gauntlt 1.0.5 → 1.0.6

data/.gitmodules

@@ -10,3 +10,6 @@
 [submodule "features/support/scapegoat"]
 	path = features/support/scapegoat
 	url = git://github.com/gauntlt/scapegoat.git
+[submodule "vendor/railsgoat"]
+	path = vendor/railsgoat
+	url = git://github.com/OWASP/railsgoat.git

data/.travis.yml

@@ -7,6 +7,7 @@ before_install:
 before_script:
   - sudo apt-get install nmap
   - sudo apt-get install wget
+  - sudo apt-get install libcurl4-openssl-dev
   - export SSLYZE_PATH="/home/travis/build/gauntlt/gauntlt/vendor/sslyze/sslyze.py"
   - export SQLMAP_PATH="/home/travis/build/gauntlt/gauntlt/vendor/sqlmap/sqlmap.py"
   - 'cd vendor/Garmr && sudo python setup.py install && cd ../..'

data/README.md

@@ -1,4 +1,4 @@
-# gauntlt [![Build Status](https://secure.travis-ci.org/gauntlt/gauntlt.png?branch=master)](http://travis-ci.org/gauntlt/gauntlt) [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/gauntlt/gauntlt)
+# gauntlt [![Build Status](https://secure.travis-ci.org/gauntlt/gauntlt.png?branch=master)](http://travis-ci.org/gauntlt/gauntlt) [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/gauntlt/gauntlt) [![Gem Version](https://badge.fury.io/rb/gauntlt.png)](http://badge.fury.io/rb/gauntlt)
 
 gauntlt is a ruggedization framework
 
@@ -20,7 +20,7 @@ You will need ruby version `1.9.3` to run gauntlt, but you can run gauntlt again
     $ gem install gauntlt
     ```
 
-2. Create an attack file and put it anywhere you like
+2. Create an attack file and put it anywhere you like. (There is a more relevant example on gauntlt.org)
 
     ```gherkin
     # simplest.attack

data/config/cucumber.yml

@@ -0,0 +1 @@
+default: TEST_HOSTNAME=scanme.nmap.org

data/examples/arachni/arachni-xss.attack

@@ -1,18 +1,10 @@
 @slow
-Feature: Run dirb scan on a URL
+Feature: Look for cross site scripting (xss) using arachni against a URL
 
-Scenario: Use dirb to scan a website for basic security requirements and the DIRB_WORDLISTS environment variable must be set in your path.  You can use different wordlists by changing the environment variable.
-  Given "dirb" is installed
+Scenario: Using the arachni, look for cross site scripting and verify no issues are found
+  Given "arachni" is installed
   And the following profile:
      | name                | value                          |
-     | hostname            | https://google.com             |
-     | dirb_wordlists_path | Overwritten by $DIRB_WORDLISTS |
-     | wordlist            | vulns/tests.txt                |
-  When I launch a "dirb" attack with:
-  """
-  dirb <hostname> <dirb_wordlists_path>/<wordlist> 
-  """
-  Then the output should contain:
-  """
-  FOUND: 0
-  """
+     | url                 | http://scanme.nmap.org         |
+  When I launch an "arachni-simple_xss" attack
+  Then the output should contain "0 issues were detected."

data/examples/nmap/simple-env-var.attack

@@ -0,0 +1,25 @@
+@slow
+Feature: simple nmap attack (sanity check)
+
+  Background:
+    Given "nmap" is installed
+
+    And the following environment variables:
+      | name      | environment_variable_name |
+      | hostname  | TEST_HOSTNAME             |
+
+    And the following profile:
+      | name     | value |
+      | https_port | 443 |
+      | http_port  | 80  |
+
+  Scenario: Verify server is available on standard web ports
+    When I launch an "nmap" attack with:
+      """
+      nmap -p <http_port>,<https_port> <hostname>
+      """
+    Then the output should match /80.tcp\s+open/      
+    And the output should not match:
+      """
+      443/tcp\s+open 
+      """

data/features/attacks/nmap.feature

@@ -6,6 +6,7 @@ Feature: nmap attack
     And the following attack files exist:
     | filename              |
     | simple.attack         |
+    | simple-env-var.attack |
     | os_detection.attack   |
     | tcp_ping_ports.attack |
     | nmap.attack |
@@ -18,6 +19,13 @@ Feature: nmap attack
       5 steps (5 passed)
       """
 
+  Scenario: Simple nmap using environment variables attack
+    When I run `gauntlt simple-env-var.attack`
+    Then it should pass with:
+      """
+      6 steps (6 passed)
+      """
+
   Scenario: OS detection nmap attack
     When I run `gauntlt os_detection.attack`
     Then it should pass with:

data/gauntlt.gemspec

@@ -20,6 +20,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency "aruba"
   s.add_development_dependency "rake"
   s.add_development_dependency "sinatra"
+  s.add_development_dependency "arachni"
 
   s.add_runtime_dependency "cucumber"
   s.add_runtime_dependency "aruba"

data/lib/gauntlt/attack_adapters/arachni.rb

@@ -0,0 +1,17 @@
+Given /^"arachni" is installed$/ do
+  ensure_cli_installed("arachni")
+end
+
+When /^I launch (?:a|an) "arachni" attack with:$/ do | command |
+  run_with_profile command
+end
+
+When /^I launch (?:a|an) "arachni-(.*?)" attack$/ do | type |
+  attack_alias = 'arachni-' + type
+  attack = load_attack_alias(attack_alias)                
+  
+  Kernel.puts "Running a #{attack_alias} attack. This attack has this description:\n #{attack['description']}"
+  Kernel.puts "The #{attack_alias} attack requires the following to be set in the profile:\n #{attack['requires']}"
+  
+  run_with_profile attack['command']
+end

data/lib/gauntlt/attack_adapters/curl.rb

@@ -2,7 +2,7 @@ When /^"curl" is installed$/ do
   ensure_cli_installed("curl")
 end
 
-When /^I launch a "curl" attack with:$/ do |command|
+When /^I launch (?:a|an) "curl" attack with:$/ do |command|
   run_with_profile command
   @raw_curl_response = all_output # aruba defines all_output
 end
@@ -15,4 +15,4 @@ Then /^the following cookies should be received:$/ do |table|
     cookies.any?{|s| s =~ /^#{name}/}.should be_true
     # TODO: check other values in table
   end
-end
+end

data/lib/gauntlt/attack_adapters/dirb.rb

@@ -6,7 +6,7 @@ When /^the DIRB_WORDLISTS environment variable is set$/ do
   ensure_shell_variable_set("DIRB_WORDLISTS")
 end
 
-When /^I launch a "dirb" attack with:$/ do |command|
+When /^I launch (?:a|an) "dirb" attack with:$/ do |command|
   add_to_profile('dirb_wordlists_path', get_shell_variable("DIRB_WORDLISTS"))
   run_with_profile command
   @raw_dirb_output = all_output

data/lib/gauntlt/attack_adapters/garmr.rb

@@ -2,7 +2,7 @@ When /^"garmr" is installed$/ do
   ensure_cli_installed("garmr")
 end
 
-When /^I launch a "garmr" attack with:$/ do |command|
+When /^I launch (?:a|an) "garmr" attack with:$/ do |command|
   run_with_profile command
   @raw_garmr_output = all_output
-end
+end

data/lib/gauntlt/attack_adapters/gauntlt.rb

@@ -1,5 +1,11 @@
 require 'nokogiri'
 
+Given /^the following environment variables:$/ do |table|
+  table.hashes.each do |hsh|
+    add_to_profile_from_environment( hsh['name'], hsh['environment_variable_name'] )
+  end
+end
+
 Given /^the following profile:$/ do |table|
   table.hashes.each do |hsh|
     add_to_profile( hsh['name'], hsh['value'] )
@@ -16,4 +22,4 @@ When /^the file "(.*?)" should not contain XML:$/ do |filename, css_selectors|
   css_selectors.hashes.each do |row|
     assert_xml_does_not_include(filename, row['css'])
   end
-end
+end

data/lib/gauntlt/attack_adapters/generic.rb

@@ -1,4 +1,4 @@
-When /^I launch a "generic" attack with:$/ do |command|
+When /^I launch (?:a|an) "generic" attack with:$/ do |command|
   run_with_profile command
 end
 

data/lib/gauntlt/attack_adapters/nmap.rb

@@ -5,11 +5,11 @@ When /^"nmap" is installed$/ do
   ensure_cli_installed("nmap")
 end
 
-When /^I launch an "nmap" attack with:$/ do |command|
+When /^I launch (?:a|an) "nmap" attack with:$/ do |command|
   run_with_profile command
 end
 
-When /^I launch a "nmap-(.*?)" attack$/ do |type|
+When /^I launch (?:a|an) "nmap-(.*?)" attack$/ do |type|
   attack_alias = 'nmap-' + type
   nmap_attack = load_attack_alias(attack_alias)                
   

data/lib/gauntlt/attack_adapters/sqlmap.rb

@@ -2,8 +2,8 @@ Given /^"sqlmap" is installed$/ do
   ensure_python_script_installed('sqlmap')
 end
 
-When /^I launch an? "sqlmap" attack with:$/ do |command|
+When /^I launch (?:a|an) "sqlmap" attack with:$/ do |command|
   add_to_profile('sqlmap_path', path_to_python_script("sqlmap"))
 
   run_with_profile command
-end
+end

data/lib/gauntlt/attack_adapters/sslyze.rb

@@ -2,8 +2,8 @@ Given /^"sslyze" is installed$/ do
   ensure_python_script_installed('sslyze')
 end
 
-When /^I launch an "sslyze" attack with:$/ do |command|
+When /^I launch (?:a|an) "sslyze" attack with:$/ do |command|
   add_to_profile( 'sslyze', path_to_python_script('sslyze') )
 
   run_with_profile command
-end
+end

data/lib/gauntlt/attack_adapters/support/profile_helper.rb

@@ -10,6 +10,11 @@ module Gauntlt
         gauntlt_profile[k] = v
       end
 
+      def add_to_profile_from_environment(k,v)
+        puts "Overwriting profile with env value for #{k}" if gauntlt_profile.has_key?(k)
+        gauntlt_profile[k] = ENV[v]
+      end
+
       def run_with_profile(command_template)
         command = command_template.dup
 

data/lib/gauntlt/attack_aliases/arachni.json

@@ -0,0 +1,21 @@
+{ "arachni-simple_xss" : { "command" : "arachni --modules=xss --depth=1 --link-count=10 --auto-redundant=2 <url>",
+      "description" : "This is a scan for cross site scripting (xss) that only runs the base xss module in arachni.  The scan only crawls one level deep which makes it faster.  For more depth, run the gauntlt attack alias 'arachni-simple_xss_with_depth' and specifiy depth.",
+      "requires" : [ "<url>" ]
+    },
+  "arachni-simple_xss_with_depth" : { "command" : "arachni --modules=xss --depth=<depth> <url>",
+      "description" : "This is a scan for cross site scripting (xss) that only runs the base xss module in arachni.  The scan only crawls as many levels deep as you specify.  The higher the integer, the longer the scan will take to run.",
+      "requires" : [ "<url>", "<depth>"]
+    },
+  "arachni-full_xss" : { "command" : "arachni --modules=xss* --depth=1 --link-count=10 --auto-redundant=2 <url>",
+      "description" : "This is a scan for cross site scripting (xss) that only runs all the xss modules in arachni.  The scan only crawls one level deep, which makes it faster.  For more depth, run the gauntlt attack alias 'arachni-full_xss_with_depth' and specifiy depth.",
+      "requires" : [ "<url>" ]
+    },
+  "arachni-full_xss_with_depth" : { "command" : "arachni --modules=xss* --depth=<depth> <url>",
+      "description" : "This is a scan for cross site scripting (xss) that only runs all the xss modules in arachni.  The scan only crawls as many levels deep as you specify.  The higher the integer, the longer the scan will take to run.",
+      "requires" : [ "<url>", "<depth>"]
+    },
+  "arachni-xss_with_options" : { "command" : "arachni --modules=xss* --depth=<depth> --link-count=<link_count> --auto-redundant=<auto_redundant> <url>",
+      "description" : "This is a scan for cross site scripting (xss) that runs all the xss modules in arachni.  This requires to specify several options for the scan. The arachni wiki has information on what these options represent but generally as you increase their values, the scan takes longer to run. \nThe wiki for arachni is available here > https://github.com/Arachni/arachni/wiki/Command-line-user-interface. \nThe depth option is described here: https://github.com/Arachni/arachni/wiki/Command-line-user-interface#wiki-depth \nThe link_count option is described here: https://github.com/Arachni/arachni/wiki/Command-line-user-interface#wiki-link-count \nThe auto_redundant option is described here: https://github.com/Arachni/arachni/wiki/Command-line-user-interface#wiki-auto-redundant",
+      "requires" : [ "<url>", "<depth>", "<link_count>", "<auto_redundant>" ]
+    }
+}

data/lib/gauntlt/version.rb

@@ -1,3 +1,3 @@
 module Gauntlt
-  VERSION = "1.0.5"
+  VERSION = "1.0.6"
 end

data/ready_to_rumble.sh

@@ -5,8 +5,16 @@
 NMAP=`which nmap`
 GARMR=`which garmr`
 DIRB=`which dirb`
+ARACHNI=`which arachni`
+
 ERRORS=0
 
+if [ -z $ARACHNI ]
+  then
+    MESSAGE="It looks like you dont have arachni-web-scanner installed.  You should be able to do 'gem install arachni' to install it.  You might need to install libcurl first, on ubuntu you can run 'sudo apt-get install libcurl4-openssl-dev && gem install arachni' For more info on arachni, go to arachni-scanner.com"
+    ERRORS=$ERRORS+1 
+fi
+
 if [ -z $SSLYZE_PATH ]
   then
     MESSAGE="SSLYZE_PATH environment variable unset, try setting it to ./vendor/sslyze/sslyze.py if you havent updated the submodules we use in gauntlt, run this first: git submodule update --init --recursive"

metadata

@@ -1,7 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: gauntlt
 version: !ruby/object:Gem::Version
-  version: 1.0.5
+  version: 1.0.6
+  prerelease: 
 platform: ruby
 authors:
 - James Wickett
@@ -9,11 +10,12 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-08-07 00:00:00.000000000 Z
+date: 2013-08-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cucumber
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -21,6 +23,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -28,6 +31,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: aruba
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -35,6 +39,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -42,6 +47,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -49,6 +55,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -56,6 +63,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -63,6 +71,23 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: arachni
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -70,6 +95,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: cucumber
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -77,6 +103,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -84,6 +111,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: aruba
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -91,6 +119,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -98,6 +127,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -105,6 +135,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -112,6 +143,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: trollop
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -119,6 +151,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -141,6 +174,7 @@ files:
 - README.md
 - Rakefile
 - bin/gauntlt
+- config/cucumber.yml
 - config/warble.rb
 - examples/arachni/arachni-xss.attack
 - examples/curl/cookies.attack
@@ -151,6 +185,7 @@ files:
 - examples/generic/generic.attack
 - examples/nmap/nmap.attack
 - examples/nmap/os_detection.attack
+- examples/nmap/simple-env-var.attack
 - examples/nmap/simple.attack
 - examples/nmap/tcp_ping_ports.attack
 - examples/nmap/xml_output.attack
@@ -159,7 +194,7 @@ files:
 - examples/sqlmap/sqlmap.attack
 - examples/sslyze/sslyze.attack
 - features/attack.feature
-- features/attacks/arachni.notimplemented
+- features/attacks/arachni.feature
 - features/attacks/curl.feature
 - features/attacks/dirb.feature
 - features/attacks/garmr.feature
@@ -180,6 +215,7 @@ files:
 - gem_tasks/test.rake
 - lib/gauntlt.rb
 - lib/gauntlt/attack.rb
+- lib/gauntlt/attack_adapters/arachni.rb
 - lib/gauntlt/attack_adapters/curl.rb
 - lib/gauntlt/attack_adapters/dirb.rb
 - lib/gauntlt/attack_adapters/garmr.rb
@@ -195,6 +231,7 @@ files:
 - lib/gauntlt/attack_adapters/support/profile_helper.rb
 - lib/gauntlt/attack_adapters/support/python_script_helper.rb
 - lib/gauntlt/attack_adapters/support/xml_helper.rb
+- lib/gauntlt/attack_aliases/arachni.json
 - lib/gauntlt/attack_aliases/dirb.json
 - lib/gauntlt/attack_aliases/nmap.json
 - lib/gauntlt/runtime.rb
@@ -210,30 +247,31 @@ files:
 - vendor/sslyze_output.README
 homepage: https://github.com/gauntlt/gauntlt
 licenses: []
-metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.5
+rubygems_version: 1.8.25
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: behaviour-driven security using cucumber
 test_files:
 - features/attack.feature
-- features/attacks/arachni.notimplemented
+- features/attacks/arachni.feature
 - features/attacks/curl.feature
 - features/attacks/dirb.feature
 - features/attacks/garmr.feature

checksums.yaml

@@ -1,15 +0,0 @@
----
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    MGRkZWZiMTQ4ZDIyMzFjZmFhODk5ZjQyOTJhZmYwY2Y5NjY0NDdmMA==
-  data.tar.gz: !binary |-
-    MzI0YjBjNTRkMTI4ODAzMWExOWI4MWUyYmFhNjY1ZDg0NzQ2OGY0Mg==
-!binary "U0hBNTEy":
-  metadata.gz: !binary |-
-    MWU3MWJkZjI0ZWI1N2Q3M2I0NGI5MjlhM2U2MDFjMzE5ZjRlY2Y1YjFkNjc3
-    NGUwNjk3NzFiYmIyMTdhOTgzNGJiYTI5NGFhY2E0NWYxY2NjNGE2MjQyM2Rj
-    MDY0YmFmM2NiNDExYzZiYTYxMDUzMzhhODQ4NTA4OGQwNTNiZjI=
-  data.tar.gz: !binary |-
-    ODM4MzVjYTM1NGIyYTBlNGZmMjk2MGM3OGRlYWViMTg5MDUwYzhiMGY3ZGQw
-    NGFiY2EyYmI1MmU4YmU2MzAzNWI1NmEzYWFlZTZkMTA4OGI3ZGRkMTBhZGU0
-    MGM1NGUwNWJiMDFlZjM3NmI5NTE3MzBmNjM1YTAzOTUwY2RhYzU=