add new folder called fluency with notebook for episode 3: my first hack (#215)

* add new folder called fluency with notebook for episode 3: my first hack

* update notebook and review grammar

---------

Co-authored-by: cris <cris@criss-MacBook-Pro.local>
This commit is contained in:
Cristobal Veas 2025-07-13 10:33:33 +02:00 committed by GitHub
parent eb97f54caa
commit 259360442d
4 changed files with 775 additions and 1 deletions

View File

@ -162,7 +162,7 @@ Cybersecurity AI is a critical field, yet many groups are misguidedly pursuing i
| Episode 0: What is CAI? | Cybersecurity AI (`CAI`) explained | [![Watch the video](https://img.youtube.com/vi/nBdTxbKM4oo/0.jpg)](https://www.youtube.com/watch?v=nBdTxbKM4oo) | [![Watch the video](https://img.youtube.com/vi/FaUL9HXrQ5k/0.jpg)](https://www.youtube.com/watch?v=FaUL9HXrQ5k) |
| Episode 1: The `CAI` Framework. Vision & Ethics | Explore the core motivation behind CAI and delve into the crucial ethical principles guiding its development. Understand the motivation behind CAI and how you can actively contribute to the future of cybersecurity and the CAI framework. | <p align="center">🚧</p> | <p align="center">🚧</p> |
| Episode 2: Foundational Concepts - LLM Agents | Bridge the gap between foundational LLMs and intelligent agents, exploring how to synergize reasoning and acting for truly dynamic interactions. Learn about AI systems that don't just generate text, but actively interact within their environment. | <p align="center">🚧</p> | <p align="center">🚧</p> |
| Episode 3: Vibe-Hacking Tutorial "My first Hack" | A Vibe-Hacking guide for newbies. We demonstrate a simple web security hack using a default agent and demonstrate how to leverage tools and interpret CIA output. You'll also learn to compare different LLM models to find the best fit for your hacking endeavors. | <p align="center">🚧</p> | <p align="center">🚧</p> |
| Episode 3: Vibe-Hacking Tutorial "My first Hack" | A Vibe-Hacking guide for newbies. We demonstrate a simple web security hack using a default agent and show how to leverage tools and interpret CIA output with the help of the CAI Python API. You'll also learn to compare different LLM models to find the best fit for your hacking endeavors. | <p align="center">🚧</p> | <p align="center">🚧</p> |
| | | | |
| Annex 1: `CAI` 0.5.x release | Introduce version 0.5 of `CAI` including new multi-agent functionality, new commands such as `/history`, `/compact`, `/graph` or `/memory` and a case study showing how `CAI` found a critical security flaw in OT heap pumps spread around the world. | [![Watch the video](https://img.youtube.com/vi/OPFH0ANUMMw/0.jpg)](https://www.youtube.com/watch?v=OPFH0ANUMMw) | [![Watch the video](https://img.youtube.com/vi/Q8AI4E4gH8k/0.jpg)](https://www.youtube.com/watch?v=Q8AI4E4gH8k) |
| Annex 2: `CAI` 0.4.x release and `alias0` | Introducing version 0.4 of `CAI` with *streaming* and improved MCP support. We also introduce `alias0`, the Privacy-First Cybersecurity AI, a Model-of-Models Intelligence that implements a Privacy-by-Design architecture and obtains state-of-the-art results in cybersecurity benchmarks. | [![Watch the video](https://img.youtube.com/vi/NZjzfnvAZcc/0.jpg)](https://www.youtube.com/watch?v=NZjzfnvAZcc) | |

View File

@ -0,0 +1,542 @@
{
"cells": [
{
"cell_type": "markdown",
"id": "4bf69d18",
"metadata": {},
"source": [
"# Vibe-Hacking Tutorial \"My first Hack\" 🤖💻 \n",
"\n",
"## Hacking PortSwigger Labs with CAI Framework"
]
},
{
"cell_type": "markdown",
"id": "8a8ae509-cf6c-4954-a2d9-6f338b881bb5",
"metadata": {},
"source": [
"## 1. Introduction "
]
},
{
"cell_type": "markdown",
"id": "8ef65e02",
"metadata": {},
"source": [
"We explore how to use the **CAI Python API** to attack PortSwigger Labs. \n",
"\n",
"We combine:\n",
"- CAIs red-team agent \n",
"- PortSwiggers vulnerability lab environments \n",
"- Large Language Models (LLMs) for autonomous reasoning and payload generation\n"
]
},
{
"cell_type": "markdown",
"id": "6dd86394",
"metadata": {},
"source": [
"## 2. Objectives "
]
},
{
"cell_type": "markdown",
"id": "4b869988",
"metadata": {},
"source": [
"- Learn how LLMs assist in crafting attacks on web applications\n",
"- Test vulnerabilities using PortSwigger Web Security Academy\n",
"- Automate techniques to identify and fix vulnerabilities using CAI\n",
"- Analyse and defend using LLMs' log interpretation\n",
"- Learn how to use the CAI Python API"
]
},
{
"cell_type": "markdown",
"id": "13bdf02f",
"metadata": {},
"source": [
"### Installing Python Requirements"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "491498de",
"metadata": {},
"outputs": [],
"source": [
"%%capture\n",
"!pip install cai-framework\n",
"!pip install pandas\n",
"!pip install selenium\n",
"!pip install python-dotenv\n",
"!pip install nest-asyncio"
]
},
{
"cell_type": "markdown",
"id": "dd0449bf",
"metadata": {},
"source": [
"Because this is a Jupyter Notebook, we need to have Jupyter properly configured and running locally on our computer in order to follow this tutorial successfully. \n",
"\n",
"If you need more information on setting up Jupyter Notebook, please visit [this link](https://docs.jupyter.org/en/latest/install/notebook-classic.html)."
]
},
{
"cell_type": "markdown",
"id": "d4cf5495-f676-42fd-a784-b475e192cc9f",
"metadata": {},
"source": [
"## 3. Getting the Portswigger Labs Environment \n"
]
},
{
"cell_type": "markdown",
"id": "9d62ff80",
"metadata": {},
"source": [
"### 3.1. Importing Required Modules "
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "e3cd0541-05b0-4e95-adbf-963859768528",
"metadata": {},
"outputs": [],
"source": [
"#Portswigger web scraper bot\n",
"import utils.portswiggerbot as pb\n",
"\n",
"#Other utilities\n",
"import nest_asyncio\n",
"import os \n",
"from dotenv import load_dotenv\n",
"load_dotenv(override=True)"
]
},
{
"cell_type": "markdown",
"id": "c29987ba",
"metadata": {},
"source": [
"### 3.2. Configuration Setup"
]
},
{
"cell_type": "markdown",
"id": "c5245d3c",
"metadata": {},
"source": [
"### 3.2.1 Setting Up the CAI `.env` File\n",
"\n",
"CAI specifies in the documentation that it is necessary to set up an .env file in the same folder as this notebook. For setting up the PortSwigger environment, two additional variables have been added to the template in CAIs [.env.example](https://github.com/aliasrobotics/cai/blob/main/.env.example). So, we need to create an .env file with the following variables:\n",
"\n",
"```\n",
"PORTSWIGGER_USERNAME='your-portswigger-email'\n",
"PORTSWIGGER_PASSWORD='your-portswigger-password'\n",
"OPENAI_API_KEY='sk-123'\n",
"ANTHROPIC_API_KEY=''\n",
"OLLAMA=''\n",
"PROMPT_TOOLKIT_NO_CPR=1\n",
"CAI_STREAM=false\n",
"```\n",
"✅ Note on PortSwigger: If you dont have a PortSwigger Labs account, you can create one [here](https://portswigger.net/users/register).\n",
"\n",
"✅ Note on CAI: If you need more information on setting up the .env file, check out the [CAI documentation](https://github.com/aliasrobotics/cai/blob/main/README.md#nut_and_bolt-setup-env-file).\n"
]
},
{
"cell_type": "markdown",
"id": "b29273ba-10d2-4b1e-9ff2-e1951b45bea3",
"metadata": {},
"source": [
"### 3.2.2 Setting Up the PortSwigger Bot\n",
"\n",
"\n",
"To extract the labs, we start by initialising the PortSwigger bot and loading the username and password from the .env file. Next, we specify the number of labs <b>(N_LABS)</b> to retrieve and the type of vulnerability we want to target <b>(SECTION)</b>. The supported vulnerability sections include:\n",
"\n",
"- sql-injection\n",
"- cross-site-scripting\n",
"- cross-site-request-forgery-csrf\n",
"- clickjacking\n",
"- dom-based-vulnerabilities\n",
"- cross-origin-resource-sharing-cors\n",
"- xml-external-entity-xxe-injection\n",
"- server-side-request-forgery-ssrf\n",
"- http-request-smuggling\n",
"- os-command-injection\n",
"- server-side-template-injection\n",
"- path-traversal\n",
"- access-control-vulnerabilities\n",
"- authentication\n",
"- websockets\n",
"- web-cache-poisoning\n",
"- insecure-deserialization\n",
"- information-disclosure\n",
"- business-logic-vulnerabilities\n",
"- http-host-header-attacks\n",
"- oauth-authentication\n",
"- file-upload-vulnerabilities\n",
"- jwt\n",
"- essential-skills\n",
"- prototype-pollution\n",
"- graphql-api-vulnerabilities\n",
"- race-conditions\n",
"- nosql-injection\n",
"- api-testing\n",
"- web-llm-attacks\n",
"- web-cache-deception"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "e8fa82db-af6b-43e8-bf21-550532748675",
"metadata": {},
"outputs": [],
"source": [
"SECTION = \"cross-site-scripting\"\n",
"N_LABS = 3 # If you want to test all the labs in the section, change this to -1\n",
"USERNAME = os.getenv(\"PORTSWIGGER_USERNAME\")\n",
"PASSWORD = os.getenv(\"PORTSWIGGER_PASSWORD\")"
]
},
{
"cell_type": "markdown",
"id": "f300d6a7-c689-44c0-85a6-e4bd8f5bea31",
"metadata": {},
"source": [
"### 3.3. Getting PortSwigger labs\n",
"We can now extract the lab information by running the following line of code."
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "b90cba8c-ca4d-43fb-a417-862ceb422a0c",
"metadata": {},
"outputs": [],
"source": [
"#Initialize bot\n",
"bot = pb.Bot()\n",
"\n",
"#Login to Portswigger Academy\n",
"bot.login(USERNAME,PASSWORD)\n",
"\n",
"#Get labs urls by section or type of lab\n",
"topics = bot.choose_topic(SECTION)\n",
"\n",
"#Get lab metadata\n",
"labs = [bot.obtain_lab_information(link) for link in topics[0:N_LABS]]\n",
"\n",
"#format session cookies\n",
"cookies = bot.driver.get_cookies()\n",
"\n",
"# Define names of essential cookies\n",
"essential_cookies = {'SessionId','Authenticated_UserVerificationId','t'}\n",
"# Extract only the essential cookies\n",
"essential_cookies = [cookie for cookie in cookies if cookie['name'] in essential_cookies]"
]
},
{
"cell_type": "markdown",
"id": "ffb1233d-9952-4437-b469-b48d9fccbdea",
"metadata": {},
"source": [
"## 4. Setting Up the CAI Red Team Agent\n"
]
},
{
"cell_type": "markdown",
"id": "4cf5f7ba-8fe2-4864-b3ec-efcbf95c95e0",
"metadata": {},
"source": [
"An Agent is an intelligent component that interacts with an environment. In cybersecurity, an Agent interacts with systems and networks, using peripherals and network interfaces as sensors, reasoning about the gathered information, and then executing network actions as if they were actuators.\n",
"\n",
"In CAI, there are different types of predefined agents. You can take a look here:\n",
"- [CAI Agents](https://github.com/aliasrobotics/cai/tree/main/src/cai/agents)\n",
"\n",
"For this project, we will use the “Red Team Base Agent.” First, we need to specify the LLMs we want to use with it. We are going to use GTP 4.0."
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "769b427c",
"metadata": {},
"outputs": [],
"source": [
"os.environ[\"CAI_MODEL\"] = \"openai/gpt-4o\""
]
},
{
"cell_type": "markdown",
"id": "50ac55fa-735a-45df-a6c3-71b3acbdfc60",
"metadata": {},
"source": [
"#### 4.1. Prompts explanation\n",
"\n",
"CAI Agents work with two types of prompts:\n",
"\n",
"##### System Prompt \n",
"This prompt defines the overall context and instructs the LLMs to assume a specific role. In this case, the models goal is to identify and exploit vulnerabilities.\n",
"\n",
"✅ Note: When using the built-in Red Team Agent from CAI, the system prompt is already configured for you, so there is no need to set it manually. You can find the default template for the agent here:\n",
"- [Red Team Agent System Prompt](https://github.com/aliasrobotics/cai/blob/main/src/cai/prompts/system_red_team_agent.md)\n",
"\n",
"##### User Prompt (customizable)\n",
"\n",
"This prompt defines the specific task the agent should perform. For PortSwigger Labs, it should include:\n",
"\n",
"- The lab title (placeholder: **LAB_TITLE**)\n",
"- The lab description (placeholder: **LAB_DESCRIPTION**)\n",
"- The lab environment URL (placeholder: **LAB_ENVIRONMENT_URL**)\n",
"- Session cookies to authenticate in the lab (placeholder: **COOKIES**)\n",
"\n",
"✅ Note: We will use the following user prompt, so it is possible to modify it and interact with or create other types of prompts for LLMs.\n"
]
},
{
"cell_type": "code",
"execution_count": 1,
"id": "e51f40e5-6769-4d2d-9da5-cd8fe9e5f5cc",
"metadata": {},
"outputs": [],
"source": [
"prompt_example = f\"\"\"\n",
"attack **LAB_ENVIRONMENT_URL**\n",
"The title is **LAB_TITLE** \n",
"The description is **LAB_DESCRIPTION** \n",
"\n",
"Please consider the following mandatory rules:\n",
"1. You have to connect to the session with the cookies **COOKIES**\n",
"2. Do not stop until you try all the commands or exploits you can run and create\n",
"3. Write the explanation of what you did in an HTML format easy to understand\n",
"4. Write every payload command and the exploits you create in the format <payloadgen>HERE</payloadgen>\n",
"5. Do not create files with the payload that you generate because you have to solve the lab by yourself\n",
"\"\"\""
]
},
{
"cell_type": "markdown",
"id": "c05c5e76",
"metadata": {},
"source": [
"Now that we have explained the agent and prompts, it is time to run our first AI-powered task, but first we must choose the target lab. and format the final user prompt with the data of the lab. In this case, we are going to use the following one:"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "83b8274c",
"metadata": {},
"outputs": [],
"source": [
"lab = labs[0]\n",
"lab"
]
},
{
"cell_type": "markdown",
"id": "07d2eaa5",
"metadata": {},
"source": [
"We can take a look at the formatted user prompt."
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "2d9fbf4f",
"metadata": {},
"outputs": [],
"source": [
"user_prompt = (\n",
" prompt_example.replace(\"**LAB_ENVIRONMENT_URL**\", lab['environment_url'])\n",
" .replace(\"**LAB_TITLE**\", lab['title'])\n",
" .replace(\"**LAB_DESCRIPTION**\", lab['description'])\n",
" .replace(\"**COOKIES**\", str(essential_cookies))\n",
" )\n",
"print(user_prompt)"
]
},
{
"cell_type": "markdown",
"id": "62ee116d",
"metadata": {},
"source": [
"## 5. Attacking PortSwigger Labs with CAI Red Team Agent\n"
]
},
{
"cell_type": "markdown",
"id": "4c2ed6b8",
"metadata": {},
"source": [
"Its time to have some fun hacking PortSwigger Labs! In the code below, weve created a helper function that runs the agent asynchronously. Just call the function, and your agent will automatically interact with the target data, searching for vulnerabilities and trying to exploit them"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "bc92b04a",
"metadata": {},
"outputs": [],
"source": [
"# Import after environment setup\n",
"from cai.sdk.agents import Runner\n",
"from cai.agents.red_teamer import redteam_agent\n",
"\n",
"# Allow async in jupyter notebooks\n",
"nest_asyncio.apply()\n",
"\n",
"\n",
"#function to run the agent asynchronously\n",
"async def run_agent(message):\n",
" response = await Runner.run(redteam_agent, message)\n",
" return response\n"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "0ba39128",
"metadata": {},
"outputs": [],
"source": [
"response = await run_agent(message=user_prompt)"
]
},
{
"cell_type": "markdown",
"id": "a1573d57-eb09-418b-b5f0-a0162cf873be",
"metadata": {},
"source": [
"## 6. Result Analysis"
]
},
{
"cell_type": "markdown",
"id": "d1e7610a",
"metadata": {},
"source": [
"Now that our CAI agent has done its work, lets break down the results to understand what it found, how it exploited the target, and what the structure of the final response is. In the following code, we can see the response type and how the output is displayed."
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "75bcbe7d-4d48-4857-91bd-8bfaa3e9147f",
"metadata": {},
"outputs": [],
"source": [
"print(f\"The tipe of the response is a: {type(response)}\")\n",
"response"
]
},
{
"cell_type": "markdown",
"id": "aafbdb70",
"metadata": {},
"source": [
"### 6.1 Understanding the `RunResult`\n",
"\n",
"When we run the CAI Red Team Agent, we get back a RunResult object. \n",
"Think of it as a detailed report of everything the agent did during its hacking session. \n",
"Heres how to read it:\n",
"\n",
"\n",
"#### `input`\n",
"\n",
"This is the user prompt we gave to the agent. \n",
"\n",
"\n",
"#### `new_items`\n",
"This shows what the agent produced during the run. This considers:\n",
"\n",
"##### `MessageOutputItem`\n",
"Contains the following information:\n",
" - The agent info (Red Team Agent)\n",
" - The tools it used (like generic_linux_command to run shell commands, or execute_code to write and run exploits)\n",
" - The output, which is a clear HTML report explaining the methodology used to solve the lab.\n",
"\n",
"\n",
"#### `raw_responses`\n",
"\n",
"This is the raw output from the agent, showing exactly what text the LLM produced. \n",
"\n",
"\n",
"#### `final_output`\n",
"\n",
"This is the final, cleaned-up version of the report. \n",
"\n",
"In our example, its a complete HTML file that explains:\n",
"\n",
"- What the attack did\n",
"- The payload used:\n",
" ```html\n",
" <payloadgen><script>alert('XSS Lab')</script></payloadgen>\n",
" ```\n",
"- How to inject it into the labs search parameter\n",
"- The result and security impact"
]
},
{
"cell_type": "markdown",
"id": "2f105aaf",
"metadata": {},
"source": [
"## 7. Conclusion"
]
},
{
"cell_type": "markdown",
"id": "ae626b54",
"metadata": {},
"source": [
"In this notebook, we learned how to run a complete attack on the PortSwigger vulnerable lab using the CAI Python API. \n",
"\n",
"Now you are able to:\n",
"- Launch a CAI **Red Team Agent** \n",
"- Provide clear instructions, cookies, and payload rules\n",
"- Let the agent autonomously craft and test exploits\n",
"- Review the results step by step in a structured `RunResult`\n",
"\n",
"This shows the power of combining **LLM-driven reasoning** with real hacking tools. \n",
"You can now adapt this approach to test other labs, real applications, or integrate it into your own red teaming workflows.\n",
"\n",
"Next, try:\n",
"- Experimenting with different lab challenges on **PortSwigger Web Security Academy**\n",
"- Tuning your agent prompts for more advanced payloads\n",
"- Analysing the results to write better detection and defence rules\n",
"Happy hacking!\n",
"\n",
"# Happy hacking! 🕵️‍♂️💻🔍 "
]
}
],
"metadata": {
"kernelspec": {
"display_name": "test",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.13.5"
}
},
"nbformat": 4,
"nbformat_minor": 5
}

View File

@ -0,0 +1,199 @@
#BOT
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.chrome.service import Service
from selenium.webdriver.chrome.options import Options
import time
import random
import json
from pathlib import Path
class Bot():
def __init__(self):
"""
Initializes the MyBrowser instance.
Sets up Chrome WebDriver with headless mode and necessary arguments
for a minimal and secure browsing session. Also defines login and labs URLs.
"""
self.LOGIN_URL = 'https://portswigger.net/users'
self.LABS_URL = 'https://portswigger.net/web-security/all-labs#'
self.prefixes_filename = 'topics_prefixes.json'
self.options = Options()
for arg in ['--headless','--disable-gpu', '--no-sandbox']:
self.options.add_argument(arg)
self.driver = webdriver.Chrome(options=self.options)
def __wait_random_time(self,min_seconds=3, max_seconds=5):
"""
Waits for a random amount of time between min_seconds and max_seconds.
Args:
min_seconds (int, optional): Minimum number of seconds to wait. Defaults to 3.
max_seconds (int, optional): Maximum number of seconds to wait. Defaults to 5.
"""
duration = random.uniform(min_seconds, max_seconds)
time.sleep(duration)
def login(self,username,password):
"""
Logs in to the PortSwigger user portal using the given credentials.
Args:
username (str): The email address or username for login.
password (str): The corresponding password for the user account.
Opens the login page, waits a random time, then fills and submits the login form.
"""
#Open the login page
self.driver.get(self.LOGIN_URL)
#Wait for the page to load
self.__wait_random_time()
#Find and fill in the email field
email_input = self.driver.find_element(By.ID, "EmailAddress")
email_input.send_keys(username)
#Find and fill in the password field
password_input = self.driver.find_element(By.ID, "Password")
password_input.send_keys(password)
#Submit the login form
password_input.send_keys(Keys.RETURN)
#Wait for the page to load
self.__wait_random_time()
def choose_topic(self,topic_name='sql-injection',level=None):
"""
Extract urls of each of the labs in the selected section.
Args:
topic_name (str): the name of the topic.
Read topic prefixes files, extract links of labs based by topic section (topic_name) and returns a list of lab urls.
"""
#Read topic prefixes json file and get prefix for topic_name
current_folder = Path(__file__).parent
available_topics = json.loads(open(f'{current_folder}/{self.prefixes_filename}').read())
#If topic_name does not exists then returns empty list
try:
topic_prefix = available_topics[topic_name]
except KeyError:
print(f"Topic '{topic_name}' not found")
return []
#Go to sections urls
self.driver.get(f'{self.LABS_URL}{topic_name}')
#Find all <a> elements that have the topic prefix in the href
links = self.driver.find_elements(By.CLASS_NAME, 'flex-columns')
#Extract the href attributes
if level:
extracted_links = [link.find_element(By.TAG_NAME, 'a').get_attribute('href') for link in links if link.find_element(By.TAG_NAME, 'span').text == level]
else:
extracted_links = [link.find_element(By.TAG_NAME, 'a').get_attribute('href') for link in links]
#Filter links that contain the topic prefix
return [link for link in extracted_links if topic_name == link.split('/')[4]]
def obtain_lab_information(self,lab_url):
"""
Extract the information associated to a lab url.
Args:
lab_url (str): the url of the lab.
Extract the information associated to the lab such as Title, Description, Solution and Environment url.
"""
#Go to lab url
self.driver.get(lab_url)
#Extract type of lab from url
labtype = lab_url.split('/')[4]
#Extract title of the lab
title = self.driver.find_element(By.CLASS_NAME, 'heading-2').text
#Extract description of the lab
description_section = self.driver.find_element(By.CLASS_NAME, "section.theme-white")
paragraphs = description_section.find_elements(By.XPATH, ".//p[following-sibling::div[@class='container-buttons-left']]")
#Extract solution of the lab
solution_sections = self.driver.find_elements(By.CLASS_NAME, "component-solution")
if len(solution_sections) <=2:
#when there are no Hint section
solution_sections[0].find_element(By.TAG_NAME, 'details').click()
solution = solution_sections[0].find_element(By.CLASS_NAME, 'content').text
else:
#when there are Hint section
solution_sections[1].find_element(By.TAG_NAME, 'details').click()
solution = solution_sections[1].find_element(By.CLASS_NAME, 'content').text
#Extract url to access the lab environment
##Find the "Start lab" button and click it
start_button = self.driver.find_element(By.CLASS_NAME, 'button-orange')
start_button.click()
##Get the current tab and switch to the new tab
main_tab = self.driver.current_window_handle
lab_tab = [handle for handle in self.driver.window_handles if handle != main_tab][0]
self.driver.switch_to.window(lab_tab)
##Get the URL of the lab environment
environment_url = self.driver.current_url
##Close the new tab
self.driver.close()
##Switch back to the main tab
self.driver.switch_to.window(main_tab)
lab_info = {
'type': labtype,
'url': lab_url,
'title': title,
'description': "\n".join([p.text for p in paragraphs]),
'solution': solution,
'environment_url': environment_url
}
return lab_info
def check_solved_lab(self,lab_url):
"""
Check if lab was solved.
Args:
lab_url (str): the url of the lab.
Go to the lab url and check if status "Solved or Not Solved".
"""
#Go to lab url
self.driver.get(lab_url)
#get text of status container
lab_status = self.driver.find_element(By.CLASS_NAME, 'lab-status-icon').text
return lab_status

View File

@ -0,0 +1,33 @@
{
"sql-injection": "sql-injection",
"cross-site-scripting": "cross-site-scripting",
"cross-site-request-forgery-csrf": "csrf",
"clickjacking": "clickjacking",
"dom-based-vulnerabilities": "dom-based",
"cross-origin-resource-sharing-cors": "cors",
"xml-external-entity-xxe-injection": "xxe",
"server-side-request-forgery-ssrf": "ssrf",
"http-request-smuggling": "request-smuggling",
"os-command-injection": "os-command-injection",
"server-side-template-injection": "server-side-template-injection",
"path-traversal": "file-path-traversal",
"access-control-vulnerabilities": "access-control",
"authentication": "authentication",
"websockets": "websockets",
"web-cache-poisoning": "web-cache-poisoning",
"insecure-deserialization": "deserialization",
"information-disclosure": "information-disclosure",
"business-logic-vulnerabilities": "logic-flaws",
"http-host-header-attacks": "host-header",
"oauth-authentication": "oauth",
"file-upload-vulnerabilities": "file-upload",
"jwt": "jwt",
"essential-skills": "essential-skills",
"prototype-pollution": "prototype-pollution",
"graphql-api-vulnerabilities": "graphql",
"race-conditions": "race-conditions",
"nosql-injection": "nosql-injection",
"api-testing": "api-testing",
"web-llm-attacks": "llm-attacks",
"web-cache-deception": "web-cache-deception"
}