Ian Muscat  Sporadic Ramblings of a Technophile

Installing Google Firing Range

Google Firing Range is a “test bed for web application security scanners, providing synthetic, wide coverage for an array of vulnerabilities”. It’s available on GitHub and also has a publicly available instance on Google AppEngine.

The testbed itself is great, but the project’s README mention’s nothing on how to install it, nor could I find any instructions on other sites. So just in case it will prove useful to you, here’s a short guide and a shell script (I’ve only tested it on Ubuntu 14.04 LTS)


Before you start, you need to install the Java JRE/JDK. If you need help getting that installed, head over to this neat article by Digital Ocean.

You’ll also need to install Apache Ant. Apache Ant is a tool that is used for automating software builds.

sudo apt-get install ant

Download Firing Range and its depencancies

Once you have the Java JRE/JDK installed, clone the Git repository to a directory on your computer.

git clone https://github.com/google/firing-range.git

Since Firing Range is meant to run on Google App Engine, you’ll need to download and unzip the Google App Engine SDK for Java in order to run it.

Next you’ll need to set the path to the SDK in build.xml. Open up the file in your favourite editor.

nano firing-range/build.xml

Find the following line and change the location of the SDK to where ever you placed it on your computer.

<property name="appengine.sdk" location="../.."/>

Next, we’ll need to compile the project using Apache Ant. This will create a war directory which will contain the compiled application.

ant compile

That’s it! Now we just need to run the built-in server bundled with the Google App Engine SDK.

appengine-java-sdk-1.9.23/bindev_appserver.sh firing-range/war

You can also choose to change the address and port the server binds to. In the below example I’ve changed the binging of the web server to bind on all interfaces on port 8080.

appengine-java-sdk-1.9.23/bindev_appserver.sh --address= --port=8080 firing-range/war

Shell script

Here’s a shell script to do this automatically (tested on Ubuntu 14.04 LTS)