- Unsupervised Learning
- Posts
- Adaptive Testing Methodology [ATM]
Adaptive Testing Methodology [ATM]
[atm_form placeholder_domain=”Enter the domain to test…” submit=”GET METHODOLOGY”] [/atm_form]
[atm_results]
Here are the steps to test :domain: within :time::
[/atm_results]
How it works…
Enter the domain you want to test
Select how much time you have to perform the test
Hit the submit button
The site will give you a list of testing steps customized for the technology of the site and how much time you have
ATM is a way to help ensure that you’re performing the best testing step at any given time.
We often don’t have time to do a full test, or are asked to, “See what you can find in an hour”, and that leaves you with the task of figuring out what steps you should do and which steps to discard.
ATM helps to solve this by using crowdsourced and constantly updated testing rules from around the world, which are all maintained transparently in the ATM Github repository.
Each time the ATM service is called, the latest version of the rules is pulled and parsed so that any new rules that have been added or adjusted by the community are provided to you.
ATM is a backend service. This website is simply one available client, and you can write any client to call the service using the API below.
Unsupervised Learning — Security, Tech, and AI in 10 minutes…
Get a weekly breakdown of what's happening in security and tech—and why it matters.
You can also call a domain directly using the following URL structure:
https://danielmiessler.com/services/atm/mydomain.com/30m
The service can be called by sending a GET request to the following URL:
https://danielmiessler.com/api/atm/mydomain.com/1h
The timeout can be expressed using either unlimited or a number and a metric e.g.: 30m, the metric can be one of the following:
m: minutes
h: hours
d: days
An example of the output you will get is:
[ { "step": "Run CMSMap on the domain", "tech": "WS WP H5 PH", "time": "30M" }, { "step": "Step 1", "tech": "WS WP H5 PH", "time": "20M" }, { "step": "Step 2", "tech": "WS WP H5 PH", "time": "10M" }, { "step": "Step 3", "tech": "WS WP H5 PH", "time": "50M" }, { "step": "Step 4", "tech": "WS WP H5 PH", "time": "30M" }, { "step": "Step 5", "tech": "WS WP H5 PH", "time": "30M" } ]
Here are a few ideas I’m working on for improvements
Moving the submission of the URL and time to the POST
Building the functionality into scanners so that no requests have to come to the service (stay tuned for exciting integration updates)
Having the stack testing continue after you’re logged in, by parsing proxy logs, etc.
Enhancing the stack detection to include more technologies.
Please submit any ideas you have. Thanks!