gauntlt 0.0.7 → 0.0.8

data/features/attacks/sqlmap.feature

@@ -9,9 +9,8 @@ Feature: sqlmap attack
         Background:
           Given "sqlmap" is installed
       """
-    When I run `gauntlt attack --name sqlmap --attack-file sqlmap.attack`
-    Then it should pass
-    And the output should contain:
+    When I run `gauntlt`
+    Then it should pass with:
       """
       1 step (1 passed)
       """

data/features/attacks/sslyze.feature

@@ -1,36 +1,14 @@
 Feature: sslyze attack
 
+  @slow
   Scenario:
     Given an attack "sslyze" exists
-    And a file named "sslyze.attack" with:
-      """
-        Feature: Run sslyze against a target
-
-        Background:
-          Given "sslyze" is installed
-          And the target hostname is "google.com"
-
-        Scenario: Ensure no anonymous certificates
-          When I launch an "sslyze" attack with:
-            \"\"\"
-              python <sslyze_path> <hostname>:443
-            \"\"\"
-          Then the output should not contain:
-            \"\"\"
-            Anon
-            \"\"\"
-
-        # Scenario: Make sure that the certificate key size is at least 2048
-        #   Given the target hostname is "google.com"
-        #   When I launch an "sslyze" attack with:
-        #     \"\"\"
-        #       python <sslyze_path> <hostname>:443
-        #     \"\"\"
-        #   Then the key size should be at least 2048
-      """
-    When I run `gauntlt attack --name sslyze --attack-file sslyze.attack`
-    Then it should pass
-    And the output should contain:
+    And I copy the attack files from the "examples/sslyze" folder
+    And the following attack files exist:
+      | filename      |
+      | sslyze.attack |
+    When I run `gauntlt`
+    Then it should pass with:
       """
       4 steps (4 passed)
       """

data/features/help.feature

@@ -8,35 +8,8 @@ Feature: Display help info
     When I run `gauntlt --help`
     Then the output should contain:
       """
-      usage: gauntlt attack [<args>]
-      """
-
-  Scenario: Attack help
-    When I run `gauntlt attack -h -n nmap`
-    Then the output should contain:
-      """
-      usage: gauntlt attack -n [attack-name] -a [attack-file]
-      """
-
-  Scenario: A user runs gauntlt without any arguments
-    When I run `gauntlt`
-    Then the output should contain:
-      """
-      Try --help for help
-      """
-
-  Scenario: A user runs the attack command without specifying attack name
-    When I run `gauntlt attack`
-    Then the output should contain:
-      """
-      Available attacks:
-
-        cookies
-        curl
-        http_methods
-        nmap
-        sqlmap
-        sslyze
+      gauntlt is a ruggedization framework
 
-        try: gauntlt attack -n nmap
+      Usage:
+             gauntlt <path>+
       """

data/features/step_definitions/config_steps.rb

@@ -1,3 +1,3 @@
 Given /^an attack "(.*?)" exists$/ do |attack_name|
-  Gauntlt.should have_attack(attack_name)
+  Gauntlt.attacks.should include(attack_name)
 end

data/features/step_definitions/support_steps.rb

@@ -2,4 +2,19 @@ Then /^debug$/ do
   require 'debugger'
   debugger
   nil
+end
+
+require 'pathname'
+Given /^I copy the attack files from the "(.*?)" folder$/ do |folder|
+  Dir.glob("./#{folder}/**/*.attack").each do |path|
+    name     = Pathname.new(path).basename.to_s
+    contents = File.read(path)
+    write_file(name, contents)
+  end
+end
+
+Given /^the following attack files exist:$/ do |table|
+  table.hashes.each do |hsh|
+    check_file_presence [hsh['filename']], true
+  end
 end

data/features/support/hooks.rb

@@ -1,3 +1,3 @@
 Before('@slow') do
-  @aruba_timeout_seconds = 10
-end
+  @aruba_timeout_seconds = 30
+end

data/features/tags.feature

@@ -0,0 +1,44 @@
+Feature: Run attacks by tag
+
+  Background:
+    Given an attack "nmap" exists
+    And a file named "nmap.attack" with:
+    """
+    Feature: my nmap attacks
+
+      @foo
+      Scenario: Foo
+        Given the target hostname is "foo"
+
+      @bar
+      Scenario: Bar
+        Given the target hostname is "bar"
+    """
+
+  Scenario: Run attack for one tag
+    When I run `gauntlt --tags @foo`
+    Then it should pass with:
+    """
+    Feature: my nmap attacks
+
+      @foo
+    """
+    And the stdout should contain:
+    """
+    1 scenario (1 passed)
+    1 step (1 passed)
+    """
+
+  Scenario: Run attack by exluding one tag
+    When I run `gauntlt --tags ~@foo`
+    Then it should pass with:
+    """
+    Feature: my nmap attacks
+
+      @bar
+    """
+    And the stdout should contain:
+    """
+    1 scenario (1 passed)
+    1 step (1 passed)
+    """

data/gauntlt.gemspec

@@ -16,7 +16,6 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
 
-  # specify any dependencies here; for example:
   s.add_development_dependency "cucumber"
   s.add_development_dependency "rspec", "~> 2.11"
   s.add_development_dependency "aruba"
@@ -24,7 +23,6 @@ Gem::Specification.new do |s|
 
   s.add_runtime_dependency "cucumber"
   s.add_runtime_dependency "aruba"
-  s.add_runtime_dependency "curb"
   s.add_runtime_dependency "nokogiri"
   s.add_runtime_dependency "trollop"
 end

data/lib/gauntlt.rb

@@ -13,27 +13,23 @@ module Gauntlt
 
   GAUNTLT_DIR = File.join(CURRENT_DIR, 'gauntlt')
 
-  ATTACKS_DIR = File.join(GAUNTLT_DIR, 'attack_adapters')
+  ATTACK_ADAPTERS_DIR = File.join(GAUNTLT_DIR, 'attack_adapters')
 
-  ATTACK_GLOB_PATTERN = ATTACKS_DIR + '/*.rb'
+  ATTACK_ADAPTERS_GLOB_PATTERN = ATTACK_ADAPTERS_DIR + '/*.rb'
 
   class << self
-    def attack_files
-      Dir.glob(ATTACK_GLOB_PATTERN)
+    def attack_adapters
+      Dir.glob(ATTACK_ADAPTERS_GLOB_PATTERN)
     end
 
     def attacks
-      attack_files.map do |full_path|
+      attack_adapters.map do |full_path|
         File.basename(full_path, '.rb')
       end.sort
     end
 
-    def has_attack?(name)
-      attacks.include?(name)
-    end
-
-    def attack(name, options={})
-      Attack.new(name, options).run
+    def attack(path, tags=[])
+      Attack.new(path, tags).run
     end
   end
 end

data/lib/gauntlt/attack.rb

@@ -3,39 +3,43 @@ require 'cucumber/cli/main'
 
 module Gauntlt
   class Attack
-    class NotFound < Exception; end
-    class ExecutionFailed < Exception; end
-
-    attr_accessor :name, :opts, :attack_file
-
-    def initialize(name, opts={})
-      if opts[:attack_file] && File.exists?( opts[:attack_file] )
-        self.name = name
-        self.opts = opts
-        self.attack_file = opts[:attack_file]
-      else
-        raise NotFound.new("No '#{opts[:attack_file]}' attack found")
-      end
-    end
+    class NoFilesFound < StandardError; end
+    class ExecutionFailed < StandardError; end
 
-    def base_dir
-      File.expand_path( File.dirname(__FILE__) )
-    end
+    attr_accessor :path, :attack_files, :tags
 
-    def attacks_dir
-      File.join(base_dir, "attack_adapters")
+    def initialize(path, tags=[])
+      self.path         = path
+      self.attack_files = attack_files_for(path)
+      self.tags         = tags
+
+      raise NoFilesFound.new("No files found in path: #{path}") if attack_files.empty?
     end
 
     def run
-      @out = StringIO.new ""
+      args =  attack_files + ['--strict', '--require', adapters_dir]
+      args += ['--tags', tags] unless tags.empty?
 
-      cli = Cucumber::Cli::Main.new([self.attack_file, '--strict', '--require', self.attacks_dir], @out)
+      cli = Cucumber::Cli::Main.new(args)
 
       if cli.execute! # cucumber failed, returning true
         raise ExecutionFailed.new("Bad or undefined attack!")
       else            # cucumber executed successfully, returning false
-        @out.string
+        true
       end
     end
+
+    private
+    def attack_files_for(path)
+      path.split(' ').map{|p| Dir.glob(p)}.flatten
+    end
+
+    def base_dir
+      File.expand_path( File.dirname(__FILE__) )
+    end
+
+    def adapters_dir
+      File.join(base_dir, "attack_adapters")
+    end
   end
 end

data/lib/gauntlt/attack_adapters/curl.rb

@@ -1,3 +1,37 @@
+When /^"curl" is installed$/ do
+  ensure_cli_installed("curl")
+end
+
+When /^I launch a "curl" attack$/ do
+  # curl custom output
+  # from:
+  #   http://beerpla.net/2010/06/10/how-to-display-just-the-http-response-code-in-cli-curl/
+  #
+  # for more output variables, see:
+  #   http://man.he.net/man1/curl
+  @raw_response = `curl --silent --output /dev/null --write-out "%{http_code}" "#{hostname}"`
+  @response = {
+    :code => @raw_response
+  }
+end
+
+When /^I launch a "curl" attack with:$/ do |command|
+  command.gsub!('<hostname>', hostname)
+  run command
+end
+
 Then /^the response code should be "(.*?)"$/ do |http_code|
-  @response.response_code.should == http_code.to_i
+  @response[:code].should == http_code
+end
+
+When /^I launch a "cookies" attack$/ do
+  set_cookies( cookies_for(hostname) )
+end
+
+Then /^the following cookies should be received:$/ do |table|
+  names = table.hashes.map{|h| h['name'] }
+  names.each do |name|
+    cookies.any?{|s| s =~ /^#{name}/}.should be_true
+    # TODO: check other values in table
+  end
 end

data/lib/gauntlt/attack_adapters/support/cli_helper.rb

@@ -21,5 +21,5 @@ end
 World(Gauntlt::Support::CliHelper)
 
 Before('@slow') do
-  @aruba_timeout_seconds = 10
+  @aruba_timeout_seconds = 30
 end

data/lib/gauntlt/attack_adapters/support/cookie_helper.rb

@@ -1,18 +1,11 @@
-require 'curb'
-
 module Gauntlt
   module Support
     module CookieHelper
       def cookies_for(url)
-        [].tap do |returner|
-          c = Curl::Easy.perform(url) do |curl|
-            curl.follow_location = true
-            curl.enable_cookies = true
+        output = `curl --include --location --head --silent "#{url}"`
 
-            curl.on_header do |header|
-              returner << "#{$1}=#{$2}" if header =~ /^Set-Cookie: ([^=]+)=([^;]+;)/
-            end
-          end
+        output.scan(/^Set-Cookie:.+$/).map do |header|
+          "#{$1}=#{$2}" if header =~ /^Set-Cookie: ([^=]+)=([^;]+;)/
         end
       end
 

data/lib/gauntlt/version.rb

@@ -1,3 +1,3 @@
 module Gauntlt
-  VERSION = "0.0.7"
+  VERSION = "0.0.8"
 end

data/spec/gauntlt/attack_spec.rb

@@ -2,64 +2,42 @@ require 'spec_helper'
 
 describe Gauntlt::Attack do
   before do
-    File.stub(:exists?).with(:bar).and_return(true)
+    Gauntlt::Attack.any_instance.stub(:attack_files_for).with(:foo).and_return([:bar])
   end
 
   subject{
-    Gauntlt::Attack.new(:foo, :attack_file => :bar)
+    Gauntlt::Attack.new(:foo)
   }
 
   describe :initialize do
     context "attack file exists for passed name" do
-      it "sets name and opts" do
-        subject.name.should == :foo
-        subject.opts.should == {:attack_file => :bar}
+      it "sets path and attack_files" do
+        subject.path.should == :foo
+        subject.attack_files.should == [:bar]
       end
     end
 
-    context "attack file does not exist for passed name" do
+    context "attack_files_for returns an empty array" do
       it "raises an error if the attack file does not exist" do
-        File.stub(:exists?).with(:bar).and_return(false)
+        Gauntlt::Attack.any_instance.stub(:attack_files_for).with(:foo).and_return([])
 
         expect {
-          Gauntlt::Attack.new(:foo, :attack_file => :bar)
-        }.to raise_error Gauntlt::Attack::NotFound
+          Gauntlt::Attack.new(:foo)
+        }.to raise_error Gauntlt::Attack::NoFilesFound
       end
     end
   end
 
-  describe :base_dir do
-    it "returns the full path for the attack.rb file" do
-      File.should_receive(:dirname).and_return(:foo)
-      File.should_receive(:expand_path).with(:foo)
-
-      subject.base_dir
-    end
-  end
-
-  describe :attacks_dir do
-    it "joins attacks to base_dir" do
-      subject.should_receive(:base_dir).and_return(:bar)
-      File.should_receive(:join).with(:bar, 'attack_adapters')
-
-      subject.attacks_dir
-    end
-  end
-
   describe :run do
     it "executes the attack file, specifies failure for undefined steps and specifies the attacks_dir" do
-      subject.should_receive(:attacks_dir).and_return('/bar')
-      subject.should_receive(:attack_file).and_return('/bar/baz.attack')
-
-      mock_io = mock('io')
-      mock_io.stub(:string)
-      StringIO.stub(:new).and_return(mock_io)
+      subject.should_receive(:adapters_dir).and_return('/bar')
+      subject.should_receive(:attack_files).and_return(['/bar/baz.attack'])
 
       mock_cli = mock(Cucumber::Cli::Main)
       mock_cli.should_receive(:execute!)
-      Cucumber::Cli::Main.should_receive(:new).with(['/bar/baz.attack', '--strict', '--require', '/bar'], mock_io).and_return(mock_cli)
+      Cucumber::Cli::Main.should_receive(:new).with(['/bar/baz.attack', '--strict', '--require', '/bar']).and_return(mock_cli)
 
-      subject.run
+      subject.run.should be_true
     end
 
     it "returns nil if if Cucumber::Cli::Main.execute succeeds (i.e. returns nil)" do