setup
;;
esac
Running OWASP Exploits Script
Usage: bash run_owasp.sh —-mode [VALUE] —-options [VALUE]
Example: bash abc.sh --mode none
The 'mode' option supports the following value:
none Start the owasp-benchmark application container without K2
k2-no-test Start the owasp-benchmark application container with K2. Use this option to manually launch the owasp benchmark attacks and see if K2 catches them.
k2-full-test Start the owasp-benchmark application container with K2 to run full test provided by K2. This will show most comprehensive results.
k2-hackbot-test Start the owasp-benchmark application container with K2 and trigger the k2hackbot test. This automated vulnerability detection will be less than full test, but likely to exceed DAST scanners.
For —-mode k2-hackbot-test, you can use below options:
k2-email K2Cloud User Account Email
k2-password K2Cloud User Account Password
k2hackbot-bundle-url K2HackBot bundle URLView Exploits
Detected Exploits will be shown on K2 Portal's Exploits Page.
Alternatively go to Exploits | K2 Portal
Last updated
Was this helpful?