Skip to content

akshatvg/Software-Testing--Black-Box--Facebook.com

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

dirsearch

dirsearch

 
 

ffuf

ffuf

 
 

unimap

unimap

 
 

.gitignore

.gitignore

 
 

Bug Bounty.pdf

Bug Bounty.pdf

 
 

LICENSE

LICENSE

 
 

Lighthouse Processing.jpeg

Lighthouse Processing.jpeg

 
 

Lighthouse.pdf

Lighthouse.pdf

 
 

Nessus_Advanced-Scan.pdf

Nessus_Advanced-Scan.pdf

 
 

Nessus_Advanced-Web-Scan.pdf

Nessus_Advanced-Web-Scan.pdf

 
 

README.md

README.md

 
 

Recon, tool used- findomain.txt

Recon, tool used- findomain.txt

 
 

ST- Project Review.pdf

ST- Project Review.pdf

 
 

Usability Testing.pdf

Usability Testing.pdf

 
 

Zap_Automated1.png

Zap_Automated1.png

 
 

Zap_Automated2.png

Zap_Automated2.png

 
 

Zap_Automated3.png

Zap_Automated3.png

 
 

Zap_Automated4.png

Zap_Automated4.png

 
 

Zap_Automated5.png

Zap_Automated5.png

 
 

Zap_Automated6.png

Zap_Automated6.png

 
 

dirsearch.txt

dirsearch.txt

 
 

doing-dirsearch.png

doing-dirsearch.png

 
 

doing-ffuf.png

doing-ffuf.png

 
 

doing-findomain.png

doing-findomain.png

 
 

ffuf_response.txt

ffuf_response.txt

 
 

ffuf_response_400.txt

ffuf_response_400.txt

 
 

findomain-few.txt

findomain-few.txt

 
 

findomain.txt

findomain.txt

 
 

unimap-step1.png

unimap-step1.png

 
 

unimap-step2.png

unimap-step2.png

 
 

Repository files navigation

Software Testing (Black Box) for Facebook.com

Black box testing using different tools for the Facebook website to find bugs and make test cases.

White box testing techniques analyse the internal structures the used data structures, internal design, code structure and the working of the software rather than just the functionality as in black box testing. It is also called glass box testing or clear box testing or structural testing.

Since we do not have access to the code of Facebook, we are only conducting black box (functionality) testing.

Dirsearch

git clone https://github.com/maurosoria/dirsearch.git
cd dirsearch 
python3 dirsearch.py -u https://facebook.com -e js,html

OUTPUT: Output File: /Users/akshatvg/Desktop/ST/dirsearch/reports/facebook.com/_21-12-03_01-27-15.txt

Findomain

brew install findomain
findomain -qt facebook.com > findomain.txt

Unimap

git clone https://github.com/Edu4rdSHL/unimap && cd unimap
cargo build --release
cd target/release
sudo unimap --fast-scan -f ../../../findomain.txt

NOTE: It will take a lot of time for this because number of subdomains that we got are in lakhs.

ffug- parameter fuzzing using brute force

git clone https://github.com/ffuf/ffuf && cd ffuf && go get && go build
ffuf -w ../findomain.txt -u https://facebook.com/ -H "Host: FUZZ" -mc 200 > ffuf_response.txt
ffuf -w ../findomain.txt -u https://facebook.com/ -H "Host: FUZZ" -mc 400 > ffuf_response_400.txt

Future Scope

  • Rate limiting: Vegeta to send 100 requests for login to test if the APIs rate limit a user.
  • Stress testing: K6 to check with thousands of users. The servers should auto-scale.

About

Black box testing using different tools for the Facebook website to find bugs and make test cases.

Topics

testing black-box facebook quality-assurance software-testing black-box-testing

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published