bmt 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. checksums.yaml +4 -4
  2. data/lib/bmt/version.rb +1 -1
  3. data/lib/data/0.1/methodologies/ai_llm.json +515 -278
  4. data/lib/data/0.1/methodologies/api_testing.json +24 -52
  5. data/lib/data/0.9/mappings/templates.json +17 -0
  6. data/lib/data/0.9/mappings/templates.schema.json +62 -0
  7. data/lib/data/0.9/methodologies/active_directory.json +426 -0
  8. data/lib/data/0.9/methodologies/ai_llm.json +280 -0
  9. data/lib/data/0.9/methodologies/api_testing.json +687 -0
  10. data/lib/data/0.9/methodologies/binaries.json +252 -0
  11. data/lib/data/0.9/methodologies/internal_network.json +454 -0
  12. data/lib/data/0.9/methodologies/mobile_android.json +514 -0
  13. data/lib/data/0.9/methodologies/mobile_ios.json +452 -0
  14. data/lib/data/0.9/methodologies/network.json +207 -0
  15. data/lib/data/0.9/methodologies/template.json +83 -0
  16. data/lib/data/0.9/methodologies/website_testing.json +1078 -0
  17. data/lib/data/0.9/schema.json +124 -0
  18. metadata +21 -8
  19. /data/lib/data/{0.1 → 0.9}/methodologies/hardware_testing.json +0 -0
data/lib/data/0.1/methodologies/api_testing.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "metadata": {
3
3
  "title": "API Testing",
4
- "release_date": "2025-04-29T00:00:00+00:00",
4
+ "release_date": "2023-03-31T00:00:00+00:00",
5
5
  "description": "Bugcrowd api methodology testing",
6
6
  "vrt_version": "10.0.1"
7
7
  },
@@ -20,9 +20,9 @@
20
20
  "caption": ""
21
21
  },
22
22
  {
23
- "key": "check_api_schema_files",
24
- "title": "Check for .wsdl, .wadl, and swagger files",
25
- "description": "Check for web service description language (.wsdl/.wadl) and swagger files for SOAP/REST APIs.",
23
+ "key": "check_wsdl_files",
24
+ "title": "Check for .wsdl files",
25
+ "description": "Check for web service description language (.wsdl) files for SOAP APIs.",
26
26
  "tools": "Burp Proxy, FFUF, WFuzz, Gobuster",
27
27
  "caption": ""
28
28
  },
@@ -30,21 +30,14 @@
30
30
  "key": "check_graphql_introspection",
31
31
  "title": "Check for GraphQL Introspection",
32
32
  "description": "Check for enabled Introspection using GraphQL query.",
33
- "tools": "Burp Proxy + GraphQL Raider (BAPP), InQL (BurpSuite extension)",
34
- "caption": ""
35
- },
36
- {
37
- "key": "check_graphql_field_suggestions",
38
- "title": "Check for GraphQL Field Suggestions",
39
- "description": "Check for GraphQL Field Suggestions if Introspection Disabled.",
40
- "tools": "Clairvoyance",
33
+ "tools": "Burp Proxy + GraphQL Raider (BAPP)",
41
34
  "caption": ""
42
35
  },
43
36
  {
44
37
  "key": "search_leaked_api_keys",
45
38
  "title": "Search for leaked API Keys",
46
39
  "description": "Black box only - Search for leaked online API keys on Github, Gitlab etc.",
47
- "tools": "TruffleHog, Gitleaks",
40
+ "tools": "TruffleHog",
48
41
  "caption": ""
49
42
  },
50
43
  {
@@ -59,7 +52,7 @@
59
52
  "key": "webserver_metafiles",
60
53
  "title": "Review Webserver Metafiles for Information Leakage",
61
54
  "caption": "OTG-INFO-003, WAHHM - Recon and Analysis",
62
- "description": "Analyze robots.txt, .env, .git, metrics and identify <META> Tags from website.",
55
+ "description": "Analyze robots.txt and identify <META> Tags from website.",
63
56
  "tools": "Browser, curl, wget"
64
57
  },
65
58
  {
@@ -245,13 +238,6 @@
245
238
  "caption": "OTG-AUTHN-010, WAHHM - Test Handling of Access",
246
239
  "description": "Understand the primary mechanism and Identify other channels (Mobile App, Call center, SSO)",
247
240
  "tools": "Browser"
248
- },
249
- {
250
- "key": "jwt_misconfigurations",
251
- "title": "Testing for misconfigured JWT (Json Web Token)",
252
- "caption": "OWASP API Security Top 10 - 2023",
253
- "description": "Identify JWT flaws like allowing the None algorithm, algorithm confusion, weak secret keys, missing signature validation, etc.",
254
- "tools": "jwt_tool"
255
241
  }
256
242
  ]
257
243
  },
@@ -293,6 +279,14 @@
293
279
  "tools": "Burp Proxy, curl, swagger-ui, mitmproxy, Hackverter",
294
280
  "vrt_category": "broken_access_control"
295
281
  },
282
+ {
283
+ "key": "directory_traversal_and_file_include",
284
+ "title": "Testing Directory traversal/file include",
285
+ "caption": "OTG-AUTHZ-001, WAHHM - Test Handling of Input",
286
+ "description": "dot-dot-slash attack (../), Directory traversal, Local File inclusion/Remote File Inclusion.",
287
+ "tools": "Burp Proxy, ZAP, Wfuzz",
288
+ "vrt_category": "server_side_injection"
289
+ },
296
290
  {
297
291
  "key": "privilege_escalation",
298
292
  "title": "Testing for Privilege Escalation",
@@ -444,7 +438,7 @@
444
438
  "key": "nosql_injection",
445
439
  "title": "Testing for NoSQL injection",
446
440
  "caption": "",
447
- "description": "Identify NoSQL databases, Pass special characters (' \" \\ ; { } ), and attack with reserved variable names and operators.",
441
+ "description": "dentify NoSQL databases, Pass special characters (' \" \\ ; { } ), Attack with reserved variable name, operator.",
448
442
  "tools": "NoSQLMap"
449
443
  },
450
444
  {
@@ -517,30 +511,6 @@
517
511
  "description": "Understand the application platform, OS, folder structure, relative path and execute OS commands on a Web server.\n%3Bcat%20/etc/passwd\ntest.pdf+|+Dir C:\\ ",
518
512
  "tools": "Burp Proxy, ZAP, Commix",
519
513
  "vrt_category": "server_side_injection"
520
- },
521
- {
522
- "key": "ssrf",
523
- "title": "Testing for Server-Side Request Forgery",
524
- "caption": "OWASP API Security Top 10 - 2023",
525
- "description": "Test whether the API allows sending arbitrary or internal requests to unauthorized systems.\nUse crafted URLs to target internal IP ranges, cloud metadata endpoint (e.g., http://169.254.169.254/)",
526
- "tools": "Burp Collaborator, SSRFmap",
527
- "vrt_category": "server_security_misconfiguration"
528
- },
529
- {
530
- "key": "graphql_misconfigurations",
531
- "title": "Testing for GraphQL Misconfigurations",
532
- "caption": "WSTG - v4.2",
533
- "description": "Test GraphQL endpoint for batched abuse and alias overloading, and recursion depth limits, etc.",
534
- "tools": "GraphQL Raider, BurpSuite",
535
- "vrt_category": "server_security_misconfiguration"
536
- },
537
- {
538
- "key": "directory_traversal_and_file_include",
539
- "title": "Testing Directory traversal/file include",
540
- "caption": "OTG-AUTHZ-001, WAHHM - Test Handling of Input",
541
- "description": "dot-dot-slash attack (../), Directory traversal, Local File inclusion/Remote File Inclusion.",
542
- "tools": "Burp Proxy, ZAP, Wfuzz",
543
- "vrt_category": "server_side_injection"
544
514
  }
545
515
  ]
546
516
  },
@@ -602,7 +572,7 @@
602
572
  "key": "data_validation",
603
573
  "title": "Test Business Logic Data Validation",
604
574
  "caption": "OTG-BUSLOGIC-001, WAHHM - Test for Logic Flaws",
605
- "description": "Identify data entry points or hand off points between systems or software.\nOnce identified, insert logically invalid data into the application/system.",
575
+ "description": "Looking for data entry points or hand off points between systems or software.\nOnce found try to insert logically invalid data into the application/system.",
606
576
  "tools": "Burp Proxy, ZAP",
607
577
  "vrt_category": "broken_access_control"
608
578
  },
@@ -610,7 +580,7 @@
610
580
  "key": "forge_requests",
611
581
  "title": "Test Ability to Forge Requests",
612
582
  "caption": "OTG-BUSLOGIC-002, WAHHM - Test for Logic Flaws",
613
- "description": "Identify guessable, predictable or hidden functionality of fields.\nOnce found, try to insert logically valid data into the application/system allowing the user to go through the application/system against the normal business logic workflow.",
583
+ "description": "Looking for guessable, predictable or hidden functionality of fields.\nOnce found, try to insert logically valid data into the application/system allowing the user to go through the application/system against the normal business logic workflow.",
614
584
  "tools": "Burp Proxy, ZAP",
615
585
  "vrt_category": "server_side_injection"
616
586
  },
@@ -618,7 +588,7 @@
618
588
  "key": "integrity_check",
619
589
  "title": "Test Integrity Checks",
620
590
  "caption": "OTG-BUSLOGIC-003, WAHHM - Test for Logic Flaws",
621
- "description": "Identify parts of the application/system (components, for example, input fields, databases or logs) that move, store or handle data/information.\nFor each identified component determine what type of data/information is logically acceptable and what types the application/system should guard against. Also, consider who according to the business logic is allowed to insert, update and delete data/information and in each component.\nAttempt to insert, update or delete the data/information values with invalid data/information into each component (i.e. input, database, or log) by users that should not be allowed per the business logic workflow.",
591
+ "description": "Looking for parts of the application/system (components i.e. For example, input fields, databases or logs) that move, store or handle data/information.\nFor each identified component determine what type of data/information is logically acceptable and what types the application/system should guard against. Also, consider who according to the business logic is allowed to insert, update and delete data/information and in each component.\nAttempt to insert, update or edit delete the data/information values with invalid data/information into each component (i.e. input, database, or log) by users that .should not be allowed per the business logic workflow.",
622
592
  "tools": "Burp Proxy, ZAP",
623
593
  "vrt_category": "broken_access_control"
624
594
  },
@@ -626,7 +596,7 @@
626
596
  "key": "process_timing",
627
597
  "title": "Test for Process Timing",
628
598
  "caption": "OTG-BUSLOGIC-004, WAHHM - Test for Logic Flaws",
629
- "description": "Identify application/system functionality that may be impacted by time. Such as execution time or actions that help users predict a future outcome or allow one to circumvent any part of the business logic or workflow. For example, not completing transactions in an expected time.\nDevelop and execute the mis-use cases ensuring that attackers cannot gain an advantage based on any timing.",
599
+ "description": "Looking for application/system functionality that may be impacted by time. Such as execution time or actions that help users predict a future outcome or allow one to circumvent any part of the business logic or workflow. For example, not completing transactions in an expected time.\nDevelop and execute the mis-use cases ensuring that attackers cannot gain an advantage based on any timing.",
630
600
  "tools": "Burp Proxy, ZAP",
631
601
  "vrt_category": "server_side_injection"
632
602
  },
@@ -634,7 +604,7 @@
634
604
  "key": "usage_limits",
635
605
  "title": "Test Number of Times a Function Can be Used Limits",
636
606
  "caption": "OTG-BUSLOGIC-005, WAHHM - Test for Logic Flaws",
637
- "description": "Identify functions or features in the application or system that should not be executed more than a single time or specified number of times during the business logic workflow.\nFor each of the functions and features found that should only be executed a single time or specified number of times during the business logic workflow, develop abuse/misuse cases that may allow a user to execute more than the allowable number of times.",
607
+ "description": "Looking for functions or features in the application or system that should not be executed more than a single time or specified number of times during the business logic workflow.\nFor each of the functions and features found that should only be executed a single time or specified number of times during the business logic workflow, develop abuse/misuse cases that may allow a user to execute more than the allowable number of times.",
638
608
  "tools": "Burp Proxy, ZAP",
639
609
  "vrt_category": "broken_access_control"
640
610
  },
@@ -642,7 +612,7 @@
642
612
  "key": "workflow_circumvention",
643
613
  "title": "Testing for the Circumvention of Work Flows",
644
614
  "caption": "OTG-BUSLOGIC-006, WAHHM - Test for Logic Flaws",
645
- "description": "Identify methods to skip or go to steps in the application process in a different order from the designed/intended business logic flow.\nFor each method develop a misuse case and try to circumvent or perform an action that is 'not acceptable' per the business logic workflow.",
615
+ "description": "Looking for methods to skip or go to steps in the application process in a different order from the designed/intended business logic flow.\nFor each method develop a misuse case and try to circumvent or perform an action that is 'not acceptable' per the business logic workflow.",
646
616
  "tools": "Burp Proxy, ZAP",
647
617
  "vrt_category": "broken_access_control"
648
618
  },
@@ -685,3 +655,5 @@
685
655
  ]
686
656
  }
687
657
  }
658
+
659
+
data/lib/data/0.9/mappings/templates.json ADDED
@@ -0,0 +1,17 @@
1
+ {
2
+ "metadata": {
3
+ "title": "Methodology Taxonomy Template Mapping"
4
+ },
5
+ "content": [
6
+ {
7
+ "methodology": "website_testing",
8
+ "children": [
9
+ {
10
+ "key": "information",
11
+ "attribute": "notes",
12
+ "template": "information.md"
13
+ }
14
+ ]
15
+ }
16
+ ]
17
+ }
data/lib/data/0.9/mappings/templates.schema.json ADDED
@@ -0,0 +1,62 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-07/schema#",
3
+ "title": "Methodology Taxonomy Mapping",
4
+ "description": "Mapping to methodology taxonomy",
5
+ "definitions": {
6
+ "MappingMetadata": {
7
+ "type": "object",
8
+ "properties": {
9
+ "title": {
10
+ "type": "string",
11
+ "pattern": "^[ a-zA-Z0-9\\-+()\/,.<]*$"
12
+ }
13
+ },
14
+ "required": ["title"]
15
+ },
16
+ "BMTKey": { "type": "string", "pattern": "^[a-z_]*$" },
17
+ "Attribute": { "type": "string", "pattern": "^[a-z_]*$" },
18
+ "Template": { "type": "string", "pattern": "[a-z_.]*$" },
19
+ "Mapping": {
20
+ "type": "object",
21
+ "properties": {
22
+ "key": { "$ref": "#/definitions/BMTKey" },
23
+ "attribute": { "$ref": "#/definitions/Attribute" },
24
+ "template" : { "$ref": "#/definitions/Template" }
25
+ },
26
+ "required": ["key", "attribute", "template"],
27
+ "additionalProperties": false
28
+ },
29
+ "MappingParent": {
30
+ "type": "object",
31
+ "properties": {
32
+ "methodology": { "$ref": "#/definitions/BMTKey" },
33
+ "children": {
34
+ "type": "array",
35
+ "items" : {
36
+ "anyOf": [
37
+ { "$ref": "#/definitions/Mapping" }
38
+ ]
39
+ }
40
+ }
41
+ },
42
+ "required": ["methodology", "children"],
43
+ "additionalProperties": false
44
+ }
45
+ },
46
+ "type": "object",
47
+ "required": ["metadata", "content"],
48
+ "properties": {
49
+ "metadata": {
50
+ "$ref": "#/definitions/MappingMetadata"
51
+ },
52
+ "content": {
53
+ "type": "array",
54
+ "items" : {
55
+ "anyOf": [
56
+ { "$ref": "#/definitions/MappingParent" },
57
+ { "$ref": "#/definitions/Mapping" }
58
+ ]
59
+ }
60
+ }
61
+ }
62
+ }