gauntlt 0.0.0 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. data/.gitignore +3 -0
  2. data/.gitmodules +6 -0
  3. data/.travis.yml +9 -0
  4. data/Gemfile +3 -2
  5. data/LICENSE +10 -0
  6. data/README.md +95 -0
  7. data/Rakefile +4 -0
  8. data/bin/gauntlt +51 -2
  9. data/features/attack.feature +62 -0
  10. data/features/attacks/cookies.feature +25 -0
  11. data/features/attacks/curl.feature +23 -0
  12. data/features/attacks/http_methods.feature +33 -0
  13. data/features/attacks/nmap.feature +40 -0
  14. data/features/attacks/sqlmap.feature +17 -0
  15. data/features/attacks/sslyze.feature +36 -0
  16. data/features/help.feature +37 -0
  17. data/features/report.feature +5 -0
  18. data/features/step_definitions/aruba_extension_steps.rb +3 -0
  19. data/features/step_definitions/config_steps.rb +3 -0
  20. data/features/step_definitions/help_steps.rb +8 -0
  21. data/features/step_definitions/support_steps.rb +5 -0
  22. data/features/support/aruba.rb +5 -0
  23. data/features/support/attack_steps.rb +1 -0
  24. data/features/support/env.rb +1 -0
  25. data/features/support/hooks.rb +3 -0
  26. data/features/support/profile/profile.xml +5 -0
  27. data/gauntlt.gemspec +13 -8
  28. data/gem_tasks/cucumber.rake +5 -0
  29. data/gem_tasks/rspec.rake +6 -0
  30. data/lib/gauntlt.rb +35 -1
  31. data/lib/gauntlt/attack.rb +32 -0
  32. data/lib/gauntlt/attack_adapters/cookies.rb +11 -0
  33. data/lib/gauntlt/attack_adapters/curl.rb +3 -0
  34. data/lib/gauntlt/attack_adapters/http_methods.rb +12 -0
  35. data/lib/gauntlt/attack_adapters/nmap.rb +14 -0
  36. data/lib/gauntlt/attack_adapters/sqlmap.rb +3 -0
  37. data/lib/gauntlt/attack_adapters/sslyze.rb +15 -0
  38. data/lib/gauntlt/attack_adapters/support/cli_helper.rb +18 -0
  39. data/lib/gauntlt/attack_adapters/support/cookie_helper.rb +27 -0
  40. data/lib/gauntlt/attack_adapters/support/env.rb +1 -0
  41. data/lib/gauntlt/attack_adapters/support/hooks.rb +3 -0
  42. data/lib/gauntlt/attack_adapters/support/nmap_helper.rb +13 -0
  43. data/lib/gauntlt/attack_adapters/support/profile_helper.rb +12 -0
  44. data/lib/gauntlt/attack_adapters/support/python_script_helper.rb +70 -0
  45. data/lib/gauntlt/attack_adapters/support/sslyze_output.README +91 -0
  46. data/lib/gauntlt/version.rb +1 -1
  47. data/spec/gauntlt/attack_spec.rb +58 -0
  48. data/spec/gauntlt_spec.rb +43 -0
  49. data/spec/spec_helper.rb +18 -0
  50. data/spec/support/mock_constants.rb +46 -0
  51. metadata +199 -12
  52. data/Gemfile.lock +0 -44
@@ -0,0 +1,91 @@
1
+
2
+ Warning: Running on MAC OS X. Disabling multiprocessing - scans will be slower.
3
+
4
+
5
+
6
+ REGISTERING AVAILABLE PLUGINS
7
+ -----------------------------
8
+
9
+ PluginCertInfo - OK
10
+ PluginEmpty - OK
11
+ PluginOpenSSLCipherSuites - OK
12
+ PluginSessionRenegotiation - OK
13
+ PluginSessionResumption - OK
14
+
15
+
16
+
17
+ CHECKING HOST(S) AVAILABILITY
18
+ -----------------------------
19
+
20
+ www.google.com:443 => 74.125.127.106:443
21
+
22
+
23
+
24
+ SCAN RESULTS FOR WWW.GOOGLE.COM:443 - 74.125.127.106:443
25
+ --------------------------------------------------------
26
+
27
+ * Session Renegotiation :
28
+ Client-initiated Renegotiations: Rejected
29
+ Secure Renegotiation: Supported
30
+
31
+ * Certificate :
32
+ Validation w/ Mozilla's CA Store: Certificate is Trusted
33
+ Subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
34
+ Issuer: /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
35
+ Serial Number: 4F9D96D966B0992B54C2957CB4157D4D
36
+ Not Before: Oct 26 00:00:00 2011 GMT
37
+ Not After: Sep 30 23:59:59 2013 GMT
38
+ Signature Algorithm: sha1WithRSAEncryption
39
+ Key Size: 1024 bits
40
+ SHA1 Fingerprint: C1956DC8A7DFB2A5A56934DA09778E3A11023358
41
+
42
+ * Session Resumption :
43
+ With Session IDs: Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
44
+ With TLS Session Tickets: Supported
45
+
46
+ * TLSV1 Cipher Suites :
47
+
48
+ Rejected Cipher Suite(s): Hidden
49
+
50
+ Preferred Cipher Suite:
51
+ ECDHE-RSA-RC4-SHA 128 bits HTTP 200 OK
52
+
53
+ Accepted Cipher Suite(s):
54
+ AES256-SHA 256 bits HTTP 200 OK
55
+ DES-CBC3-SHA 168 bits HTTP 200 OK
56
+ RC4-SHA 128 bits HTTP 200 OK
57
+ RC4-MD5 128 bits HTTP 200 OK
58
+ AES128-SHA 128 bits HTTP 200 OK
59
+
60
+ Unknown Errors: None
61
+
62
+ * SSLV3 Cipher Suites :
63
+
64
+ Rejected Cipher Suite(s): Hidden
65
+
66
+ Preferred Cipher Suite:
67
+ ECDHE-RSA-RC4-SHA 128 bits HTTP 200 OK
68
+
69
+ Accepted Cipher Suite(s):
70
+ AES256-SHA 256 bits HTTP 200 OK
71
+ DES-CBC3-SHA 168 bits HTTP 200 OK
72
+ RC4-SHA 128 bits HTTP 200 OK
73
+ RC4-MD5 128 bits HTTP 200 OK
74
+ AES128-SHA 128 bits HTTP 200 OK
75
+
76
+ Unknown Errors: None
77
+
78
+ * SSLV2 Cipher Suites :
79
+
80
+ Rejected Cipher Suite(s): Hidden
81
+
82
+ Preferred Cipher Suite: None
83
+
84
+ Accepted Cipher Suite(s): None
85
+
86
+ Unknown Errors: None
87
+
88
+
89
+
90
+ SCAN COMPLETED IN 2.50 S
91
+ ------------------------
@@ -1,3 +1,3 @@
1
1
  module Gauntlt
2
- VERSION = "0.0.0"
2
+ VERSION = "0.0.5"
3
3
  end
@@ -0,0 +1,58 @@
1
+ require 'spec_helper'
2
+
3
+ describe Gauntlt::Attack do
4
+ before do
5
+ File.stub(:exists?).with(:bar).and_return(true)
6
+ end
7
+
8
+ subject{
9
+ Gauntlt::Attack.new(:foo, :attack_file => :bar)
10
+ }
11
+
12
+ describe :initialize do
13
+ context "attack file exists for passed name" do
14
+ it "sets name and opts" do
15
+ subject.name.should == :foo
16
+ subject.opts.should == {:attack_file => :bar}
17
+ end
18
+ end
19
+
20
+ context "attack file does not exist for passed name" do
21
+ it "raises an error if the attack file does not exist" do
22
+ File.stub(:exists?).with(:bar).and_return(false)
23
+
24
+ expect {
25
+ Gauntlt::Attack.new(:foo, :attack_file => :bar)
26
+ }.to raise_error Gauntlt::Attack::NotFound
27
+ end
28
+ end
29
+ end
30
+
31
+ describe :base_dir do
32
+ it "returns the full path for the attack.rb file" do
33
+ File.should_receive(:dirname).and_return(:foo)
34
+ File.should_receive(:expand_path).with(:foo)
35
+
36
+ subject.base_dir
37
+ end
38
+ end
39
+
40
+ describe :attacks_dir do
41
+ it "joins attacks to base_dir" do
42
+ subject.should_receive(:base_dir).and_return(:bar)
43
+ File.should_receive(:join).with(:bar, 'attack_adapters')
44
+
45
+ subject.attacks_dir
46
+ end
47
+ end
48
+
49
+ describe :run do
50
+ it "executes the attack file, specifies failure for undefined steps and specifies the attacks_dir" do
51
+ subject.should_receive(:attacks_dir).and_return('/bar')
52
+ subject.should_receive(:attack_file).and_return('/bar/baz.attack')
53
+ Cucumber::Cli::Main.should_receive(:execute).with(['/bar/baz.attack', '--strict', '--require', '/bar'])
54
+
55
+ subject.run
56
+ end
57
+ end
58
+ end
@@ -0,0 +1,43 @@
1
+ require 'spec_helper'
2
+
3
+ describe Gauntlt do
4
+ subject { Gauntlt }
5
+
6
+ describe :has_attack? do
7
+ it "returns true if an attack exists for the passed name" do
8
+ subject.stub(:attacks).and_return(['foo'])
9
+ subject.should have_attack('foo')
10
+ end
11
+ end
12
+
13
+ describe :attacks do
14
+ it "returns the names of all attack files in the attacks directory" do
15
+ subject.stub(:attack_files).and_return([
16
+ '/foo/bar/a.rb',
17
+ '/foo/bar/b.rb'
18
+ ])
19
+
20
+ subject.attacks.should == ['a', 'b']
21
+ end
22
+ end
23
+
24
+ describe :attack_files do
25
+ it "returns the full path to each attack file" do
26
+ with_constants :"Gauntlt::ATTACK_GLOB_PATTERN" =>'foo' do
27
+ Dir.stub(:glob).with('foo').and_return(['bar', 'baz'])
28
+ subject.attack_files.should == ['bar', 'baz']
29
+ end
30
+ end
31
+ end
32
+
33
+ describe :attack do
34
+ it "runs the specified test with the passed options" do
35
+ mock_test = mock('test')
36
+ subject::Attack.should_receive(:new).with(:foo, :host => :bar).and_return(mock_test)
37
+ mock_test.should_receive(:run)
38
+
39
+ subject.attack(:foo, :host => :bar)
40
+ end
41
+ end
42
+
43
+ end
@@ -0,0 +1,18 @@
1
+ $:.unshift(File.dirname(__FILE__) + '/../lib')
2
+ $:.unshift(File.dirname(__FILE__))
3
+
4
+ require 'rubygems'
5
+ require 'bundler'
6
+ Bundler.setup
7
+
8
+ require 'gauntlt'
9
+
10
+ require 'aruba/api'
11
+
12
+ Dir['./spec/support/**/*.rb'].map {|f| require f}
13
+
14
+ RSpec.configure do |c|
15
+ c.include Aruba::Api
16
+ c.include RSpecConstantsHelpers
17
+ c.color = true
18
+ end
@@ -0,0 +1,46 @@
1
+ # from http://missingbit.blogspot.com/2011/07/stubbing-constants-in-rspec_20.html
2
+ # example: (from http://digitaldumptruck.jotabout.com/?p=551)
3
+ # it "does not allow links to be added in production environment" do
4
+ # with_constants :RAILS_ENV => 'production' do
5
+ # get :add, @nonexistent_link.url
6
+ # response.should_not be_success
7
+ # end
8
+ # end
9
+ module RSpecConstantsHelpers
10
+ def constantize(camel_cased_word)
11
+ names = camel_cased_word.split('::')
12
+ names.shift if names.empty? || names.first.empty?
13
+
14
+ constant = Object
15
+ names.each do |name|
16
+ constant = constant.const_defined?(name) ? constant.const_get(name) : constant.const_missing(name)
17
+ end
18
+ constant
19
+ end
20
+
21
+ def parse(constant)
22
+ source, _, constant_name = constant.to_s.rpartition('::')
23
+
24
+ [constantize(source), constant_name]
25
+ end
26
+
27
+ def with_constants(constants, &block)
28
+ saved_constants = {}
29
+ constants.each do |constant, val|
30
+ source_object, const_name = parse(constant)
31
+
32
+ saved_constants[constant] = source_object.const_get(const_name)
33
+ source_object.const_set(const_name, val)
34
+ end
35
+
36
+ begin
37
+ block.call
38
+ ensure
39
+ constants.each do |constant, val|
40
+ source_object, const_name = parse(constant)
41
+
42
+ source_object.const_set(const_name, saved_constants[constant])
43
+ end
44
+ end
45
+ end
46
+ end
metadata CHANGED
@@ -1,19 +1,84 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gauntlt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.0
4
+ version: 0.0.5
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
8
8
  - James Wickett
9
+ - Mani Tadayon
9
10
  autorequire:
10
11
  bindir: bin
11
12
  cert_chain: []
12
- date: 2012-04-25 00:00:00.000000000 Z
13
+ date: 2012-08-02 00:00:00.000000000 Z
13
14
  dependencies:
14
15
  - !ruby/object:Gem::Dependency
15
16
  name: cucumber
16
- requirement: &70192587788680 !ruby/object:Gem::Requirement
17
+ requirement: !ruby/object:Gem::Requirement
18
+ none: false
19
+ requirements:
20
+ - - ! '>='
21
+ - !ruby/object:Gem::Version
22
+ version: '0'
23
+ type: :development
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ none: false
27
+ requirements:
28
+ - - ! '>='
29
+ - !ruby/object:Gem::Version
30
+ version: '0'
31
+ - !ruby/object:Gem::Dependency
32
+ name: rspec
33
+ requirement: !ruby/object:Gem::Requirement
34
+ none: false
35
+ requirements:
36
+ - - ! '>='
37
+ - !ruby/object:Gem::Version
38
+ version: '0'
39
+ type: :development
40
+ prerelease: false
41
+ version_requirements: !ruby/object:Gem::Requirement
42
+ none: false
43
+ requirements:
44
+ - - ! '>='
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ - !ruby/object:Gem::Dependency
48
+ name: aruba
49
+ requirement: !ruby/object:Gem::Requirement
50
+ none: false
51
+ requirements:
52
+ - - ! '>='
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ type: :development
56
+ prerelease: false
57
+ version_requirements: !ruby/object:Gem::Requirement
58
+ none: false
59
+ requirements:
60
+ - - ! '>='
61
+ - !ruby/object:Gem::Version
62
+ version: '0'
63
+ - !ruby/object:Gem::Dependency
64
+ name: rake
65
+ requirement: !ruby/object:Gem::Requirement
66
+ none: false
67
+ requirements:
68
+ - - ! '>='
69
+ - !ruby/object:Gem::Version
70
+ version: '0'
71
+ type: :development
72
+ prerelease: false
73
+ version_requirements: !ruby/object:Gem::Requirement
74
+ none: false
75
+ requirements:
76
+ - - ! '>='
77
+ - !ruby/object:Gem::Version
78
+ version: '0'
79
+ - !ruby/object:Gem::Dependency
80
+ name: cucumber
81
+ requirement: !ruby/object:Gem::Requirement
17
82
  none: false
18
83
  requirements:
19
84
  - - ! '>='
@@ -21,10 +86,31 @@ dependencies:
21
86
  version: '0'
22
87
  type: :runtime
23
88
  prerelease: false
24
- version_requirements: *70192587788680
89
+ version_requirements: !ruby/object:Gem::Requirement
90
+ none: false
91
+ requirements:
92
+ - - ! '>='
93
+ - !ruby/object:Gem::Version
94
+ version: '0'
25
95
  - !ruby/object:Gem::Dependency
26
96
  name: aruba
27
- requirement: &70192587788200 !ruby/object:Gem::Requirement
97
+ requirement: !ruby/object:Gem::Requirement
98
+ none: false
99
+ requirements:
100
+ - - ! '>='
101
+ - !ruby/object:Gem::Version
102
+ version: '0'
103
+ type: :runtime
104
+ prerelease: false
105
+ version_requirements: !ruby/object:Gem::Requirement
106
+ none: false
107
+ requirements:
108
+ - - ! '>='
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: curb
113
+ requirement: !ruby/object:Gem::Requirement
28
114
  none: false
29
115
  requirements:
30
116
  - - ! '>='
@@ -32,8 +118,45 @@ dependencies:
32
118
  version: '0'
33
119
  type: :runtime
34
120
  prerelease: false
35
- version_requirements: *70192587788200
36
- description: Using standard Gherkin language to define security tests, gauntlet happily
121
+ version_requirements: !ruby/object:Gem::Requirement
122
+ none: false
123
+ requirements:
124
+ - - ! '>='
125
+ - !ruby/object:Gem::Version
126
+ version: '0'
127
+ - !ruby/object:Gem::Dependency
128
+ name: acclaim
129
+ requirement: !ruby/object:Gem::Requirement
130
+ none: false
131
+ requirements:
132
+ - - ! '>='
133
+ - !ruby/object:Gem::Version
134
+ version: '0'
135
+ type: :runtime
136
+ prerelease: false
137
+ version_requirements: !ruby/object:Gem::Requirement
138
+ none: false
139
+ requirements:
140
+ - - ! '>='
141
+ - !ruby/object:Gem::Version
142
+ version: '0'
143
+ - !ruby/object:Gem::Dependency
144
+ name: ribbon
145
+ requirement: !ruby/object:Gem::Requirement
146
+ none: false
147
+ requirements:
148
+ - - '='
149
+ - !ruby/object:Gem::Version
150
+ version: 0.7.0
151
+ type: :runtime
152
+ prerelease: false
153
+ version_requirements: !ruby/object:Gem::Requirement
154
+ none: false
155
+ requirements:
156
+ - - '='
157
+ - !ruby/object:Gem::Version
158
+ version: 0.7.0
159
+ description: Using standard Gherkin language to define security tests, gauntlt happily
37
160
  wraps cucumber functionality and provides a security testing framework that security
38
161
  engineers, developers and operations teams can collaborate on together.
39
162
  email:
@@ -44,13 +167,55 @@ extensions: []
44
167
  extra_rdoc_files: []
45
168
  files:
46
169
  - .gitignore
170
+ - .gitmodules
171
+ - .travis.yml
47
172
  - Gemfile
48
- - Gemfile.lock
173
+ - LICENSE
174
+ - README.md
49
175
  - Rakefile
50
176
  - bin/gauntlt
177
+ - features/attack.feature
178
+ - features/attacks/cookies.feature
179
+ - features/attacks/curl.feature
180
+ - features/attacks/http_methods.feature
181
+ - features/attacks/nmap.feature
182
+ - features/attacks/sqlmap.feature
183
+ - features/attacks/sslyze.feature
184
+ - features/help.feature
185
+ - features/report.feature
186
+ - features/step_definitions/aruba_extension_steps.rb
187
+ - features/step_definitions/config_steps.rb
188
+ - features/step_definitions/help_steps.rb
189
+ - features/step_definitions/support_steps.rb
190
+ - features/support/aruba.rb
191
+ - features/support/attack_steps.rb
192
+ - features/support/env.rb
193
+ - features/support/hooks.rb
194
+ - features/support/profile/profile.xml
51
195
  - gauntlt.gemspec
196
+ - gem_tasks/cucumber.rake
197
+ - gem_tasks/rspec.rake
52
198
  - lib/gauntlt.rb
199
+ - lib/gauntlt/attack.rb
200
+ - lib/gauntlt/attack_adapters/cookies.rb
201
+ - lib/gauntlt/attack_adapters/curl.rb
202
+ - lib/gauntlt/attack_adapters/http_methods.rb
203
+ - lib/gauntlt/attack_adapters/nmap.rb
204
+ - lib/gauntlt/attack_adapters/sqlmap.rb
205
+ - lib/gauntlt/attack_adapters/sslyze.rb
206
+ - lib/gauntlt/attack_adapters/support/cli_helper.rb
207
+ - lib/gauntlt/attack_adapters/support/cookie_helper.rb
208
+ - lib/gauntlt/attack_adapters/support/env.rb
209
+ - lib/gauntlt/attack_adapters/support/hooks.rb
210
+ - lib/gauntlt/attack_adapters/support/nmap_helper.rb
211
+ - lib/gauntlt/attack_adapters/support/profile_helper.rb
212
+ - lib/gauntlt/attack_adapters/support/python_script_helper.rb
213
+ - lib/gauntlt/attack_adapters/support/sslyze_output.README
53
214
  - lib/gauntlt/version.rb
215
+ - spec/gauntlt/attack_spec.rb
216
+ - spec/gauntlt_spec.rb
217
+ - spec/spec_helper.rb
218
+ - spec/support/mock_constants.rb
54
219
  homepage: ''
55
220
  licenses: []
56
221
  post_install_message:
@@ -70,9 +235,31 @@ required_rubygems_version: !ruby/object:Gem::Requirement
70
235
  - !ruby/object:Gem::Version
71
236
  version: '0'
72
237
  requirements: []
73
- rubyforge_project: gauntlt
74
- rubygems_version: 1.8.10
238
+ rubyforge_project:
239
+ rubygems_version: 1.8.23
75
240
  signing_key:
76
241
  specification_version: 3
77
- summary: the security testing tool using cucumber
78
- test_files: []
242
+ summary: behaviour-driven security using cucumber
243
+ test_files:
244
+ - features/attack.feature
245
+ - features/attacks/cookies.feature
246
+ - features/attacks/curl.feature
247
+ - features/attacks/http_methods.feature
248
+ - features/attacks/nmap.feature
249
+ - features/attacks/sqlmap.feature
250
+ - features/attacks/sslyze.feature
251
+ - features/help.feature
252
+ - features/report.feature
253
+ - features/step_definitions/aruba_extension_steps.rb
254
+ - features/step_definitions/config_steps.rb
255
+ - features/step_definitions/help_steps.rb
256
+ - features/step_definitions/support_steps.rb
257
+ - features/support/aruba.rb
258
+ - features/support/attack_steps.rb
259
+ - features/support/env.rb
260
+ - features/support/hooks.rb
261
+ - features/support/profile/profile.xml
262
+ - spec/gauntlt/attack_spec.rb
263
+ - spec/gauntlt_spec.rb
264
+ - spec/spec_helper.rb
265
+ - spec/support/mock_constants.rb