Generate realistic security test data for penetration testing and security validation.
Generate comprehensive security test payloads, scenarios, and test cases for security testing.
- Comprehensive Payload Library: OWASP Top 10 test payloads
- Test Scenario Management: Define and execute security test scenarios
- OWASP Coverage: Full coverage of OWASP Top 10 vulnerabilities
- Automated Test Generation: Generate test data for security testing
- Scenario Execution: Run security test scenarios
- Reporting: Generate detailed test data reports
git clone https://github.com/hallucinaut/securitytestdata.git
cd securitytestdata
go build -o securitytestdata ./cmd/securitytestdata
sudo mv securitytestdata /usr/local/bin/go install github.com/hallucinaut/securitytestdata/cmd/securitytestdata@latest# Generate SQL injection payload
securitytestdata generate sql_injection
# Generate XSS payload
securitytestdata generate xss
# Generate command injection payload
securitytestdata generate command_injection
# Generate random payload
securitytestdata generate# List all available payloads
securitytestdata list# Run security test scenarios
securitytestdata run# Generate test data report
securitytestdata report# Get scenario details
securitytestdata info sc-001package main
import (
"fmt"
"github.com/hallucinaut/securitytestdata/pkg/generator"
"github.com/hallucinaut/securitytestdata/pkg/scenario"
)
func main() {
// Create test data provider
provider := generator.NewTestDataProvider()
provider.Initialize()
// Generate random payload
payload := provider.GeneratePayload()
fmt.Printf("Payload: %s\n", payload.Payload)
fmt.Printf("Type: %s\n", payload.Type)
fmt.Printf("Severity: %s\n", payload.Severity)
// Get payloads by type
sqlPayloads := provider.GetPayloadsByType(generator.TypeSQLi)
fmt.Printf("SQL Injection Payloads: %d\n", len(sqlPayloads))
// Generate test scenarios
scenarios := scenario.CreateCommonScenarios()
fmt.Printf("Test Scenarios: %d\n", len(scenarios))
// Run scenarios
runner := scenario.NewScenarioRunner()
for _, s := range scenarios {
runner.AddScenario(s)
}
results := runner.RunAllScenarios()
fmt.Printf("Test Results: %d\n", len(results))
}- Basic SQL injection for authentication bypass
- Union-based SQL injection for data extraction
- Time-based blind SQL injection
- Error-based SQL injection
- Reflected XSS payloads
- Stored XSS payloads
- DOM-based XSS payloads
- XSS bypass techniques
- Basic command injection
- Pipe-based command injection
- Backtick command execution
- Double command injection
- Basic path traversal
- URL encoded path traversal
- Double encoded path traversal
- Basic SSRF to internal services
- Cloud metadata SSRF
- File protocol SSRF
| ID | Name | Type | Severity |
|---|---|---|---|
| sc-001 | SQL Injection Auth Bypass | sql_injection | CRITICAL |
| sc-002 | XSS Reflected Attack | xss | HIGH |
| sc-003 | Command Injection | command_injection | CRITICAL |
| sc-004 | Path Traversal | path_traversal | HIGH |
| sc-005 | SSRF to Cloud Metadata | ssrf | CRITICAL |
# Run all tests
go test ./...
# Run with coverage
go test -cover ./...
# Run specific test
go test -v ./pkg/generator -run TestGeneratePayload$ securitytestdata generate sql_injection
Generating sql_injection test payload
Available Payloads:
==================
[1] Basic SQLi
Type: sql_injection
Payload: ' OR '1'='1
Severity: CRITICAL
OWASP: A03:2021-Injection
Description: Basic SQL injection to bypass authentication
[2] Union-based SQLi
Type: sql_injection
Payload: ' UNION SELECT NULL,NULL,NULL--
Severity: CRITICAL
OWASP: A03:2021-Injection
Description: Union-based SQL injection to extract data
securitytestdata/
βββ cmd/
β βββ securitytestdata/
β βββ main.go # CLI entry point
βββ pkg/
β βββ generator/
β β βββ generator.go # Payload generation
β β βββ generator_test.go # Unit tests
β βββ scenario/
β βββ scenario.go # Test scenarios
β βββ scenario_test.go # Unit tests
βββ README.md
- Penetration Testing: Generate test payloads for pentesting
- Security Validation: Validate security controls effectiveness
- Training: Security training with realistic attack scenarios
- Tool Testing: Test security tools with known payloads
- Research: Security research and vulnerability discovery
- Use in isolated environments - Never test on production systems
- Get proper authorization - Always have written permission
- Document findings - Keep detailed records of tests
- Follow responsible disclosure - Report vulnerabilities properly
- Use test data, not real data - Protect sensitive information
MIT License
- OWASP Foundation
- Security research community
- Penetration testing professionals
Built with GPU by hallucinaut