Skip to content

Add OpenCRE mapping script with safe fallback handling #1382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Nik-ui wants to merge 3 commits into from
Closed

Add OpenCRE mapping script with safe fallback handling #1382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2d43dae
Add OpenCRE mapping script with safe fallback handling
Nik-ui Apr 14, 2026
7bd1be1
Update A-Testing_Tools_Resource.md
Nik-ui Apr 15, 2026
600f324
Update A-Testing_Tools_Resource.md
Nik-ui Apr 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
106 changes: 106 additions & 0 deletions .github/json/scripts/make-json.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
#!/bin/bash
# Script to create the Json checklist file for WSTG

function join { local IFS="$1"; shift; echo "$*"; }

cd document/4-Web_Application_Security_Testing

# Start the json string
echo "{" > checklist.json
# Open categories
echo " \"categories\": {" >> checklist.json
# Iterate all category folders to get the categories
for d in */ ; do
# Split the folder name to get category and category number
# Select folders start form 01
while IFS='-' read -ra FOLD; do
if [ ${FOLD[0]} -gt 0 ]
then
# In case of multiple `-` in the category name
# Join the sections other than the first
if [ ${#FOLD[@]} -gt 2 ];then
category=$(join - ${FOLD[@]:1})
else
category=${FOLD[1]}
fi
# Start category sub section
# Add coma from the second entry of the list
if [ ${FOLD[0]} -gt 1 ];then
echo " ,\"${category%?}\": {" | tr '_' ' ' >> checklist.json
else
echo " \"${category%?}\": {" | tr '_' ' ' >> checklist.json
fi
# Get category ID from the first file
cid=`cat $d/01-* | grep "|WSTG-.*" | cut -d "|" -f 2 | sed 's/-01//'`
# Add category ID and start tests
echo " \"id\":\"${cid}\"," >> checklist.json
echo " \"tests\":[" >> checklist.json
count=0
for file in $d*.md; do
# Remove README
if [[ $file != *"README.md" ]];then
# Get test ID
tid=`cat $file | grep "|WSTG-.*" | cut -d "|" -f 2`
# If test id exists
if [ ! -z "$tid" ];then
# Add coma from the second entry of the list
if [ $count -gt 0 ];then
echo " ,{" >> checklist.json
else
echo " {" >> checklist.json
fi
# Get Objective of the test from the file
objectiveString=`awk "/## Test Objectives/{flag=1; next} /## /{flag=0} flag" $file | awk 'NF'`
objcount=0
objectives=()
# Convert Objective string to list of objectives
while read line;
do
objectives[$objcount]=`echo ${line//[$'\t\r\n']} | cut -c 3-`
objcount=$((objcount+1))
done <<< "$objectiveString"

# Get test name and reference link from the file
read -r tname < $file
tname=${tname:2}
tref=`echo $file | sed 's/.md//'`
# Add test ID, test name and reference link from the file
echo " \"name\":\"${tname}\"," >> checklist.json
echo " \"id\":\"${tid}\"," >> checklist.json
echo " \"reference\":\"https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/$tref\"," >> checklist.json
echo " \"objectives\":[" >> checklist.json
# Add objective array
objcount=0
for objective in "${objectives[@]}"
do
objcount=$((objcount+1))
# Check for the last entry of Objective and remove coma
if [ ${#objectives[@]} -eq $objcount ];then
echo " \"${objective}\"" >> checklist.json
else
echo " \"${objective}\"," >> checklist.json
fi
done
# Close Objective list
echo " ]" >> checklist.json

echo " }" >> checklist.json
count=$((count+1))
fi
fi
done
# Close tests list
echo " ]" >> checklist.json
# Close category sub section
echo " }" >> checklist.json
fi
done <<< "$d"
done
# Close categories
echo " }" >> checklist.json
# End Json string
echo "}" >> checklist.json
cat checklist.json

# Move generated file to checklists folder
mv checklist.json ../../checklists/.
36 changes: 17 additions & 19 deletions document/6-Appendix/A-Testing_Tools_Resource.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,36 +81,36 @@ The list contains only tools that are freely available to download and use (alth

### Site Mirroring

- [wget](https://www.gnu.org/software/wget/)
- [wget](https://www.gnu.org/software/wget)
- [wget for windows](https://gnuwin32.sourceforge.net/packages/wget.htm)
- [cURL](https://curl.haxx.se)
- [cURL](https://curl.se)

### Content Discovery

- [Gobuster](https://github.com/OJ/gobuster)
- [Waybackurls](https://github.com/tomnomnom/waybackurls)
- Waybackurls fetches all URLs known to the Wayback Machine for a given domain, useful for reconnaissance.
- **Usage:**
- **Usage:**

```bash
waybackurls example.com
```
```bash
waybackurls example.com
```

- [GAU (Get All URLs)](https://github.com/lc/gau)
- GAU collects URLs from multiple public archives, including the Wayback Machine and Common Crawl.
- **Usage:**
- **Usage:**

```bash
gau example.com
```
```bash
gau example.com
```

- [Unfurl](https://github.com/tomnomnom/unfurl)
- Unfurl extracts subdomains, paths, and parameters from URLs for deeper analysis.
- **Usage:**
- **Usage:**

```bash
unfurl "https://example.com/page?query=123"
```
```bash
unfurl "https://example.com/page?query=123"
```

### Port and Service Discovery

Expand Down Expand Up @@ -151,8 +151,10 @@ Browser Automation tools are used to validate the functionality of web applicati

### Open Source Tools

- [HtmlUnit](https://htmlunit.sourceforge.io) - HtmlUnit is a GUI-less browser for Java programs. It models HTML documents and provides an API to invoke pages, fill out forms, click links, and interact with JavaScript and complex AJAX libraries. It can simulate Chrome, Firefox, or Edge depending on configuration, and is typically used for automated testing or web scraping. HtmlUnit can also be used as a Selenium-compatible browser via the [htmlunit-driver](https://github.com/SeleniumHQ/htmlunit-driver). The latest stable release is 4.21.0 (`org.htmlunit:htmlunit:4.21.0`).
- [HtmlUnit](https://htmlunit.sourceforge.io)
- HtmlUnit is a GUI-less browser for Java programs. It models HTML documents and provides an API to invoke pages, fill out forms, click links, and interact with JavaScript and complex AJAX libraries.
- GitHub Repository: [HtmlUnit/htmlunit](https://github.com/HtmlUnit/htmlunit)

- [Selenium](https://www.selenium.dev)
- JavaScript based testing framework, cross-platform and provides a GUI for creating tests.

Expand All @@ -174,12 +176,8 @@ The following freely available resources provide curated comparisons and evaluat

### ZAP (Zed Attack Proxy) Documentation

Official documentation and learning resources for the ZAP (Zed Attack Proxy) dynamic application security testing tool.

- [ZAP Documentation](https://www.zaproxy.org/docs/)

### Nuclei Templates Project

A large open-source repository of vulnerability detection templates used for automated security scanning.

- [Nuclei Templates](https://github.com/projectdiscovery/nuclei-templates)