ThreatPlaybook
Search…
Example Rundown
This is a detailed explanation of an example of a Project in ThreatPlaybook
Location of Example Code
GitHub - we45/ThreatPlaybook-Example
GitHub
Running the Example
Install - Steps
- Install mermaidJS and mermaidCLI globally:
-
-
- Create Virtualenv with Python 2.7.X
- Install the Dependencies for the example with
pip install -r requirements.txt - Install the vulnerable flask app with
docker pull abhaybhargav/vul_flask - In the robot file, make sure you edit the ZAP specific variables to the ones you have in your ZAP deployment. This includes:
- Path to the zap.sh executable. You don't need to include the sh file in the path
- Port that ZAP runs on. Mine runs on port 8090. Please feel free to change
- Install the "Export Report" add-on on ZAP
- For this example, you will need nmap installed on the machine you are running this example as well
The example gives you a perspective of how you can use ThreatPlaybook.
The app that I am using to test ThreatPlaybook is a simple REST API, running on a Docker container. It can be pulled with
docker pull abhaybhargav/vul_flaskAll of the relevant tests, yaml files, etc are in in the
Simple-API directoryAll of the
User Stories -> Abuse Cases -> Threat Scenarios are individually available (yml files) in the cases directorySecurity Tests are in the YML file in the
security_tests directory Entities and connections are in the yml file directory
entitiesRunning the Example
Once you are done with Installation, all you have to do is cd into the Simple-API directory and run:
robot SecurityTest.robotand watch the results.
All the results are written into the
results directory, including the Report.md, which is the final Markdown report.Video of the Running ThreatPlaybook
Last modified 4yr ago