gauntlt 0.0.0 → 0.0.5

data/lib/gauntlt/attack_adapters/support/sslyze_output.README

@@ -0,0 +1,91 @@
+
+Warning: Running on MAC OS X. Disabling multiprocessing - scans will be slower.
+
+
+
+ REGISTERING AVAILABLE PLUGINS
+ -----------------------------
+
+   PluginCertInfo - OK
+   PluginEmpty - OK
+   PluginOpenSSLCipherSuites - OK
+   PluginSessionRenegotiation - OK
+   PluginSessionResumption - OK
+
+
+
+ CHECKING HOST(S) AVAILABILITY
+ -----------------------------
+
+   www.google.com:443                  => 74.125.127.106:443
+
+
+
+ SCAN RESULTS FOR WWW.GOOGLE.COM:443 - 74.125.127.106:443
+ --------------------------------------------------------
+
+  * Session Renegotiation :
+      Client-initiated Renegotiations:    Rejected
+      Secure Renegotiation:               Supported
+
+  * Certificate :
+      Validation w/ Mozilla's CA Store:  Certificate is Trusted
+      Subject:                           /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
+      Issuer:                            /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
+      Serial Number:                     4F9D96D966B0992B54C2957CB4157D4D
+      Not Before:                        Oct 26 00:00:00 2011 GMT
+      Not After:                         Sep 30 23:59:59 2013 GMT
+      Signature Algorithm:               sha1WithRSAEncryption
+      Key Size:                          1024 bits
+      SHA1 Fingerprint:                  C1956DC8A7DFB2A5A56934DA09778E3A11023358
+
+  * Session Resumption :
+      With Session IDs:           Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
+      With TLS Session Tickets:   Supported
+
+  * TLSV1 Cipher Suites :
+
+      Rejected Cipher Suite(s): Hidden
+
+      Preferred Cipher Suite:
+        ECDHE-RSA-RC4-SHA        128 bits      HTTP 200 OK
+
+      Accepted Cipher Suite(s):
+        AES256-SHA               256 bits      HTTP 200 OK
+        DES-CBC3-SHA             168 bits      HTTP 200 OK
+        RC4-SHA                  128 bits      HTTP 200 OK
+        RC4-MD5                  128 bits      HTTP 200 OK
+        AES128-SHA               128 bits      HTTP 200 OK
+
+      Unknown Errors: None
+
+  * SSLV3 Cipher Suites :
+
+      Rejected Cipher Suite(s): Hidden
+
+      Preferred Cipher Suite:
+        ECDHE-RSA-RC4-SHA        128 bits      HTTP 200 OK
+
+      Accepted Cipher Suite(s):
+        AES256-SHA               256 bits      HTTP 200 OK
+        DES-CBC3-SHA             168 bits      HTTP 200 OK
+        RC4-SHA                  128 bits      HTTP 200 OK
+        RC4-MD5                  128 bits      HTTP 200 OK
+        AES128-SHA               128 bits      HTTP 200 OK
+
+      Unknown Errors: None
+
+  * SSLV2 Cipher Suites :
+
+      Rejected Cipher Suite(s): Hidden
+
+      Preferred Cipher Suite: None
+
+      Accepted Cipher Suite(s): None
+
+      Unknown Errors: None
+
+
+
+ SCAN COMPLETED IN 2.50 S
+ ------------------------

data/lib/gauntlt/version.rb

@@ -1,3 +1,3 @@
 module Gauntlt
-  VERSION = "0.0.0"
+  VERSION = "0.0.5"
 end

data/spec/gauntlt/attack_spec.rb

@@ -0,0 +1,58 @@
+require 'spec_helper'
+
+describe Gauntlt::Attack do
+  before do
+    File.stub(:exists?).with(:bar).and_return(true)
+  end
+
+  subject{
+    Gauntlt::Attack.new(:foo, :attack_file => :bar)
+  }
+
+  describe :initialize do
+    context "attack file exists for passed name" do
+      it "sets name and opts" do
+        subject.name.should == :foo
+        subject.opts.should == {:attack_file => :bar}
+      end
+    end
+
+    context "attack file does not exist for passed name" do
+      it "raises an error if the attack file does not exist" do
+        File.stub(:exists?).with(:bar).and_return(false)
+
+        expect {
+          Gauntlt::Attack.new(:foo, :attack_file => :bar)
+        }.to raise_error Gauntlt::Attack::NotFound
+      end
+    end
+  end
+
+  describe :base_dir do
+    it "returns the full path for the attack.rb file" do
+      File.should_receive(:dirname).and_return(:foo)
+      File.should_receive(:expand_path).with(:foo)
+
+      subject.base_dir
+    end
+  end
+
+  describe :attacks_dir do
+    it "joins attacks to base_dir" do
+      subject.should_receive(:base_dir).and_return(:bar)
+      File.should_receive(:join).with(:bar, 'attack_adapters')
+
+      subject.attacks_dir
+    end
+  end
+
+  describe :run do
+    it "executes the attack file, specifies failure for undefined steps and specifies the attacks_dir" do
+      subject.should_receive(:attacks_dir).and_return('/bar')
+      subject.should_receive(:attack_file).and_return('/bar/baz.attack')
+      Cucumber::Cli::Main.should_receive(:execute).with(['/bar/baz.attack', '--strict', '--require', '/bar'])
+
+      subject.run
+    end
+  end
+end

data/spec/gauntlt_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe Gauntlt do
+  subject { Gauntlt }
+
+  describe :has_attack? do
+    it "returns true if an attack exists for the passed name" do
+      subject.stub(:attacks).and_return(['foo'])
+      subject.should have_attack('foo')
+    end
+  end
+
+  describe :attacks do
+    it "returns the names of all attack files in the attacks directory" do
+      subject.stub(:attack_files).and_return([
+        '/foo/bar/a.rb',
+        '/foo/bar/b.rb'
+      ])
+
+      subject.attacks.should == ['a', 'b']
+    end
+  end
+
+  describe :attack_files do
+    it "returns the full path to each attack file" do
+      with_constants :"Gauntlt::ATTACK_GLOB_PATTERN" =>'foo' do
+        Dir.stub(:glob).with('foo').and_return(['bar', 'baz'])
+        subject.attack_files.should == ['bar', 'baz']
+      end
+    end
+  end
+
+  describe :attack do
+    it "runs the specified test with the passed options" do
+      mock_test = mock('test')
+      subject::Attack.should_receive(:new).with(:foo, :host => :bar).and_return(mock_test)
+      mock_test.should_receive(:run)
+
+      subject.attack(:foo, :host => :bar)
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,18 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+$:.unshift(File.dirname(__FILE__))
+
+require 'rubygems'
+require 'bundler'
+Bundler.setup
+
+require 'gauntlt'
+
+require 'aruba/api'
+
+Dir['./spec/support/**/*.rb'].map {|f| require f}
+
+RSpec.configure do |c|
+  c.include Aruba::Api
+  c.include RSpecConstantsHelpers
+  c.color = true
+end

data/spec/support/mock_constants.rb

@@ -0,0 +1,46 @@
+# from http://missingbit.blogspot.com/2011/07/stubbing-constants-in-rspec_20.html
+# example: (from http://digitaldumptruck.jotabout.com/?p=551)
+#     it "does not allow links to be added in production environment" do
+#       with_constants :RAILS_ENV => 'production' do
+#         get :add, @nonexistent_link.url
+#         response.should_not be_success
+#       end
+#     end
+module RSpecConstantsHelpers
+  def constantize(camel_cased_word)
+    names = camel_cased_word.split('::')
+    names.shift if names.empty? || names.first.empty?
+
+    constant = Object
+    names.each do |name|
+      constant = constant.const_defined?(name) ? constant.const_get(name) : constant.const_missing(name)
+    end
+    constant
+  end
+
+  def parse(constant)
+    source, _, constant_name = constant.to_s.rpartition('::')
+
+    [constantize(source), constant_name]
+  end
+
+  def with_constants(constants, &block)
+    saved_constants = {}
+    constants.each do |constant, val|
+      source_object, const_name = parse(constant)
+
+      saved_constants[constant] = source_object.const_get(const_name)
+      source_object.const_set(const_name, val)
+    end
+
+    begin
+      block.call
+    ensure
+      constants.each do |constant, val|
+        source_object, const_name = parse(constant)
+
+        source_object.const_set(const_name, saved_constants[constant])
+      end
+    end
+  end
+end

metadata

@@ -1,19 +1,84 @@
 --- !ruby/object:Gem::Specification
 name: gauntlt
 version: !ruby/object:Gem::Version
-  version: 0.0.0
+  version: 0.0.5
   prerelease: 
 platform: ruby
 authors:
 - James Wickett
+- Mani Tadayon
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-25 00:00:00.000000000 Z
+date: 2012-08-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cucumber
-  requirement: &70192587788680 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aruba
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cucumber
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +86,31 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70192587788680
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: aruba
-  requirement: &70192587788200 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: curb
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,8 +118,45 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70192587788200
-description: Using standard Gherkin language to define security tests, gauntlet happily
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: acclaim
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ribbon
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+description: Using standard Gherkin language to define security tests, gauntlt happily
   wraps cucumber functionality and provides a security testing framework that security
   engineers, developers and operations teams can collaborate on together.
 email:
@@ -44,13 +167,55 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .gitmodules
+- .travis.yml
 - Gemfile
-- Gemfile.lock
+- LICENSE
+- README.md
 - Rakefile
 - bin/gauntlt
+- features/attack.feature
+- features/attacks/cookies.feature
+- features/attacks/curl.feature
+- features/attacks/http_methods.feature
+- features/attacks/nmap.feature
+- features/attacks/sqlmap.feature
+- features/attacks/sslyze.feature
+- features/help.feature
+- features/report.feature
+- features/step_definitions/aruba_extension_steps.rb
+- features/step_definitions/config_steps.rb
+- features/step_definitions/help_steps.rb
+- features/step_definitions/support_steps.rb
+- features/support/aruba.rb
+- features/support/attack_steps.rb
+- features/support/env.rb
+- features/support/hooks.rb
+- features/support/profile/profile.xml
 - gauntlt.gemspec
+- gem_tasks/cucumber.rake
+- gem_tasks/rspec.rake
 - lib/gauntlt.rb
+- lib/gauntlt/attack.rb
+- lib/gauntlt/attack_adapters/cookies.rb
+- lib/gauntlt/attack_adapters/curl.rb
+- lib/gauntlt/attack_adapters/http_methods.rb
+- lib/gauntlt/attack_adapters/nmap.rb
+- lib/gauntlt/attack_adapters/sqlmap.rb
+- lib/gauntlt/attack_adapters/sslyze.rb
+- lib/gauntlt/attack_adapters/support/cli_helper.rb
+- lib/gauntlt/attack_adapters/support/cookie_helper.rb
+- lib/gauntlt/attack_adapters/support/env.rb
+- lib/gauntlt/attack_adapters/support/hooks.rb
+- lib/gauntlt/attack_adapters/support/nmap_helper.rb
+- lib/gauntlt/attack_adapters/support/profile_helper.rb
+- lib/gauntlt/attack_adapters/support/python_script_helper.rb
+- lib/gauntlt/attack_adapters/support/sslyze_output.README
 - lib/gauntlt/version.rb
+- spec/gauntlt/attack_spec.rb
+- spec/gauntlt_spec.rb
+- spec/spec_helper.rb
+- spec/support/mock_constants.rb
 homepage: ''
 licenses: []
 post_install_message: 
@@ -70,9 +235,31 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: gauntlt
-rubygems_version: 1.8.10
+rubyforge_project: 
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
-summary: the security testing tool using cucumber
-test_files: []
+summary: behaviour-driven security using cucumber
+test_files:
+- features/attack.feature
+- features/attacks/cookies.feature
+- features/attacks/curl.feature
+- features/attacks/http_methods.feature
+- features/attacks/nmap.feature
+- features/attacks/sqlmap.feature
+- features/attacks/sslyze.feature
+- features/help.feature
+- features/report.feature
+- features/step_definitions/aruba_extension_steps.rb
+- features/step_definitions/config_steps.rb
+- features/step_definitions/help_steps.rb
+- features/step_definitions/support_steps.rb
+- features/support/aruba.rb
+- features/support/attack_steps.rb
+- features/support/env.rb
+- features/support/hooks.rb
+- features/support/profile/profile.xml
+- spec/gauntlt/attack_spec.rb
+- spec/gauntlt_spec.rb
+- spec/spec_helper.rb
+- spec/support/mock_constants.rb