{"id":24678679,"url":"https://github.com/contrast-security-oss/sheepdog","last_synced_at":"2025-10-08T11:31:21.323Z","repository":{"id":14548339,"uuid":"66395696","full_name":"Contrast-Security-OSS/sheepdog","owner":"Contrast-Security-OSS","description":null,"archived":false,"fork":false,"pushed_at":"2024-10-03T17:22:17.000Z","size":73729,"stargazers_count":17,"open_issues_count":6,"forks_count":9,"subscribers_count":33,"default_branch":"master","last_synced_at":"2025-09-30T19:00:00.947Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Contrast-Security-OSS.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-08-23T19:11:50.000Z","updated_at":"2024-10-24T08:19:28.000Z","dependencies_parsed_at":"2022-09-19T21:15:42.651Z","dependency_job_id":null,"html_url":"https://github.com/Contrast-Security-OSS/sheepdog","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Contrast-Security-OSS/sheepdog","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fsheepdog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fsheepdog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fsheepdog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fsheepdog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Contrast-Security-OSS","download_url":"https://codeload.github.com/Contrast-Security-OSS/sheepdog/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fsheepdog/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278934167,"owners_count":26071364,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-26T13:17:57.046Z","updated_at":"2025-10-08T11:31:17.681Z","avatar_url":"https://github.com/Contrast-Security-OSS.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"Sheepdog\n========\n\n\u003cimg src=\"http://contrast-security-oss.github.io/meow/images/sheepdog-cat.png\" alt=\"Image of SheepDogCat\" width=\"200\"/\u003e\n\nSheepdog is a simple tool to generate normal and attack traffic for OWASP WebGoat. It can be used with security technologies like WAF and RASP in demonstrations and to verify that they are doing a tiny piece of what they are supposed to do. Sheepdog is not intended to be an exhaustive set of security tests. It has some basic SQL injection, XSS, path traversal, and that kind of thing.\n\nSimply start WebGoat with:\n\n\u003e java -jar webgoat-container-7.0.1-war-exec.jar\n\nThen in another window start sheepdog with:\n\n\u003e java -jar sheepdog-1.0.jar\n\nThere are several configurable properties that you can use to simulate a variety of crawls/attacks. Note that SheepDog sends an X-Forwarded-For header with random IP address for each attack thread.\n\n\u003e Usage: java -jar sheepdog.jar\n\u003e\n\u003e   -t threads (default 3)\n\u003e\n\u003e   -s seconds (default 60)\n\u003e\n\u003e   -d delay milliseconds between requests (default -1)\n\u003e\n\u003e   -a attack percentage (default 50)\n\u003e\n\u003e   -p port for WebGoat (default 8080)\n\u003e\n\u003e   -v verbose\n\n\n## Sample usage\n\n\t$ java -jar target/sheepdog-1.0-SNAPSHOT.jar -t 3 -s 3600 -d 1000 -a 50\n        Usage: java -jar sheepdog.jar [-t -s -d -a -p -v]\n        Using default value for flag 'p', using 8080\n        Starting 3 attack threads, each with:\n          3600 seconds\n          1000ms delay between requests\n          50% attack parameters\n          target: http://localhost:8080/WebGoat/\n\n          Starting AttackThread (110.104.52.59) \n          Starting AttackThread (93.65.24.224)\n          Starting AttackThread (161.144.64.146)\n\t\n\tPOST from 238.20.254.102 to http://localhost:8080/WebGoat/j_spring_security_check\n\t   [username=guest, password=guest]\n\t   HTTP/1.1 302 Found\n\t\n\tPOST from 93.65.24.224 to http://localhost:8080/WebGoat/j_spring_security_check\n\t   [username=guest, password=guest]\n\t   HTTP/1.1 302 Found\n\t\n\tPOST from 161.144.64.146 to http://localhost:8080/WebGoat/j_spring_security_check\n\t   [username=guest, password=guest]\n\t   HTTP/1.1 302 Found\n\t\n\tPOST from 161.144.64.146 to http://localhost:8080/WebGoat/attack?Screen=733\u0026menu=1200\n\t   [SUBMIT=zoees822]\n\t   HTTP/1.1 200 OK\n\t\n\tPOST from 93.65.24.224 to http://localhost:8080/WebGoat/attack?Screen=534\u0026menu=1900\n\t   [id=sztol903, SUBMIT=rjeee272]\n\t   HTTP/1.1 200 OK\n\t\n\tPOST from 161.144.64.146 to http://localhost:8080/WebGoat/attack?Screen=726\u0026menu=200\u0026stage=1\n\t   [action=' or 112=112--]\n\t   HTTP/1.1 200 OK\n\t\n\tPOST from 161.144.64.146 to http://localhost:8080/WebGoat/attack?Screen=737\u0026menu=1100\u0026stage=3\n\t   [action=' or 1+2=3 --]\n\t   HTTP/1.1 200 OK\n\t\n\tPOST from 93.65.24.224 to http://localhost:8080/WebGoat/attack?Screen=498\u0026menu=1300\n\t   [clear_user=\u003e\u003cscript\u003ealert(1)\u003c/script\u003e, clear_pass=\u003e\u003cscript\u003ealert(1)\u003c/script\u003e, Submit=ctyna446]\n\t   HTTP/1.1 200 OK\n\n\n\n## Who made this?\nThis project is sponsored by [Contrast Security](http://www.contrastsecurity.com/) and released under the MIT license.\n\n![Contrast Security Logo](https://www.contrastsecurity.com/hs-fs/hubfs/Contrast_Security-2016/Image/LOGOContrastSec.SVG.svg?t=1488557782361\u0026width=199\u0026name=LOGOContrastSec.SVG.svg \"Contrast Logo\")\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontrast-security-oss%2Fsheepdog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcontrast-security-oss%2Fsheepdog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontrast-security-oss%2Fsheepdog/lists"}