# Environment Setup

This page lists down the commands for setting up the environment for Web Security Assessment

Create a `Amazon Linux` instance.

**bashrc config**

```
# Assessment Exports
export GOROOT=/usr/local/go  
export GOPATH=$HOME/go  
export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH
```

```
# Update
sudo yum update

# Docker
sudo yum search docker
sudo yum info docker
sudo yum install docker
sudo usermod -a -G docker ec2-user
newgrp docker
sudo systemctl enable docker.service
sudo systemctl start docker.service
sudo systemctl status docker.service

# Docker Compose
# Download latest release from: https://github.com/docker/compose/releases/
mkdir -p ~/.docker/cli-plugins/
curl -SL https://github.com/docker/compose/releases/download/v2.24.4/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose
chmod +x ~/.docker/cli-plugins/docker-compose
docker compose version


# Install golang
wget https://go.dev/dl/go1.21.6.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.21.6.linux-amd64.tar.gz
rm go1.21.6.linux-amd64.tar.gz


```

### Out of Bound Testing

We will use interact.sh for the testing

```
# Install interactsh server and client
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-server@latest
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest

# Generate certificates
openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt

# Run interact-sh server
sudo ~/go/bin/interactsh-server -d <domain> -cert domain.crt -privkey domain.key -t <token> -wc -hd ./payloads &

# Accessing the server (CLI)
interactsh-client -s <domain> -t <token>

# Accessing the server (Web)
docker pull projectdiscovery/interactsh-web
docker run -it -p 3000:3000 projectdiscovery/interactsh-web

# Kill the interactsh server
killall interactsh-server

```

### Reference

* <https://ott3rly.medium.com/mass-blind-server-side-testing-setup-for-bug-bounty-fa03213b1ec9>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kb.crispler.com/security/web/environment-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.