gauntlt 0.0.0 → 0.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (52) hide show
  1. data/.gitignore +3 -0
  2. data/.gitmodules +6 -0
  3. data/.travis.yml +9 -0
  4. data/Gemfile +3 -2
  5. data/LICENSE +10 -0
  6. data/README.md +95 -0
  7. data/Rakefile +4 -0
  8. data/bin/gauntlt +51 -2
  9. data/features/attack.feature +62 -0
  10. data/features/attacks/cookies.feature +25 -0
  11. data/features/attacks/curl.feature +23 -0
  12. data/features/attacks/http_methods.feature +33 -0
  13. data/features/attacks/nmap.feature +40 -0
  14. data/features/attacks/sqlmap.feature +17 -0
  15. data/features/attacks/sslyze.feature +36 -0
  16. data/features/help.feature +37 -0
  17. data/features/report.feature +5 -0
  18. data/features/step_definitions/aruba_extension_steps.rb +3 -0
  19. data/features/step_definitions/config_steps.rb +3 -0
  20. data/features/step_definitions/help_steps.rb +8 -0
  21. data/features/step_definitions/support_steps.rb +5 -0
  22. data/features/support/aruba.rb +5 -0
  23. data/features/support/attack_steps.rb +1 -0
  24. data/features/support/env.rb +1 -0
  25. data/features/support/hooks.rb +3 -0
  26. data/features/support/profile/profile.xml +5 -0
  27. data/gauntlt.gemspec +13 -8
  28. data/gem_tasks/cucumber.rake +5 -0
  29. data/gem_tasks/rspec.rake +6 -0
  30. data/lib/gauntlt.rb +35 -1
  31. data/lib/gauntlt/attack.rb +32 -0
  32. data/lib/gauntlt/attack_adapters/cookies.rb +11 -0
  33. data/lib/gauntlt/attack_adapters/curl.rb +3 -0
  34. data/lib/gauntlt/attack_adapters/http_methods.rb +12 -0
  35. data/lib/gauntlt/attack_adapters/nmap.rb +14 -0
  36. data/lib/gauntlt/attack_adapters/sqlmap.rb +3 -0
  37. data/lib/gauntlt/attack_adapters/sslyze.rb +15 -0
  38. data/lib/gauntlt/attack_adapters/support/cli_helper.rb +18 -0
  39. data/lib/gauntlt/attack_adapters/support/cookie_helper.rb +27 -0
  40. data/lib/gauntlt/attack_adapters/support/env.rb +1 -0
  41. data/lib/gauntlt/attack_adapters/support/hooks.rb +3 -0
  42. data/lib/gauntlt/attack_adapters/support/nmap_helper.rb +13 -0
  43. data/lib/gauntlt/attack_adapters/support/profile_helper.rb +12 -0
  44. data/lib/gauntlt/attack_adapters/support/python_script_helper.rb +70 -0
  45. data/lib/gauntlt/attack_adapters/support/sslyze_output.README +91 -0
  46. data/lib/gauntlt/version.rb +1 -1
  47. data/spec/gauntlt/attack_spec.rb +58 -0
  48. data/spec/gauntlt_spec.rb +43 -0
  49. data/spec/spec_helper.rb +18 -0
  50. data/spec/support/mock_constants.rb +46 -0
  51. metadata +199 -12
  52. data/Gemfile.lock +0 -44
@@ -0,0 +1,91 @@
1
+
2
+ Warning: Running on MAC OS X. Disabling multiprocessing - scans will be slower.
3
+
4
+
5
+
6
+ REGISTERING AVAILABLE PLUGINS
7
+ -----------------------------
8
+
9
+ PluginCertInfo - OK
10
+ PluginEmpty - OK
11
+ PluginOpenSSLCipherSuites - OK
12
+ PluginSessionRenegotiation - OK
13
+ PluginSessionResumption - OK
14
+
15
+
16
+
17
+ CHECKING HOST(S) AVAILABILITY
18
+ -----------------------------
19
+
20
+ www.google.com:443 => 74.125.127.106:443
21
+
22
+
23
+
24
+ SCAN RESULTS FOR WWW.GOOGLE.COM:443 - 74.125.127.106:443
25
+ --------------------------------------------------------
26
+
27
+ * Session Renegotiation :
28
+ Client-initiated Renegotiations: Rejected
29
+ Secure Renegotiation: Supported
30
+
31
+ * Certificate :
32
+ Validation w/ Mozilla's CA Store: Certificate is Trusted
33
+ Subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
34
+ Issuer: /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
35
+ Serial Number: 4F9D96D966B0992B54C2957CB4157D4D
36
+ Not Before: Oct 26 00:00:00 2011 GMT
37
+ Not After: Sep 30 23:59:59 2013 GMT
38
+ Signature Algorithm: sha1WithRSAEncryption
39
+ Key Size: 1024 bits
40
+ SHA1 Fingerprint: C1956DC8A7DFB2A5A56934DA09778E3A11023358
41
+
42
+ * Session Resumption :
43
+ With Session IDs: Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
44
+ With TLS Session Tickets: Supported
45
+
46
+ * TLSV1 Cipher Suites :
47
+
48
+ Rejected Cipher Suite(s): Hidden
49
+
50
+ Preferred Cipher Suite:
51
+ ECDHE-RSA-RC4-SHA 128 bits HTTP 200 OK
52
+
53
+ Accepted Cipher Suite(s):
54
+ AES256-SHA 256 bits HTTP 200 OK
55
+ DES-CBC3-SHA 168 bits HTTP 200 OK
56
+ RC4-SHA 128 bits HTTP 200 OK
57
+ RC4-MD5 128 bits HTTP 200 OK
58
+ AES128-SHA 128 bits HTTP 200 OK
59
+
60
+ Unknown Errors: None
61
+
62
+ * SSLV3 Cipher Suites :
63
+
64
+ Rejected Cipher Suite(s): Hidden
65
+
66
+ Preferred Cipher Suite:
67
+ ECDHE-RSA-RC4-SHA 128 bits HTTP 200 OK
68
+
69
+ Accepted Cipher Suite(s):
70
+ AES256-SHA 256 bits HTTP 200 OK
71
+ DES-CBC3-SHA 168 bits HTTP 200 OK
72
+ RC4-SHA 128 bits HTTP 200 OK
73
+ RC4-MD5 128 bits HTTP 200 OK
74
+ AES128-SHA 128 bits HTTP 200 OK
75
+
76
+ Unknown Errors: None
77
+
78
+ * SSLV2 Cipher Suites :
79
+
80
+ Rejected Cipher Suite(s): Hidden
81
+
82
+ Preferred Cipher Suite: None
83
+
84
+ Accepted Cipher Suite(s): None
85
+
86
+ Unknown Errors: None
87
+
88
+
89
+
90
+ SCAN COMPLETED IN 2.50 S
91
+ ------------------------
@@ -1,3 +1,3 @@
1
1
  module Gauntlt
2
- VERSION = "0.0.0"
2
+ VERSION = "0.0.5"
3
3
  end
@@ -0,0 +1,58 @@
1
+ require 'spec_helper'
2
+
3
+ describe Gauntlt::Attack do
4
+ before do
5
+ File.stub(:exists?).with(:bar).and_return(true)
6
+ end
7
+
8
+ subject{
9
+ Gauntlt::Attack.new(:foo, :attack_file => :bar)
10
+ }
11
+
12
+ describe :initialize do
13
+ context "attack file exists for passed name" do
14
+ it "sets name and opts" do
15
+ subject.name.should == :foo
16
+ subject.opts.should == {:attack_file => :bar}
17
+ end
18
+ end
19
+
20
+ context "attack file does not exist for passed name" do
21
+ it "raises an error if the attack file does not exist" do
22
+ File.stub(:exists?).with(:bar).and_return(false)
23
+
24
+ expect {
25
+ Gauntlt::Attack.new(:foo, :attack_file => :bar)
26
+ }.to raise_error Gauntlt::Attack::NotFound
27
+ end
28
+ end
29
+ end
30
+
31
+ describe :base_dir do
32
+ it "returns the full path for the attack.rb file" do
33
+ File.should_receive(:dirname).and_return(:foo)
34
+ File.should_receive(:expand_path).with(:foo)
35
+
36
+ subject.base_dir
37
+ end
38
+ end
39
+
40
+ describe :attacks_dir do
41
+ it "joins attacks to base_dir" do
42
+ subject.should_receive(:base_dir).and_return(:bar)
43
+ File.should_receive(:join).with(:bar, 'attack_adapters')
44
+
45
+ subject.attacks_dir
46
+ end
47
+ end
48
+
49
+ describe :run do
50
+ it "executes the attack file, specifies failure for undefined steps and specifies the attacks_dir" do
51
+ subject.should_receive(:attacks_dir).and_return('/bar')
52
+ subject.should_receive(:attack_file).and_return('/bar/baz.attack')
53
+ Cucumber::Cli::Main.should_receive(:execute).with(['/bar/baz.attack', '--strict', '--require', '/bar'])
54
+
55
+ subject.run
56
+ end
57
+ end
58
+ end
@@ -0,0 +1,43 @@
1
+ require 'spec_helper'
2
+
3
+ describe Gauntlt do
4
+ subject { Gauntlt }
5
+
6
+ describe :has_attack? do
7
+ it "returns true if an attack exists for the passed name" do
8
+ subject.stub(:attacks).and_return(['foo'])
9
+ subject.should have_attack('foo')
10
+ end
11
+ end
12
+
13
+ describe :attacks do
14
+ it "returns the names of all attack files in the attacks directory" do
15
+ subject.stub(:attack_files).and_return([
16
+ '/foo/bar/a.rb',
17
+ '/foo/bar/b.rb'
18
+ ])
19
+
20
+ subject.attacks.should == ['a', 'b']
21
+ end
22
+ end
23
+
24
+ describe :attack_files do
25
+ it "returns the full path to each attack file" do
26
+ with_constants :"Gauntlt::ATTACK_GLOB_PATTERN" =>'foo' do
27
+ Dir.stub(:glob).with('foo').and_return(['bar', 'baz'])
28
+ subject.attack_files.should == ['bar', 'baz']
29
+ end
30
+ end
31
+ end
32
+
33
+ describe :attack do
34
+ it "runs the specified test with the passed options" do
35
+ mock_test = mock('test')
36
+ subject::Attack.should_receive(:new).with(:foo, :host => :bar).and_return(mock_test)
37
+ mock_test.should_receive(:run)
38
+
39
+ subject.attack(:foo, :host => :bar)
40
+ end
41
+ end
42
+
43
+ end
@@ -0,0 +1,18 @@
1
+ $:.unshift(File.dirname(__FILE__) + '/../lib')
2
+ $:.unshift(File.dirname(__FILE__))
3
+
4
+ require 'rubygems'
5
+ require 'bundler'
6
+ Bundler.setup
7
+
8
+ require 'gauntlt'
9
+
10
+ require 'aruba/api'
11
+
12
+ Dir['./spec/support/**/*.rb'].map {|f| require f}
13
+
14
+ RSpec.configure do |c|
15
+ c.include Aruba::Api
16
+ c.include RSpecConstantsHelpers
17
+ c.color = true
18
+ end
@@ -0,0 +1,46 @@
1
+ # from http://missingbit.blogspot.com/2011/07/stubbing-constants-in-rspec_20.html
2
+ # example: (from http://digitaldumptruck.jotabout.com/?p=551)
3
+ # it "does not allow links to be added in production environment" do
4
+ # with_constants :RAILS_ENV => 'production' do
5
+ # get :add, @nonexistent_link.url
6
+ # response.should_not be_success
7
+ # end
8
+ # end
9
+ module RSpecConstantsHelpers
10
+ def constantize(camel_cased_word)
11
+ names = camel_cased_word.split('::')
12
+ names.shift if names.empty? || names.first.empty?
13
+
14
+ constant = Object
15
+ names.each do |name|
16
+ constant = constant.const_defined?(name) ? constant.const_get(name) : constant.const_missing(name)
17
+ end
18
+ constant
19
+ end
20
+
21
+ def parse(constant)
22
+ source, _, constant_name = constant.to_s.rpartition('::')
23
+
24
+ [constantize(source), constant_name]
25
+ end
26
+
27
+ def with_constants(constants, &block)
28
+ saved_constants = {}
29
+ constants.each do |constant, val|
30
+ source_object, const_name = parse(constant)
31
+
32
+ saved_constants[constant] = source_object.const_get(const_name)
33
+ source_object.const_set(const_name, val)
34
+ end
35
+
36
+ begin
37
+ block.call
38
+ ensure
39
+ constants.each do |constant, val|
40
+ source_object, const_name = parse(constant)
41
+
42
+ source_object.const_set(const_name, saved_constants[constant])
43
+ end
44
+ end
45
+ end
46
+ end
metadata CHANGED
@@ -1,19 +1,84 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gauntlt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.0
4
+ version: 0.0.5
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
8
8
  - James Wickett
9
+ - Mani Tadayon
9
10
  autorequire:
10
11
  bindir: bin
11
12
  cert_chain: []
12
- date: 2012-04-25 00:00:00.000000000 Z
13
+ date: 2012-08-02 00:00:00.000000000 Z
13
14
  dependencies:
14
15
  - !ruby/object:Gem::Dependency
15
16
  name: cucumber
16
- requirement: &70192587788680 !ruby/object:Gem::Requirement
17
+ requirement: !ruby/object:Gem::Requirement
18
+ none: false
19
+ requirements:
20
+ - - ! '>='
21
+ - !ruby/object:Gem::Version
22
+ version: '0'
23
+ type: :development
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ none: false
27
+ requirements:
28
+ - - ! '>='
29
+ - !ruby/object:Gem::Version
30
+ version: '0'
31
+ - !ruby/object:Gem::Dependency
32
+ name: rspec
33
+ requirement: !ruby/object:Gem::Requirement
34
+ none: false
35
+ requirements:
36
+ - - ! '>='
37
+ - !ruby/object:Gem::Version
38
+ version: '0'
39
+ type: :development
40
+ prerelease: false
41
+ version_requirements: !ruby/object:Gem::Requirement
42
+ none: false
43
+ requirements:
44
+ - - ! '>='
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ - !ruby/object:Gem::Dependency
48
+ name: aruba
49
+ requirement: !ruby/object:Gem::Requirement
50
+ none: false
51
+ requirements:
52
+ - - ! '>='
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ type: :development
56
+ prerelease: false
57
+ version_requirements: !ruby/object:Gem::Requirement
58
+ none: false
59
+ requirements:
60
+ - - ! '>='
61
+ - !ruby/object:Gem::Version
62
+ version: '0'
63
+ - !ruby/object:Gem::Dependency
64
+ name: rake
65
+ requirement: !ruby/object:Gem::Requirement
66
+ none: false
67
+ requirements:
68
+ - - ! '>='
69
+ - !ruby/object:Gem::Version
70
+ version: '0'
71
+ type: :development
72
+ prerelease: false
73
+ version_requirements: !ruby/object:Gem::Requirement
74
+ none: false
75
+ requirements:
76
+ - - ! '>='
77
+ - !ruby/object:Gem::Version
78
+ version: '0'
79
+ - !ruby/object:Gem::Dependency
80
+ name: cucumber
81
+ requirement: !ruby/object:Gem::Requirement
17
82
  none: false
18
83
  requirements:
19
84
  - - ! '>='
@@ -21,10 +86,31 @@ dependencies:
21
86
  version: '0'
22
87
  type: :runtime
23
88
  prerelease: false
24
- version_requirements: *70192587788680
89
+ version_requirements: !ruby/object:Gem::Requirement
90
+ none: false
91
+ requirements:
92
+ - - ! '>='
93
+ - !ruby/object:Gem::Version
94
+ version: '0'
25
95
  - !ruby/object:Gem::Dependency
26
96
  name: aruba
27
- requirement: &70192587788200 !ruby/object:Gem::Requirement
97
+ requirement: !ruby/object:Gem::Requirement
98
+ none: false
99
+ requirements:
100
+ - - ! '>='
101
+ - !ruby/object:Gem::Version
102
+ version: '0'
103
+ type: :runtime
104
+ prerelease: false
105
+ version_requirements: !ruby/object:Gem::Requirement
106
+ none: false
107
+ requirements:
108
+ - - ! '>='
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: curb
113
+ requirement: !ruby/object:Gem::Requirement
28
114
  none: false
29
115
  requirements:
30
116
  - - ! '>='
@@ -32,8 +118,45 @@ dependencies:
32
118
  version: '0'
33
119
  type: :runtime
34
120
  prerelease: false
35
- version_requirements: *70192587788200
36
- description: Using standard Gherkin language to define security tests, gauntlet happily
121
+ version_requirements: !ruby/object:Gem::Requirement
122
+ none: false
123
+ requirements:
124
+ - - ! '>='
125
+ - !ruby/object:Gem::Version
126
+ version: '0'
127
+ - !ruby/object:Gem::Dependency
128
+ name: acclaim
129
+ requirement: !ruby/object:Gem::Requirement
130
+ none: false
131
+ requirements:
132
+ - - ! '>='
133
+ - !ruby/object:Gem::Version
134
+ version: '0'
135
+ type: :runtime
136
+ prerelease: false
137
+ version_requirements: !ruby/object:Gem::Requirement
138
+ none: false
139
+ requirements:
140
+ - - ! '>='
141
+ - !ruby/object:Gem::Version
142
+ version: '0'
143
+ - !ruby/object:Gem::Dependency
144
+ name: ribbon
145
+ requirement: !ruby/object:Gem::Requirement
146
+ none: false
147
+ requirements:
148
+ - - '='
149
+ - !ruby/object:Gem::Version
150
+ version: 0.7.0
151
+ type: :runtime
152
+ prerelease: false
153
+ version_requirements: !ruby/object:Gem::Requirement
154
+ none: false
155
+ requirements:
156
+ - - '='
157
+ - !ruby/object:Gem::Version
158
+ version: 0.7.0
159
+ description: Using standard Gherkin language to define security tests, gauntlt happily
37
160
  wraps cucumber functionality and provides a security testing framework that security
38
161
  engineers, developers and operations teams can collaborate on together.
39
162
  email:
@@ -44,13 +167,55 @@ extensions: []
44
167
  extra_rdoc_files: []
45
168
  files:
46
169
  - .gitignore
170
+ - .gitmodules
171
+ - .travis.yml
47
172
  - Gemfile
48
- - Gemfile.lock
173
+ - LICENSE
174
+ - README.md
49
175
  - Rakefile
50
176
  - bin/gauntlt
177
+ - features/attack.feature
178
+ - features/attacks/cookies.feature
179
+ - features/attacks/curl.feature
180
+ - features/attacks/http_methods.feature
181
+ - features/attacks/nmap.feature
182
+ - features/attacks/sqlmap.feature
183
+ - features/attacks/sslyze.feature
184
+ - features/help.feature
185
+ - features/report.feature
186
+ - features/step_definitions/aruba_extension_steps.rb
187
+ - features/step_definitions/config_steps.rb
188
+ - features/step_definitions/help_steps.rb
189
+ - features/step_definitions/support_steps.rb
190
+ - features/support/aruba.rb
191
+ - features/support/attack_steps.rb
192
+ - features/support/env.rb
193
+ - features/support/hooks.rb
194
+ - features/support/profile/profile.xml
51
195
  - gauntlt.gemspec
196
+ - gem_tasks/cucumber.rake
197
+ - gem_tasks/rspec.rake
52
198
  - lib/gauntlt.rb
199
+ - lib/gauntlt/attack.rb
200
+ - lib/gauntlt/attack_adapters/cookies.rb
201
+ - lib/gauntlt/attack_adapters/curl.rb
202
+ - lib/gauntlt/attack_adapters/http_methods.rb
203
+ - lib/gauntlt/attack_adapters/nmap.rb
204
+ - lib/gauntlt/attack_adapters/sqlmap.rb
205
+ - lib/gauntlt/attack_adapters/sslyze.rb
206
+ - lib/gauntlt/attack_adapters/support/cli_helper.rb
207
+ - lib/gauntlt/attack_adapters/support/cookie_helper.rb
208
+ - lib/gauntlt/attack_adapters/support/env.rb
209
+ - lib/gauntlt/attack_adapters/support/hooks.rb
210
+ - lib/gauntlt/attack_adapters/support/nmap_helper.rb
211
+ - lib/gauntlt/attack_adapters/support/profile_helper.rb
212
+ - lib/gauntlt/attack_adapters/support/python_script_helper.rb
213
+ - lib/gauntlt/attack_adapters/support/sslyze_output.README
53
214
  - lib/gauntlt/version.rb
215
+ - spec/gauntlt/attack_spec.rb
216
+ - spec/gauntlt_spec.rb
217
+ - spec/spec_helper.rb
218
+ - spec/support/mock_constants.rb
54
219
  homepage: ''
55
220
  licenses: []
56
221
  post_install_message:
@@ -70,9 +235,31 @@ required_rubygems_version: !ruby/object:Gem::Requirement
70
235
  - !ruby/object:Gem::Version
71
236
  version: '0'
72
237
  requirements: []
73
- rubyforge_project: gauntlt
74
- rubygems_version: 1.8.10
238
+ rubyforge_project:
239
+ rubygems_version: 1.8.23
75
240
  signing_key:
76
241
  specification_version: 3
77
- summary: the security testing tool using cucumber
78
- test_files: []
242
+ summary: behaviour-driven security using cucumber
243
+ test_files:
244
+ - features/attack.feature
245
+ - features/attacks/cookies.feature
246
+ - features/attacks/curl.feature
247
+ - features/attacks/http_methods.feature
248
+ - features/attacks/nmap.feature
249
+ - features/attacks/sqlmap.feature
250
+ - features/attacks/sslyze.feature
251
+ - features/help.feature
252
+ - features/report.feature
253
+ - features/step_definitions/aruba_extension_steps.rb
254
+ - features/step_definitions/config_steps.rb
255
+ - features/step_definitions/help_steps.rb
256
+ - features/step_definitions/support_steps.rb
257
+ - features/support/aruba.rb
258
+ - features/support/attack_steps.rb
259
+ - features/support/env.rb
260
+ - features/support/hooks.rb
261
+ - features/support/profile/profile.xml
262
+ - spec/gauntlt/attack_spec.rb
263
+ - spec/gauntlt_spec.rb
264
+ - spec/spec_helper.rb
265
+ - spec/support/mock_constants.rb