gauntlt 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitmodules +3 -0
- data/.travis.yml +3 -3
- data/README.md +2 -0
- data/examples/curl/cookies.attack +4 -1
- data/examples/curl/simple.attack +8 -2
- data/examples/garmr/garmr.attack +13 -0
- data/examples/sqlmap/sqlmap.attack +1 -1
- data/examples/sslyze/sslyze.attack +1 -1
- data/features/attacks/curl.feature +1 -0
- data/features/attacks/garmr.feature +15 -0
- data/features/attacks/generic.feature +1 -0
- data/features/support/scapegoat/scapegoat.rb +10 -16
- data/features/support/scapegoat/views/index.erb +17 -0
- data/features/support/scapegoat/views/inline_js.erb +3 -0
- data/features/support/scapegoat/views/layout.erb +9 -2
- data/lib/gauntlt/attack_adapters/curl.rb +3 -21
- data/lib/gauntlt/attack_adapters/garmr.rb +9 -0
- data/lib/gauntlt/attack_adapters/support/cookie_helper.rb +3 -3
- data/lib/gauntlt/attack_adapters/support/profile_helper.rb +1 -1
- data/lib/gauntlt/version.rb +1 -1
- metadata +10 -2
data/.gitmodules
CHANGED
data/.travis.yml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
language: ruby
|
2
2
|
rvm:
|
3
3
|
- 1.9.3
|
4
|
-
- jruby-
|
4
|
+
- jruby-head
|
5
5
|
before_install:
|
6
6
|
- git submodule update --init --recursive
|
7
7
|
before_script:
|
8
8
|
- sudo apt-get install nmap
|
9
9
|
- export SSLYZE_PATH="/home/vagrant/builds/thegauntlet/gauntlt/vendor/sslyze/sslyze.py"
|
10
10
|
- export SQLMAP_PATH="/home/vagrant/builds/thegauntlet/gauntlt/vendor/sqlmap/sqlmap.py"
|
11
|
-
|
11
|
+
- 'cd vendor/Garmr && sudo python setup.py install && sudo easy_install BeautifulSoup && cd ../..'
|
12
12
|
|
13
13
|
matrix:
|
14
14
|
allow_failures:
|
15
|
-
- rvm: jruby-
|
15
|
+
- rvm: jruby-head
|
data/README.md
CHANGED
@@ -10,6 +10,8 @@ Have questions? Ask us anything on the [gauntlt google group](http://bit.ly/gau
|
|
10
10
|
|
11
11
|
## GET STARTED
|
12
12
|
|
13
|
+
Note: if you are new to gauntlt, have a look at [gauntlt-starter-kit](https://github.com/thegauntlet/gauntlt-starter-kit), which is the easiest way to get up and running with gauntlt.
|
14
|
+
|
13
15
|
You will need ruby version `1.9.3` to run gauntlt, but you can run gauntlt against applications built with any language or platform.
|
14
16
|
|
15
17
|
1. Install the gem
|
@@ -5,7 +5,10 @@ Background:
|
|
5
5
|
And the target hostname is "google.com"
|
6
6
|
|
7
7
|
Scenario: Verify server is returning the cookies expected
|
8
|
-
When I launch a "
|
8
|
+
When I launch a "curl" attack with:
|
9
|
+
"""
|
10
|
+
curl --include --location --head --silent <hostname>
|
11
|
+
"""
|
9
12
|
Then the following cookies should be received:
|
10
13
|
| name | secure | _rest |
|
11
14
|
| PREF | false | {} |
|
data/examples/curl/simple.attack
CHANGED
@@ -5,5 +5,11 @@ Background:
|
|
5
5
|
And the target hostname is "google.com"
|
6
6
|
|
7
7
|
Scenario: Verify a 301 is received from a curl
|
8
|
-
When I launch a "curl" attack
|
9
|
-
|
8
|
+
When I launch a "curl" attack with:
|
9
|
+
"""
|
10
|
+
curl --silent --output /dev/null --write-out "%{http_code}" <hostname>
|
11
|
+
"""
|
12
|
+
Then it should pass with exactly:
|
13
|
+
"""
|
14
|
+
301
|
15
|
+
"""
|
@@ -0,0 +1,13 @@
|
|
1
|
+
Feature: Run garmr scan on a URL
|
2
|
+
|
3
|
+
Scenario: Use Garmr to scan a website for basic security requirements
|
4
|
+
Given "garmr" is installed
|
5
|
+
And the target URL is "http://localhost:9292/inline-js"
|
6
|
+
When I launch a "garmr" attack with:
|
7
|
+
"""
|
8
|
+
garmr -u <target_url>
|
9
|
+
"""
|
10
|
+
Then it should pass with:
|
11
|
+
"""
|
12
|
+
[Garmr.corechecks.InlineJS] Fail Inline JavaScript found
|
13
|
+
"""
|
@@ -6,7 +6,7 @@ Scenario: Identify SQL injection vulnerabilities
|
|
6
6
|
And the target URL is "http://localhost:9292/sql-injection?number_id=1"
|
7
7
|
When I launch a "sqlmap" attack with:
|
8
8
|
"""
|
9
|
-
|
9
|
+
python <sqlmap_path> -u <target_url> --dbms sqlite --batch -v 0
|
10
10
|
"""
|
11
11
|
Then the output should contain:
|
12
12
|
"""
|
@@ -0,0 +1,15 @@
|
|
1
|
+
Feature: Garmr scan
|
2
|
+
Background:
|
3
|
+
Given an attack "curl" exists
|
4
|
+
And scapegoat is running on port 9292
|
5
|
+
And an attack "garmr" exists
|
6
|
+
And I copy the attack files from the "examples/garmr" folder
|
7
|
+
And the following attack files exist:
|
8
|
+
| filename |
|
9
|
+
| garmr.attack |
|
10
|
+
When I run `gauntlt`
|
11
|
+
Then it should pass with:
|
12
|
+
"""
|
13
|
+
4 steps (4 passed)
|
14
|
+
"""
|
15
|
+
And scapegoat should quit
|
@@ -28,23 +28,13 @@ SQL
|
|
28
28
|
end
|
29
29
|
|
30
30
|
class Gauntlt::Scapegoat < Sinatra::Base
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
______________________
|
37
|
-
< Welcome to scapegoat >
|
38
|
-
----------------------
|
39
|
-
\\
|
40
|
-
\\ (__)
|
41
|
-
(\\/)
|
42
|
-
/-------\\/
|
43
|
-
/ | ||
|
44
|
-
/ ||----||
|
45
|
-
~~ ~~
|
31
|
+
helpers do
|
32
|
+
def page_title
|
33
|
+
end
|
34
|
+
end
|
46
35
|
|
47
|
-
|
36
|
+
get '/' do
|
37
|
+
erb :index
|
48
38
|
end
|
49
39
|
|
50
40
|
# sqlmap.py -u "http://localhost:9292/sql-injection?number_id=1" --dbms sqlite
|
@@ -60,6 +50,10 @@ EOS
|
|
60
50
|
erb :sqlmap, :locals => {:result => result}
|
61
51
|
end
|
62
52
|
|
53
|
+
get '/inline-js' do
|
54
|
+
erb :inline_js
|
55
|
+
end
|
56
|
+
|
63
57
|
run! if app_file == $0
|
64
58
|
end
|
65
59
|
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
<pre>
|
2
|
+
|
3
|
+
______________________
|
4
|
+
< Welcome to scapegoat >
|
5
|
+
----------------------
|
6
|
+
\\
|
7
|
+
\\ (__)
|
8
|
+
(\\/)
|
9
|
+
/-------\\/
|
10
|
+
/ | ||
|
11
|
+
/ ||----||
|
12
|
+
~~ ~~
|
13
|
+
|
14
|
+
|
15
|
+
Available goats: * <a href="/sql-injection">sql-goat</a>
|
16
|
+
* <a href="/inline-js">inline js</a>
|
17
|
+
</pre>
|
@@ -2,33 +2,15 @@ When /^"curl" is installed$/ do
|
|
2
2
|
ensure_cli_installed("curl")
|
3
3
|
end
|
4
4
|
|
5
|
-
When /^I launch a "curl" attack$/ do
|
6
|
-
# curl custom output
|
7
|
-
# from:
|
8
|
-
# http://beerpla.net/2010/06/10/how-to-display-just-the-http-response-code-in-cli-curl/
|
9
|
-
#
|
10
|
-
# for more output variables, see:
|
11
|
-
# http://man.he.net/man1/curl
|
12
|
-
@raw_response = `curl --silent --output /dev/null --write-out "%{http_code}" "#{hostname}"`
|
13
|
-
@response = {
|
14
|
-
:code => @raw_response
|
15
|
-
}
|
16
|
-
end
|
17
|
-
|
18
5
|
When /^I launch a "curl" attack with:$/ do |command|
|
19
6
|
command.gsub!('<hostname>', hostname)
|
20
7
|
run command
|
21
|
-
|
22
|
-
|
23
|
-
Then /^the response code should be "(.*?)"$/ do |http_code|
|
24
|
-
@response[:code].should == http_code
|
25
|
-
end
|
26
|
-
|
27
|
-
When /^I launch a "cookies" attack$/ do
|
28
|
-
set_cookies( cookies_for(hostname) )
|
8
|
+
@raw_curl_response = all_output # aruba defines all_output
|
29
9
|
end
|
30
10
|
|
31
11
|
Then /^the following cookies should be received:$/ do |table|
|
12
|
+
set_cookies( cookies_for_last_curl_request )
|
13
|
+
|
32
14
|
names = table.hashes.map{|h| h['name'] }
|
33
15
|
names.each do |name|
|
34
16
|
cookies.any?{|s| s =~ /^#{name}/}.should be_true
|
@@ -1,10 +1,10 @@
|
|
1
1
|
module Gauntlt
|
2
2
|
module Support
|
3
3
|
module CookieHelper
|
4
|
-
def
|
5
|
-
|
4
|
+
def cookies_for_last_curl_request
|
5
|
+
raise "no curl output found!" unless @raw_curl_response
|
6
6
|
|
7
|
-
|
7
|
+
@raw_curl_response.scan(/^Set-Cookie:.+$/).map do |header|
|
8
8
|
"#{$1}=#{$2}" if header =~ /^Set-Cookie: ([^=]+)=([^;]+;)/
|
9
9
|
end
|
10
10
|
end
|
data/lib/gauntlt/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: gauntlt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2012-10-
|
13
|
+
date: 2012-10-27 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: cucumber
|
@@ -161,6 +161,7 @@ files:
|
|
161
161
|
- examples/curl/cookies.attack
|
162
162
|
- examples/curl/simple.attack
|
163
163
|
- examples/curl/verbs.attack
|
164
|
+
- examples/garmr/garmr.attack
|
164
165
|
- examples/generic/generic.attack
|
165
166
|
- examples/nmap/nmap.attack
|
166
167
|
- examples/nmap/os_detection.attack
|
@@ -171,6 +172,7 @@ files:
|
|
171
172
|
- examples/sslyze/sslyze.attack
|
172
173
|
- features/attack.feature
|
173
174
|
- features/attacks/curl.feature
|
175
|
+
- features/attacks/garmr.feature
|
174
176
|
- features/attacks/generic.feature
|
175
177
|
- features/attacks/nmap.feature
|
176
178
|
- features/attacks/sqlmap.feature
|
@@ -183,6 +185,8 @@ files:
|
|
183
185
|
- features/support/env.rb
|
184
186
|
- features/support/hooks.rb
|
185
187
|
- features/support/scapegoat/scapegoat.rb
|
188
|
+
- features/support/scapegoat/views/index.erb
|
189
|
+
- features/support/scapegoat/views/inline_js.erb
|
186
190
|
- features/support/scapegoat/views/layout.erb
|
187
191
|
- features/support/scapegoat/views/sqlmap.erb
|
188
192
|
- features/tags.feature
|
@@ -192,6 +196,7 @@ files:
|
|
192
196
|
- lib/gauntlt.rb
|
193
197
|
- lib/gauntlt/attack.rb
|
194
198
|
- lib/gauntlt/attack_adapters/curl.rb
|
199
|
+
- lib/gauntlt/attack_adapters/garmr.rb
|
195
200
|
- lib/gauntlt/attack_adapters/gauntlt.rb
|
196
201
|
- lib/gauntlt/attack_adapters/generic.rb
|
197
202
|
- lib/gauntlt/attack_adapters/nmap.rb
|
@@ -236,6 +241,7 @@ summary: behaviour-driven security using cucumber
|
|
236
241
|
test_files:
|
237
242
|
- features/attack.feature
|
238
243
|
- features/attacks/curl.feature
|
244
|
+
- features/attacks/garmr.feature
|
239
245
|
- features/attacks/generic.feature
|
240
246
|
- features/attacks/nmap.feature
|
241
247
|
- features/attacks/sqlmap.feature
|
@@ -248,6 +254,8 @@ test_files:
|
|
248
254
|
- features/support/env.rb
|
249
255
|
- features/support/hooks.rb
|
250
256
|
- features/support/scapegoat/scapegoat.rb
|
257
|
+
- features/support/scapegoat/views/index.erb
|
258
|
+
- features/support/scapegoat/views/inline_js.erb
|
251
259
|
- features/support/scapegoat/views/layout.erb
|
252
260
|
- features/support/scapegoat/views/sqlmap.erb
|
253
261
|
- features/tags.feature
|