Created
January 2, 2026 15:28
-
-
Save jasnow/2032ddd9679dc0613de7a036e91a1aeb to your computer and use it in GitHub Desktop.
Railsgoat (1/2/2026) output (removed stack trace lines)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Randomized with seed 27045 | |
| *Capybara starting Puma... | |
| * Version 6.6.1, codename: Return to Forever | |
| * Min threads: 0, max threads: 4 | |
| * Listening on http://127.0.0.1:36139 | |
| *.......*******.........................***** | |
| Pending: (Failures listed here are expected and do not affect your suite's status) | |
| 1) password complexity one | |
| Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Lack-of-Password-Complexity | |
| # No reason given | |
| Failure/Error: | |
| within(".signup") do | |
| fill_in "user_email", with: new_user_email | |
| fill_in "user_first_name", with: normal_user.first_name | |
| fill_in "user_last_name", with: normal_user.last_name + "not" | |
| fill_in "user_password", with: "password" | |
| fill_in "user_password_confirmation", with: "password" | |
| end | |
| Capybara::ElementNotFound: | |
| Unable to find css ".signup" | |
| # ./spec/vulnerabilities/password_complexity_spec.rb:16:in `block (2 levels) in <top (required)>' | |
| 2) csrf attack | |
| Tutorial: https://github.com/OWASP/railsgoat/wiki/R4-A8-CSRF | |
| # No reason given | |
| Failure/Error: visit "/" | |
| Selenium::WebDriver::Error::InvalidArgumentError: | |
| binary is not a Firefox executable | |
| # <internal:kernel>:90:in `tap' | |
| # ./spec/vulnerabilities/csrf_spec.rb:14:in `block (2 levels) in <top (required)>' | |
| # ------------------ | |
| # --- Caused by: --- | |
| # Selenium::WebDriver::Error::WebDriverError: | |
| # | |
| 3) sql injection attack | |
| Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-A1-SQL-Injection-Concatentation | |
| # No reason given | |
| Failure/Error: | |
| within(".signup") do | |
| fill_in "email", with: user.email | |
| fill_in "password", with: user.clear_password | |
| end | |
| Capybara::ElementNotFound: | |
| Unable to find css ".signup" | |
| # ./spec/support/capybara_shared.rb:40:in `login' | |
| # ./spec/vulnerabilities/sql_injection_spec.rb:16:in `block (2 levels) in <top (required)>' | |
| 4) improper password hashing with just md5 | |
| Tutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage | |
| # No reason given | |
| Failure/Error: expect(normal_user.password).not_to eq(Digest::MD5.hexdigest(new_pass)) | |
| expected: value != "b56d58cc23f979a5cb9e027c5b87c2b4" | |
| got: "b56d58cc23f979a5cb9e027c5b87c2b4" | |
| (compared using ==) | |
| # ./spec/vulnerabilities/password_hashing_spec.rb:18:in `block (2 levels) in <top (required)>' | |
| 5) command injection attack | |
| Tutorial: https://github.com/OWASP/railsgoat/wiki/A1-Command-Injection | |
| # No reason given | |
| Failure/Error: visit "/" | |
| Selenium::WebDriver::Error::InvalidArgumentError: | |
| binary is not a Firefox executable | |
| # <internal:kernel>:90:in `tap' | |
| # ./spec/support/capybara_shared.rb:39:in `login' | |
| # ./spec/vulnerabilities/command_injection_spec.rb:14:in `block (2 levels) in <top (required)>' | |
| # ------------------ | |
| # --- Caused by: --- | |
| # Selenium::WebDriver::Error::WebDriverError: | |
| # | |
| 6) mass assignment attack one | |
| # No reason given | |
| Failure/Error: | |
| within(".signup") do | |
| fill_in "email", with: user.email | |
| fill_in "password", with: user.clear_password | |
| end | |
| Capybara::ElementNotFound: | |
| Unable to find css ".signup" | |
| # ./spec/support/capybara_shared.rb:40:in `login' | |
| # ./spec/vulnerabilities/mass_assignment_spec.rb:14:in `block (2 levels) in <top (required)>' | |
| 7) mass assignment attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R4-Extras-Mass-Assignment-Admin-Role | |
| # No reason given | |
| Failure/Error: expect(User.find_by(email: "hackety@h4x0rs.c0m").admin).to be_falsy | |
| expected: falsey value | |
| got: true | |
| # ./spec/vulnerabilities/mass_assignment_spec.rb:36:in `block (2 levels) in <top (required)>' | |
| 8) url access attack | |
| Tutorial: https://github.com/OWASP/railsgoat/wiki/A7-Missing-Function-Level-Access-Control--(Admin-Controller) | |
| # No reason given | |
| Failure/Error: visit "/" | |
| Selenium::WebDriver::Error::InvalidArgumentError: | |
| binary is not a Firefox executable | |
| # <internal:kernel>:90:in `tap' | |
| # ./spec/support/capybara_shared.rb:39:in `login' | |
| # ./spec/vulnerabilities/url_access_spec.rb:14:in `block (2 levels) in <top (required)>' | |
| # ------------------ | |
| # --- Caused by: --- | |
| # Selenium::WebDriver::Error::WebDriverError: | |
| # | |
| 9) xss attack | |
| Tutorial: https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting | |
| # No reason given | |
| Failure/Error: visit "/" | |
| Selenium::WebDriver::Error::InvalidArgumentError: | |
| binary is not a Firefox executable | |
| # <internal:kernel>:90:in `tap' | |
| # ./spec/support/capybara_shared.rb:39:in `login' | |
| # ./spec/vulnerabilities/xss_spec.rb:14:in `block (2 levels) in <top (required)>' | |
| # ------------------ | |
| # --- Caused by: --- | |
| # Selenium::WebDriver::Error::WebDriverError: | |
| # | |
| 10) unvalidated redirect attack | |
| Tutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to) | |
| # No reason given | |
| Failure/Error: visit "/?url=http://example.com/do/evil/things" | |
| Selenium::WebDriver::Error::InvalidArgumentError: | |
| binary is not a Firefox executable | |
| # <internal:kernel>:90:in `tap' | |
| # ./spec/vulnerabilities/unvalidated_redirects_spec.rb:14:in `block (2 levels) in <top (required)>' | |
| # ------------------ | |
| # --- Caused by: --- | |
| # Selenium::WebDriver::Error::WebDriverError: | |
| # | |
| 11) insecure direct object reference attack one | |
| # No reason given | |
| Failure/Error: | |
| within(".signup") do | |
| fill_in "email", with: user.email | |
| fill_in "password", with: user.clear_password | |
| end | |
| Capybara::ElementNotFound: | |
| Unable to find css ".signup" | |
| # ./spec/support/capybara_shared.rb:40:in `login' | |
| # ./spec/vulnerabilities/insecure_dor_spec.rb:14:in `block (2 levels) in <top (required)>' | |
| 12) insecure direct object reference attack two | |
| Tutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference | |
| # No reason given | |
| Failure/Error: | |
| within(".signup") do | |
| fill_in "email", with: user.email | |
| fill_in "password", with: user.clear_password | |
| end | |
| Capybara::ElementNotFound: | |
| Unable to find css ".signup" | |
| # ./spec/support/capybara_shared.rb:40:in `login' | |
| # ./spec/vulnerabilities/insecure_dor_spec.rb:25:in `block (2 levels) in <top (required)>' | |
| 13) broken_auth two | |
| Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration | |
| # No reason given | |
| Failure/Error: | |
| within(".signup") do | |
| fill_in "email", with: normal_user.email | |
| fill_in "password", with: normal_user.clear_password + "not" | |
| end | |
| Capybara::ElementNotFound: | |
| Unable to find css ".signup" | |
| # ./spec/vulnerabilities/broken_auth_spec.rb:30:in `block (2 levels) in <top (required)>' | |
| 14) broken_auth one | |
| Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration | |
| # No reason given | |
| Failure/Error: | |
| within(".signup") do | |
| fill_in "email", with: wrong_email | |
| fill_in "password", with: normal_user.clear_password | |
| end | |
| Capybara::ElementNotFound: | |
| Unable to find css ".signup" | |
| # ./spec/vulnerabilities/broken_auth_spec.rb:17:in `block (2 levels) in <top (required)>' | |
| Finished in 10.68 seconds (files took 3.53 seconds to load) | |
| 46 examples, 0 failures, 14 pending | |
| Randomized with seed 27045 | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment