gauntlt 0.0.7 → 0.0.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (40) hide show
  1. data/.gitignore +2 -1
  2. data/.travis.yml +7 -1
  3. data/Gemfile +1 -1
  4. data/README.md +14 -8
  5. data/bin/gauntlt +28 -46
  6. data/examples/curl/cookies.attack +12 -0
  7. data/examples/curl/simple.attack +9 -0
  8. data/examples/curl/verbs.attack +19 -0
  9. data/examples/nmap/os_detection.attack +16 -0
  10. data/examples/nmap/simple.attack +16 -0
  11. data/examples/nmap/tcp_ping_ports.attack +16 -0
  12. data/examples/nmap/xml_output.attack +18 -0
  13. data/examples/sslyze/sslyze.attack +23 -0
  14. data/features/attack.feature +30 -19
  15. data/features/attacks/curl.feature +23 -15
  16. data/features/attacks/nmap.feature +16 -93
  17. data/features/attacks/sqlmap.feature +2 -3
  18. data/features/attacks/sslyze.feature +7 -29
  19. data/features/help.feature +3 -30
  20. data/features/step_definitions/config_steps.rb +1 -1
  21. data/features/step_definitions/support_steps.rb +15 -0
  22. data/features/support/hooks.rb +2 -2
  23. data/features/tags.feature +44 -0
  24. data/gauntlt.gemspec +0 -2
  25. data/lib/gauntlt.rb +7 -11
  26. data/lib/gauntlt/attack.rb +26 -22
  27. data/lib/gauntlt/attack_adapters/curl.rb +35 -1
  28. data/lib/gauntlt/attack_adapters/support/cli_helper.rb +1 -1
  29. data/lib/gauntlt/attack_adapters/support/cookie_helper.rb +3 -10
  30. data/lib/gauntlt/version.rb +1 -1
  31. data/spec/gauntlt/attack_spec.rb +13 -35
  32. data/spec/gauntlt_spec.rb +7 -14
  33. metadata +12 -30
  34. data/features/attacks/cookies.feature +0 -25
  35. data/features/attacks/http_methods.feature +0 -33
  36. data/features/step_definitions/aruba_extension_steps.rb +0 -3
  37. data/features/support/attack_steps.rb +0 -1
  38. data/features/support/profile/profile.xml +0 -5
  39. data/lib/gauntlt/attack_adapters/cookies.rb +0 -11
  40. data/lib/gauntlt/attack_adapters/http_methods.rb +0 -12
@@ -3,16 +3,9 @@ require 'spec_helper'
3
3
  describe Gauntlt do
4
4
  subject { Gauntlt }
5
5
 
6
- describe :has_attack? do
7
- it "returns true if an attack exists for the passed name" do
8
- subject.stub(:attacks).and_return(['foo'])
9
- subject.should have_attack('foo')
10
- end
11
- end
12
-
13
6
  describe :attacks do
14
7
  it "returns the names of all attack files in the attacks directory" do
15
- subject.stub(:attack_files).and_return([
8
+ subject.stub(:attack_adapters).and_return([
16
9
  '/foo/bar/a.rb',
17
10
  '/foo/bar/b.rb'
18
11
  ])
@@ -21,21 +14,21 @@ describe Gauntlt do
21
14
  end
22
15
  end
23
16
 
24
- describe :attack_files do
25
- it "returns the full path to each attack file" do
26
- stub_const "Gauntlt::ATTACK_GLOB_PATTERN",'foo'
17
+ describe :attack_adapters do
18
+ it "returns the full path to each attack adapter" do
19
+ stub_const "Gauntlt::ATTACK_ADAPTERS_GLOB_PATTERN",'foo'
27
20
  Dir.stub(:glob).with('foo').and_return(['bar', 'baz'])
28
- subject.attack_files.should == ['bar', 'baz']
21
+ subject.attack_adapters.should == ['bar', 'baz']
29
22
  end
30
23
  end
31
24
 
32
25
  describe :attack do
33
26
  it "runs the specified test with the passed options" do
34
27
  mock_test = mock('test')
35
- subject::Attack.should_receive(:new).with(:foo, :host => :bar).and_return(mock_test)
28
+ subject::Attack.should_receive(:new).with(:foo, []).and_return(mock_test)
36
29
  mock_test.should_receive(:run)
37
30
 
38
- subject.attack(:foo, :host => :bar)
31
+ subject.attack(:foo)
39
32
  end
40
33
  end
41
34
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gauntlt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.7
4
+ version: 0.0.8
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2012-08-11 00:00:00.000000000 Z
13
+ date: 2012-09-17 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: cucumber
@@ -108,22 +108,6 @@ dependencies:
108
108
  - - ! '>='
109
109
  - !ruby/object:Gem::Version
110
110
  version: '0'
111
- - !ruby/object:Gem::Dependency
112
- name: curb
113
- requirement: !ruby/object:Gem::Requirement
114
- none: false
115
- requirements:
116
- - - ! '>='
117
- - !ruby/object:Gem::Version
118
- version: '0'
119
- type: :runtime
120
- prerelease: false
121
- version_requirements: !ruby/object:Gem::Requirement
122
- none: false
123
- requirements:
124
- - - ! '>='
125
- - !ruby/object:Gem::Version
126
- version: '0'
127
111
  - !ruby/object:Gem::Dependency
128
112
  name: nokogiri
129
113
  requirement: !ruby/object:Gem::Requirement
@@ -174,32 +158,34 @@ files:
174
158
  - README.md
175
159
  - Rakefile
176
160
  - bin/gauntlt
161
+ - examples/curl/cookies.attack
162
+ - examples/curl/simple.attack
163
+ - examples/curl/verbs.attack
177
164
  - examples/nmap/nmap.attack
165
+ - examples/nmap/os_detection.attack
166
+ - examples/nmap/simple.attack
167
+ - examples/nmap/tcp_ping_ports.attack
168
+ - examples/nmap/xml_output.attack
169
+ - examples/sslyze/sslyze.attack
178
170
  - features/attack.feature
179
- - features/attacks/cookies.feature
180
171
  - features/attacks/curl.feature
181
- - features/attacks/http_methods.feature
182
172
  - features/attacks/nmap.feature
183
173
  - features/attacks/sqlmap.feature
184
174
  - features/attacks/sslyze.feature
185
175
  - features/help.feature
186
176
  - features/report.feature
187
- - features/step_definitions/aruba_extension_steps.rb
188
177
  - features/step_definitions/config_steps.rb
189
178
  - features/step_definitions/support_steps.rb
190
179
  - features/support/aruba.rb
191
- - features/support/attack_steps.rb
192
180
  - features/support/env.rb
193
181
  - features/support/hooks.rb
194
- - features/support/profile/profile.xml
182
+ - features/tags.feature
195
183
  - gauntlt.gemspec
196
184
  - gem_tasks/cucumber.rake
197
185
  - gem_tasks/rspec.rake
198
186
  - lib/gauntlt.rb
199
187
  - lib/gauntlt/attack.rb
200
- - lib/gauntlt/attack_adapters/cookies.rb
201
188
  - lib/gauntlt/attack_adapters/curl.rb
202
- - lib/gauntlt/attack_adapters/http_methods.rb
203
189
  - lib/gauntlt/attack_adapters/nmap.rb
204
190
  - lib/gauntlt/attack_adapters/sqlmap.rb
205
191
  - lib/gauntlt/attack_adapters/sslyze.rb
@@ -240,22 +226,18 @@ specification_version: 3
240
226
  summary: behaviour-driven security using cucumber
241
227
  test_files:
242
228
  - features/attack.feature
243
- - features/attacks/cookies.feature
244
229
  - features/attacks/curl.feature
245
- - features/attacks/http_methods.feature
246
230
  - features/attacks/nmap.feature
247
231
  - features/attacks/sqlmap.feature
248
232
  - features/attacks/sslyze.feature
249
233
  - features/help.feature
250
234
  - features/report.feature
251
- - features/step_definitions/aruba_extension_steps.rb
252
235
  - features/step_definitions/config_steps.rb
253
236
  - features/step_definitions/support_steps.rb
254
237
  - features/support/aruba.rb
255
- - features/support/attack_steps.rb
256
238
  - features/support/env.rb
257
239
  - features/support/hooks.rb
258
- - features/support/profile/profile.xml
240
+ - features/tags.feature
259
241
  - spec/gauntlt/attack_spec.rb
260
242
  - spec/gauntlt_spec.rb
261
243
  - spec/spec_helper.rb
@@ -1,25 +0,0 @@
1
- Feature: Cookies attack
2
-
3
- Scenario: Launch cookies attack
4
- Given an attack "cookies" exists
5
- And a file named "cookies.attack" with:
6
- """
7
- Feature: Evaluate received cookies against expected.
8
-
9
- Background:
10
- Given "curl" is installed
11
- And the target hostname is "google.com"
12
-
13
- Scenario: Verify server is returning the cookies expected
14
- When I launch a "cookies" attack
15
- Then the following cookies should be received:
16
- | name | secure | _rest |
17
- | PREF | false | {} |
18
- | NID | false | {'HttpOnly': None} |
19
- """
20
- When I run `gauntlt attack --name cookies --attack-file cookies.attack`
21
- Then it should pass
22
- And the output should contain:
23
- """
24
- 4 steps (4 passed)
25
- """
@@ -1,33 +0,0 @@
1
- Feature: http_methods attack
2
- Background:
3
- Given an attack "http_methods" exists
4
-
5
- Scenario: http methods
6
- Given a file named "http_methods.attack" with:
7
- """
8
- Feature: Evaluate responses to various HTTP methods.
9
-
10
- Background:
11
- Given "curl" is installed
12
- And the target hostname is "google.com"
13
-
14
- Scenario Outline: Verify server responds correctly to various HTTP methods
15
- When I launch a "curl" attack with:
16
- \"\"\"
17
- curl -i -X <method> <hostname>
18
- \"\"\"
19
- Then the output should contain "<response>"
20
- Examples:
21
- | method | response |
22
- | delete | Error 405 (Method Not Allowed) |
23
- | patch | Error 405 (Method Not Allowed) |
24
- | trace | Error 405 (Method Not Allowed) |
25
- | track | Error 405 (Method Not Allowed) |
26
- | bogus | Error 405 (Method Not Allowed) |
27
- """
28
- When I run `gauntlt attack --name http_methods --attack-file http_methods.attack`
29
- Then it should pass
30
- And the output should contain:
31
- """
32
- 5 scenarios (5 passed)
33
- """
@@ -1,3 +0,0 @@
1
- Then /^it should pass$/ do
2
- assert_success(true)
3
- end
@@ -1 +0,0 @@
1
- require 'gauntlt'
@@ -1,5 +0,0 @@
1
- <app>
2
- <name>google</name>
3
- <hostname>www.google.com</hostname>
4
- <login>https://www.example.com/login.php</login>
5
- </app>
@@ -1,11 +0,0 @@
1
- When /^I launch a "cookies" attack$/ do
2
- set_cookies( cookies_for(hostname) )
3
- end
4
-
5
- Then /^the following cookies should be received:$/ do |table|
6
- names = table.hashes.map{|h| h['name'] }
7
- names.each do |name|
8
- cookies.any?{|s| s =~ /^#{name}/}.should be_true
9
- # TODO: check other values in table
10
- end
11
- end
@@ -1,12 +0,0 @@
1
- When /^"curl" is installed$/ do
2
- ensure_cli_installed("curl")
3
- end
4
-
5
- When /^I launch a "curl" attack$/ do
6
- @response = Curl::Easy.http_get(hostname)
7
- end
8
-
9
- When /^I launch a "curl" attack with:$/ do |command|
10
- command.gsub!('<hostname>', hostname)
11
- run command
12
- end