ADAPT is a device that performs Automated Dynamic Utility Penetration Testing for net functions. It’s designed to extend accuracy, pace, and confidence in penetration testing efforts.
ADAPT mechanically exams for a number of trade customary OWASP High 10 vulnerabilities, and outputs categorized findings based mostly on these potential vulnerabilities. ADAPT additionally makes use of the performance from OWASP ZAP to carry out automated lively and passive scans, and auto-spidering.
Because of the versatile nature of the ADAPT device, all of theses options and exams may be enabled or disabled from the configuration file.
The way it Works
ADAPT makes use of Python to create an automatic framework to make use of trade customary instruments, resembling OWASP ZAP and Nmap, to carry out repeatable, well-designed procedures with anticipated outcomes to create an easly comprehensible report itemizing vulnerabilities detected throughout the net software.
Automated Checks:
* OTG-IDENT-004 – Account Enumeration
* OTG-AUTHN-001 – Testing for Credentials Transported over an Encrypted Channel
* OTG-AUTHN-002 – Default Credentials
* OTG-AUTHN-003 – Testing for Weak lock out mechanism
* OTG-AUTHZ-001 – Listing Traversal
* OTG-CONFIG-002 – Take a look at Utility Platform Configuration
* OTG-CONFIG-006 – Take a look at HTTP Strategies
* OTG-CRYPST-001 – Testing for Weak SSL/TLS Ciphers, Inadequate Transport Layer Safety
* OTG-CRYPST-002 – Testing for Padding Oracle
* OTG-ERR-001 – Testing for Error Code
* OTG-ERR-002 – Testing for Stack Traces
* OTG-INFO-002 – Fingerprinting the Webserver
* OTG-INPVAL-001 – Testing for Mirrored Cross website scripting
* OTG-INPVAL-002 – Testing for Saved Cross website scripting
* OTG-INPVAL-003 – HTTP Verb Tampering
* OTG-SESS-001 – Testing for Session Administration Schema
* OTG-SESS-002 – Cookie Attributes
Set up ADAPT
- Obtain newest model of ADAPT from https://github.com/secdec/ADAPT/releases
- Extract ADAPT through terminal tar -xvfz adapt.tar.gz
- Open a brand new terminal (ctrl+alt+t)
- Navigate to the newly decompressed ADAPT folder
- a. Guarantee your atmosphere has community entry
- Execute the set up script(set up.sh)
- Kind ‘./set up.sh’
- When prompted, enter your administrator’s password
- ADAPT ought to now be prepared for configuration
For Builders & Contributors
ADAPT is an open supply software program that encourages neighborhood collaboration. Collaboration requires cloning the ADAPT repository from https://github.com/secdec/adapt.
It’s inspired {that a} potential contributor clones ADAPT in a UNIX atmosphere. Cloning in a home windows atmosphere could disturb the road endings if sure settings are configured resembling autocrlf = true.
To make sure that this doesn’t happen when working in a Home windows based mostly atmosphere find your world git.config and disable autocrlf.