A comprehensive security testing framework with attack infrastructure, featuring CLI support and OWASP vulnerability detection.
- Direct Attack Testing: Run attacks against target URLs with configurable payloads and variations
- Scenario-based Testing: Execute YAML-based scenarios with automatic session management
- Comprehensive Testing: XSS, SQLi, SSRF, XXE, CSRF, CORS, AuthZ, and more
- Multiple Outputs: HTML, JSON, and text report formats
- Docker Support: Containerized deployment with Docker Compose
- Go 1.23+
- Node.js 18+
- SQLite 3
git clone [email protected]:r1z4x/OWASPAttackSimulator.git
cd OWASPAttackSimulator
make install-deps
make builddocker-compose up -d# Run a direct attack
simulation attack --target https://target.app
# Run a scenario
simulation scenario --file configs/scenarios/login_attack.yaml
# Generate a report
simulation report --format html --output security_report.html- Quick Start Guide - Get started in 5 minutes
- Scenario DSL - Learn the scenario language
- Architecture - System design and components
- Variation Sets - Configure attack variations
# Direct attack
simulation attack --target <url> [--payload-set <set>] [--variation-set <sets>]
# Scenario execution
simulation scenario --file <scenario.yaml> [--workers <n>] [--timeout <duration>]
# Report generation
simulation report --format <html|json|text> --output <file>
# gRPC server
simulation server [--port <port>]Configuration is managed through configs/defaults.yaml with environment variable overrides:
export SIMULATION_CONFIG=/path/to/config.yaml
export SIMULATION_DB_PATH=/path/to/database.db
export SIMULATION_LOG_LEVEL=debugmake test
make test-unit
make test-integrationWe welcome contributions! Please see our Contributing Guide for details.
This project is licensed under the MIT License - see the LICENSE file for details.
- Documentation: docs/
- Issues: GitHub Issues