gauntlt 1.0.6 → 1.0.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +4 -0
- data/.gitmodules +0 -6
- data/.travis.yml +1 -1
- data/Gemfile +4 -0
- data/README.md +4 -0
- data/config/services.rb +14 -0
- data/features/attack.feature +1 -1
- data/features/attacks/garmr.feature +0 -3
- data/features/attacks/{sqlmap.feature → sqlmap.broken} +0 -0
- data/features/step_definitions/support_steps.rb +0 -33
- data/features/support/services.rb +3 -0
- data/gauntlt.gemspec +11 -9
- data/lib/gauntlt/patches/errors.rb +10 -0
- data/lib/gauntlt/runtime.rb +4 -6
- data/lib/gauntlt/version.rb +1 -1
- metadata +42 -118
- data/examples/arachni/arachni-xss.attack +0 -10
- data/examples/curl/cookies.attack +0 -17
- data/examples/curl/simple.attack +0 -17
- data/examples/curl/verbs.attack +0 -21
- data/examples/garmr/garmr.attack +0 -21
- data/examples/generic/generic.attack +0 -19
- data/examples/nmap/nmap.attack +0 -48
- data/examples/nmap/os_detection.attack +0 -18
- data/examples/nmap/simple-env-var.attack +0 -25
- data/examples/nmap/simple.attack +0 -20
- data/examples/nmap/tcp_ping_ports.attack +0 -18
- data/examples/nmap/xml_output.attack +0 -21
- data/examples/simplest.attack +0 -10
- data/examples/simplest.audit +0 -10
- data/examples/sqlmap/sqlmap.attack +0 -26
- data/examples/sslyze/sslyze.attack +0 -17
- data/ready_to_rumble.sh +0 -63
- data/vendor/sslyze_output.README +0 -91
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: f86cdfaa7fd94ba53f0f403343a7f77e5314ca8b
|
4
|
+
data.tar.gz: 52c5aed3faff43e169f43847062151b4996f8c13
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 5e5d76e535ddd2818c08d52470e748b750eba34bdd836d4088f6e1f022fecbee0a42f6093e31d2d8a432a9352f41dd529d2f941477c6bb2f6f3f1b516b488232
|
7
|
+
data.tar.gz: 67bf0684a67d349549dc6007926fe48a5f5f54889cedd3486e3214308dfcdd36c7a070495b38864378a678e5d2bf705e8af656438e13230e1effc1bc3a532f32
|
data/.gitignore
CHANGED
data/.gitmodules
CHANGED
@@ -7,9 +7,3 @@
|
|
7
7
|
[submodule "vendor/Garmr"]
|
8
8
|
path = vendor/Garmr
|
9
9
|
url = git://github.com/mozilla/Garmr.git
|
10
|
-
[submodule "features/support/scapegoat"]
|
11
|
-
path = features/support/scapegoat
|
12
|
-
url = git://github.com/gauntlt/scapegoat.git
|
13
|
-
[submodule "vendor/railsgoat"]
|
14
|
-
path = vendor/railsgoat
|
15
|
-
url = git://github.com/OWASP/railsgoat.git
|
data/.travis.yml
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
language: ruby
|
2
2
|
rvm:
|
3
3
|
- 1.9.3
|
4
|
-
- jruby-head
|
5
4
|
before_install:
|
6
5
|
- git submodule update --init --recursive
|
7
6
|
before_script:
|
8
7
|
- sudo apt-get install nmap
|
9
8
|
- sudo apt-get install wget
|
9
|
+
- sudo apt-get install unzip
|
10
10
|
- sudo apt-get install libcurl4-openssl-dev
|
11
11
|
- export SSLYZE_PATH="/home/travis/build/gauntlt/gauntlt/vendor/sslyze/sslyze.py"
|
12
12
|
- export SQLMAP_PATH="/home/travis/build/gauntlt/gauntlt/vendor/sqlmap/sqlmap.py"
|
data/Gemfile
CHANGED
@@ -2,8 +2,12 @@ source 'https://rubygems.org'
|
|
2
2
|
|
3
3
|
gemspec
|
4
4
|
|
5
|
+
# to get railsgoat working
|
6
|
+
gem 'service_manager'
|
7
|
+
|
5
8
|
gem 'debugger', :platform => :mri
|
6
9
|
gem 'ruby-debug-base', :platform => :jruby
|
7
10
|
|
8
11
|
gem 'sqlite3', :platform => :mri
|
9
12
|
gem 'jdbc-sqlite3', :platform => :jruby
|
13
|
+
|
data/README.md
CHANGED
@@ -176,3 +176,7 @@ gauntlt is licensed under The MIT License. See the LICENSE file in the repo or v
|
|
176
176
|
[sslyze]: https://github.com/iSECPartners/sslyze
|
177
177
|
[sqlmap]: http://sqlmap.org
|
178
178
|
[garmr]: https://github.com/mozilla/Garmr
|
179
|
+
|
180
|
+
|
181
|
+
[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/gauntlt/gauntlt/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
|
182
|
+
|
data/config/services.rb
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
require 'service_manager'
|
2
|
+
|
3
|
+
Bundler.with_clean_env do
|
4
|
+
Dir.chdir "./vendor/gruyere" do
|
5
|
+
end
|
6
|
+
|
7
|
+
ServiceManager.define_service "gruyere" do |s|
|
8
|
+
s.start_cmd = "./launch_for_service_manager.sh"
|
9
|
+
s.loaded_cue = /Gruyere started.../
|
10
|
+
s.cwd = Dir.pwd + "/vendor/gruyere/"
|
11
|
+
s.host = "localhost"
|
12
|
+
s.port = 8008
|
13
|
+
end
|
14
|
+
end
|
data/features/attack.feature
CHANGED
@@ -1,8 +1,6 @@
|
|
1
|
-
@scapegoat
|
2
1
|
Feature: Garmr scan
|
3
2
|
Background:
|
4
3
|
Given an attack "garmr" exists
|
5
|
-
And scapegoat is running on port 9292
|
6
4
|
And I copy the attack files from the "examples/garmr" folder
|
7
5
|
And the following attack files exist:
|
8
6
|
| filename |
|
@@ -12,4 +10,3 @@ Feature: Garmr scan
|
|
12
10
|
"""
|
13
11
|
6 steps (6 passed)
|
14
12
|
"""
|
15
|
-
And scapegoat should quit
|
File without changes
|
@@ -18,36 +18,3 @@ Given /^the following attack files exist:$/ do |table|
|
|
18
18
|
check_file_presence [hsh['filename']], true
|
19
19
|
end
|
20
20
|
end
|
21
|
-
|
22
|
-
require 'rack/handler/webrick'
|
23
|
-
Given /^scapegoat is running on port (\d+)$/ do |port|
|
24
|
-
if Scapegoat.running?
|
25
|
-
if Scapegoat.port != port.to_i
|
26
|
-
raise "Scapegoat already running on port #{Scapegoat.port} (not #{port})"
|
27
|
-
end
|
28
|
-
else
|
29
|
-
Scapegoat.set :port, port.to_i
|
30
|
-
Scapegoat.set :logging, nil
|
31
|
-
|
32
|
-
if RUBY_PLATFORM == 'java'
|
33
|
-
Thread.new { Scapegoat.run! }
|
34
|
-
else
|
35
|
-
@scapegoat_pid = Process.fork do
|
36
|
-
trap(:INT) { ::Rack::Handler::WEBrick.shutdown }
|
37
|
-
Scapegoat.run!
|
38
|
-
exit # manually exit; otherwise this sub-process will re-run the specs that haven't run yet.
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
|
44
|
-
Then /^scapegoat should quit$/ do
|
45
|
-
if @scapegoat_pid
|
46
|
-
Process.kill('INT', @scapegoat_pid)
|
47
|
-
begin
|
48
|
-
Process.wait(@scapegoat_pid)
|
49
|
-
rescue Errno::ECHILD
|
50
|
-
# ignore this error...I think it means the child process has already exited.
|
51
|
-
end
|
52
|
-
end
|
53
|
-
end
|
data/gauntlt.gemspec
CHANGED
@@ -7,23 +7,25 @@ Gem::Specification.new do |s|
|
|
7
7
|
s.version = Gauntlt::VERSION
|
8
8
|
s.authors = ["James Wickett", "Mani Tadayon"]
|
9
9
|
s.email = ["james@gauntlt.org"]
|
10
|
+
s.license = 'MIT'
|
10
11
|
s.homepage = "https://github.com/gauntlt/gauntlt"
|
11
12
|
s.summary = %q{behaviour-driven security using cucumber}
|
12
13
|
s.description = %q{Using standard Gherkin language to define security tests, gauntlt happily wraps cucumber functionality and provides a security testing framework that security engineers, developers and operations teams can collaborate on together.}
|
13
14
|
|
14
15
|
s.files = `git ls-files`.split("\n")
|
16
|
+
s.files.reject! { |fn| fn.include? "vendor" }
|
17
|
+
s.files.reject! { |fn| fn.include? "examples" }
|
18
|
+
s.files.reject! { |fn| fn.include? "ready_to_rumble" }
|
15
19
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
16
20
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
17
21
|
s.require_paths = ["lib"]
|
18
22
|
|
19
|
-
s.add_development_dependency
|
20
|
-
s.add_development_dependency
|
21
|
-
|
22
|
-
s.
|
23
|
-
s.
|
23
|
+
s.add_development_dependency 'rake', '~> 10.1'
|
24
|
+
s.add_development_dependency 'arachni', '~> 0.4'
|
25
|
+
|
26
|
+
s.add_runtime_dependency 'cucumber', '= 1.3.11'
|
27
|
+
s.add_runtime_dependency 'aruba', '= 0.5.4'
|
28
|
+
s.add_runtime_dependency 'nokogiri', '= 1.6.1'
|
29
|
+
s.add_runtime_dependency 'trollop', '~> 2.0'
|
24
30
|
|
25
|
-
s.add_runtime_dependency "cucumber"
|
26
|
-
s.add_runtime_dependency "aruba"
|
27
|
-
s.add_runtime_dependency "nokogiri", "~>1.5.0"
|
28
|
-
s.add_runtime_dependency "trollop"
|
29
31
|
end
|
data/lib/gauntlt/runtime.rb
CHANGED
@@ -1,8 +1,10 @@
|
|
1
1
|
require 'cucumber'
|
2
2
|
require 'cucumber/runtime'
|
3
3
|
require 'cucumber/cli/main'
|
4
|
+
require 'gauntlt/patches/errors.rb'
|
4
5
|
|
5
6
|
module Gauntlt
|
7
|
+
|
6
8
|
class Runtime
|
7
9
|
class NoFilesFound < StandardError; end
|
8
10
|
class ExecutionFailed < StandardError; end
|
@@ -18,7 +20,7 @@ module Gauntlt
|
|
18
20
|
end
|
19
21
|
|
20
22
|
def cuke_cli
|
21
|
-
args = attack_files + ['--strict', '--require', self.class.adapters_dir]
|
23
|
+
args = attack_files + ['--strict', '--no-snippets', '--require', self.class.adapters_dir]
|
22
24
|
args += ['--tags', tags] unless tags.empty?
|
23
25
|
args += ['--format', format] unless format.nil?
|
24
26
|
|
@@ -34,11 +36,7 @@ module Gauntlt
|
|
34
36
|
end
|
35
37
|
|
36
38
|
def execute!
|
37
|
-
|
38
|
-
raise ExecutionFailed.new("Bad or undefined attack!")
|
39
|
-
else # cucumber executed successfully, returning false
|
40
|
-
true
|
41
|
-
end
|
39
|
+
cuke_cli.execute!
|
42
40
|
end
|
43
41
|
|
44
42
|
class << self
|
data/lib/gauntlt/version.rb
CHANGED
metadata
CHANGED
@@ -1,8 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: gauntlt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
5
|
-
prerelease:
|
4
|
+
version: 1.0.8
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- James Wickett
|
@@ -10,152 +9,92 @@ authors:
|
|
10
9
|
autorequire:
|
11
10
|
bindir: bin
|
12
11
|
cert_chain: []
|
13
|
-
date:
|
12
|
+
date: 2014-03-06 00:00:00.000000000 Z
|
14
13
|
dependencies:
|
15
|
-
- !ruby/object:Gem::Dependency
|
16
|
-
name: cucumber
|
17
|
-
requirement: !ruby/object:Gem::Requirement
|
18
|
-
none: false
|
19
|
-
requirements:
|
20
|
-
- - ~>
|
21
|
-
- !ruby/object:Gem::Version
|
22
|
-
version: 1.2.0
|
23
|
-
type: :development
|
24
|
-
prerelease: false
|
25
|
-
version_requirements: !ruby/object:Gem::Requirement
|
26
|
-
none: false
|
27
|
-
requirements:
|
28
|
-
- - ~>
|
29
|
-
- !ruby/object:Gem::Version
|
30
|
-
version: 1.2.0
|
31
|
-
- !ruby/object:Gem::Dependency
|
32
|
-
name: aruba
|
33
|
-
requirement: !ruby/object:Gem::Requirement
|
34
|
-
none: false
|
35
|
-
requirements:
|
36
|
-
- - ! '>='
|
37
|
-
- !ruby/object:Gem::Version
|
38
|
-
version: '0'
|
39
|
-
type: :development
|
40
|
-
prerelease: false
|
41
|
-
version_requirements: !ruby/object:Gem::Requirement
|
42
|
-
none: false
|
43
|
-
requirements:
|
44
|
-
- - ! '>='
|
45
|
-
- !ruby/object:Gem::Version
|
46
|
-
version: '0'
|
47
14
|
- !ruby/object:Gem::Dependency
|
48
15
|
name: rake
|
49
16
|
requirement: !ruby/object:Gem::Requirement
|
50
|
-
none: false
|
51
|
-
requirements:
|
52
|
-
- - ! '>='
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: '0'
|
55
|
-
type: :development
|
56
|
-
prerelease: false
|
57
|
-
version_requirements: !ruby/object:Gem::Requirement
|
58
|
-
none: false
|
59
|
-
requirements:
|
60
|
-
- - ! '>='
|
61
|
-
- !ruby/object:Gem::Version
|
62
|
-
version: '0'
|
63
|
-
- !ruby/object:Gem::Dependency
|
64
|
-
name: sinatra
|
65
|
-
requirement: !ruby/object:Gem::Requirement
|
66
|
-
none: false
|
67
17
|
requirements:
|
68
|
-
- -
|
18
|
+
- - "~>"
|
69
19
|
- !ruby/object:Gem::Version
|
70
|
-
version: '
|
20
|
+
version: '10.1'
|
71
21
|
type: :development
|
72
22
|
prerelease: false
|
73
23
|
version_requirements: !ruby/object:Gem::Requirement
|
74
|
-
none: false
|
75
24
|
requirements:
|
76
|
-
- -
|
25
|
+
- - "~>"
|
77
26
|
- !ruby/object:Gem::Version
|
78
|
-
version: '
|
27
|
+
version: '10.1'
|
79
28
|
- !ruby/object:Gem::Dependency
|
80
29
|
name: arachni
|
81
30
|
requirement: !ruby/object:Gem::Requirement
|
82
|
-
none: false
|
83
31
|
requirements:
|
84
|
-
- -
|
32
|
+
- - "~>"
|
85
33
|
- !ruby/object:Gem::Version
|
86
|
-
version: '0'
|
34
|
+
version: '0.4'
|
87
35
|
type: :development
|
88
36
|
prerelease: false
|
89
37
|
version_requirements: !ruby/object:Gem::Requirement
|
90
|
-
none: false
|
91
38
|
requirements:
|
92
|
-
- -
|
39
|
+
- - "~>"
|
93
40
|
- !ruby/object:Gem::Version
|
94
|
-
version: '0'
|
41
|
+
version: '0.4'
|
95
42
|
- !ruby/object:Gem::Dependency
|
96
43
|
name: cucumber
|
97
44
|
requirement: !ruby/object:Gem::Requirement
|
98
|
-
none: false
|
99
45
|
requirements:
|
100
|
-
- -
|
46
|
+
- - '='
|
101
47
|
- !ruby/object:Gem::Version
|
102
|
-
version:
|
48
|
+
version: 1.3.11
|
103
49
|
type: :runtime
|
104
50
|
prerelease: false
|
105
51
|
version_requirements: !ruby/object:Gem::Requirement
|
106
|
-
none: false
|
107
52
|
requirements:
|
108
|
-
- -
|
53
|
+
- - '='
|
109
54
|
- !ruby/object:Gem::Version
|
110
|
-
version:
|
55
|
+
version: 1.3.11
|
111
56
|
- !ruby/object:Gem::Dependency
|
112
57
|
name: aruba
|
113
58
|
requirement: !ruby/object:Gem::Requirement
|
114
|
-
none: false
|
115
59
|
requirements:
|
116
|
-
- -
|
60
|
+
- - '='
|
117
61
|
- !ruby/object:Gem::Version
|
118
|
-
version:
|
62
|
+
version: 0.5.4
|
119
63
|
type: :runtime
|
120
64
|
prerelease: false
|
121
65
|
version_requirements: !ruby/object:Gem::Requirement
|
122
|
-
none: false
|
123
66
|
requirements:
|
124
|
-
- -
|
67
|
+
- - '='
|
125
68
|
- !ruby/object:Gem::Version
|
126
|
-
version:
|
69
|
+
version: 0.5.4
|
127
70
|
- !ruby/object:Gem::Dependency
|
128
71
|
name: nokogiri
|
129
72
|
requirement: !ruby/object:Gem::Requirement
|
130
|
-
none: false
|
131
73
|
requirements:
|
132
|
-
- -
|
74
|
+
- - '='
|
133
75
|
- !ruby/object:Gem::Version
|
134
|
-
version: 1.
|
76
|
+
version: 1.6.1
|
135
77
|
type: :runtime
|
136
78
|
prerelease: false
|
137
79
|
version_requirements: !ruby/object:Gem::Requirement
|
138
|
-
none: false
|
139
80
|
requirements:
|
140
|
-
- -
|
81
|
+
- - '='
|
141
82
|
- !ruby/object:Gem::Version
|
142
|
-
version: 1.
|
83
|
+
version: 1.6.1
|
143
84
|
- !ruby/object:Gem::Dependency
|
144
85
|
name: trollop
|
145
86
|
requirement: !ruby/object:Gem::Requirement
|
146
|
-
none: false
|
147
87
|
requirements:
|
148
|
-
- -
|
88
|
+
- - "~>"
|
149
89
|
- !ruby/object:Gem::Version
|
150
|
-
version: '0'
|
90
|
+
version: '2.0'
|
151
91
|
type: :runtime
|
152
92
|
prerelease: false
|
153
93
|
version_requirements: !ruby/object:Gem::Requirement
|
154
|
-
none: false
|
155
94
|
requirements:
|
156
|
-
- -
|
95
|
+
- - "~>"
|
157
96
|
- !ruby/object:Gem::Version
|
158
|
-
version: '0'
|
97
|
+
version: '2.0'
|
159
98
|
description: Using standard Gherkin language to define security tests, gauntlt happily
|
160
99
|
wraps cucumber functionality and provides a security testing framework that security
|
161
100
|
engineers, developers and operations teams can collaborate on together.
|
@@ -166,33 +105,17 @@ executables:
|
|
166
105
|
extensions: []
|
167
106
|
extra_rdoc_files: []
|
168
107
|
files:
|
169
|
-
- .gitignore
|
170
|
-
- .gitmodules
|
171
|
-
- .travis.yml
|
108
|
+
- ".gitignore"
|
109
|
+
- ".gitmodules"
|
110
|
+
- ".travis.yml"
|
172
111
|
- Gemfile
|
173
112
|
- LICENSE
|
174
113
|
- README.md
|
175
114
|
- Rakefile
|
176
115
|
- bin/gauntlt
|
177
116
|
- config/cucumber.yml
|
117
|
+
- config/services.rb
|
178
118
|
- config/warble.rb
|
179
|
-
- examples/arachni/arachni-xss.attack
|
180
|
-
- examples/curl/cookies.attack
|
181
|
-
- examples/curl/simple.attack
|
182
|
-
- examples/curl/verbs.attack
|
183
|
-
- examples/dirb/dirb.attack
|
184
|
-
- examples/garmr/garmr.attack
|
185
|
-
- examples/generic/generic.attack
|
186
|
-
- examples/nmap/nmap.attack
|
187
|
-
- examples/nmap/os_detection.attack
|
188
|
-
- examples/nmap/simple-env-var.attack
|
189
|
-
- examples/nmap/simple.attack
|
190
|
-
- examples/nmap/tcp_ping_ports.attack
|
191
|
-
- examples/nmap/xml_output.attack
|
192
|
-
- examples/simplest.attack
|
193
|
-
- examples/simplest.audit
|
194
|
-
- examples/sqlmap/sqlmap.attack
|
195
|
-
- examples/sslyze/sslyze.attack
|
196
119
|
- features/attack.feature
|
197
120
|
- features/attacks/arachni.feature
|
198
121
|
- features/attacks/curl.feature
|
@@ -200,7 +123,7 @@ files:
|
|
200
123
|
- features/attacks/garmr.feature
|
201
124
|
- features/attacks/generic.feature
|
202
125
|
- features/attacks/nmap.feature
|
203
|
-
- features/attacks/sqlmap.
|
126
|
+
- features/attacks/sqlmap.broken
|
204
127
|
- features/attacks/sslyze.feature
|
205
128
|
- features/help.feature
|
206
129
|
- features/report.feature
|
@@ -209,6 +132,7 @@ files:
|
|
209
132
|
- features/support/aruba.rb
|
210
133
|
- features/support/env.rb
|
211
134
|
- features/support/hooks.rb
|
135
|
+
- features/support/services.rb
|
212
136
|
- features/tags.feature
|
213
137
|
- gauntlt.gemspec
|
214
138
|
- gem_tasks/cucumber.rake
|
@@ -234,40 +158,39 @@ files:
|
|
234
158
|
- lib/gauntlt/attack_aliases/arachni.json
|
235
159
|
- lib/gauntlt/attack_aliases/dirb.json
|
236
160
|
- lib/gauntlt/attack_aliases/nmap.json
|
161
|
+
- lib/gauntlt/patches/errors.rb
|
237
162
|
- lib/gauntlt/runtime.rb
|
238
163
|
- lib/gauntlt/stepdef.rb
|
239
164
|
- lib/gauntlt/version.rb
|
240
|
-
- ready_to_rumble.sh
|
241
165
|
- test/gauntlt/attack_test.rb
|
242
166
|
- test/gauntlt/runtime_test.rb
|
243
167
|
- test/gauntlt/stepdef_test.rb
|
244
168
|
- test/gauntlt_test.rb
|
245
169
|
- test/test_helper.rb
|
246
170
|
- test/tmf.rb
|
247
|
-
- vendor/sslyze_output.README
|
248
171
|
homepage: https://github.com/gauntlt/gauntlt
|
249
|
-
licenses:
|
172
|
+
licenses:
|
173
|
+
- MIT
|
174
|
+
metadata: {}
|
250
175
|
post_install_message:
|
251
176
|
rdoc_options: []
|
252
177
|
require_paths:
|
253
178
|
- lib
|
254
179
|
required_ruby_version: !ruby/object:Gem::Requirement
|
255
|
-
none: false
|
256
180
|
requirements:
|
257
|
-
- -
|
181
|
+
- - ">="
|
258
182
|
- !ruby/object:Gem::Version
|
259
183
|
version: '0'
|
260
184
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
261
|
-
none: false
|
262
185
|
requirements:
|
263
|
-
- -
|
186
|
+
- - ">="
|
264
187
|
- !ruby/object:Gem::Version
|
265
188
|
version: '0'
|
266
189
|
requirements: []
|
267
190
|
rubyforge_project:
|
268
|
-
rubygems_version:
|
191
|
+
rubygems_version: 2.2.2
|
269
192
|
signing_key:
|
270
|
-
specification_version:
|
193
|
+
specification_version: 4
|
271
194
|
summary: behaviour-driven security using cucumber
|
272
195
|
test_files:
|
273
196
|
- features/attack.feature
|
@@ -277,7 +200,7 @@ test_files:
|
|
277
200
|
- features/attacks/garmr.feature
|
278
201
|
- features/attacks/generic.feature
|
279
202
|
- features/attacks/nmap.feature
|
280
|
-
- features/attacks/sqlmap.
|
203
|
+
- features/attacks/sqlmap.broken
|
281
204
|
- features/attacks/sslyze.feature
|
282
205
|
- features/help.feature
|
283
206
|
- features/report.feature
|
@@ -286,6 +209,7 @@ test_files:
|
|
286
209
|
- features/support/aruba.rb
|
287
210
|
- features/support/env.rb
|
288
211
|
- features/support/hooks.rb
|
212
|
+
- features/support/services.rb
|
289
213
|
- features/tags.feature
|
290
214
|
- test/gauntlt/attack_test.rb
|
291
215
|
- test/gauntlt/runtime_test.rb
|
@@ -1,10 +0,0 @@
|
|
1
|
-
@slow
|
2
|
-
Feature: Look for cross site scripting (xss) using arachni against a URL
|
3
|
-
|
4
|
-
Scenario: Using the arachni, look for cross site scripting and verify no issues are found
|
5
|
-
Given "arachni" is installed
|
6
|
-
And the following profile:
|
7
|
-
| name | value |
|
8
|
-
| url | http://scanme.nmap.org |
|
9
|
-
When I launch an "arachni-simple_xss" attack
|
10
|
-
Then the output should contain "0 issues were detected."
|
@@ -1,17 +0,0 @@
|
|
1
|
-
Feature: Evaluate received cookies against expected.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given "curl" is installed
|
5
|
-
And the following profile:
|
6
|
-
| name | value |
|
7
|
-
| hostname | google.com |
|
8
|
-
|
9
|
-
Scenario: Verify server is returning the cookies expected
|
10
|
-
When I launch a "curl" attack with:
|
11
|
-
"""
|
12
|
-
curl --include --location --head --silent <hostname>
|
13
|
-
"""
|
14
|
-
Then the following cookies should be received:
|
15
|
-
| name | secure | _rest |
|
16
|
-
| PREF | false | {} |
|
17
|
-
| NID | false | {'HttpOnly': None} |
|
data/examples/curl/simple.attack
DELETED
@@ -1,17 +0,0 @@
|
|
1
|
-
Feature: Launch curl attack
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given "curl" is installed
|
5
|
-
And the following profile:
|
6
|
-
| name | value |
|
7
|
-
| hostname | google.com |
|
8
|
-
|
9
|
-
Scenario: Verify a 301 is received from a curl
|
10
|
-
When I launch a "curl" attack with:
|
11
|
-
"""
|
12
|
-
curl --silent --output /dev/null --write-out "%{http_code}" <hostname>
|
13
|
-
"""
|
14
|
-
Then it should pass with exactly:
|
15
|
-
"""
|
16
|
-
301
|
17
|
-
"""
|
data/examples/curl/verbs.attack
DELETED
@@ -1,21 +0,0 @@
|
|
1
|
-
Feature: Evaluate responses to various HTTP methods.
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given "curl" is installed
|
5
|
-
And the following profile:
|
6
|
-
| name | value |
|
7
|
-
| hostname | google.com |
|
8
|
-
|
9
|
-
Scenario Outline: Verify server responds correctly to various HTTP methods
|
10
|
-
When I launch a "curl" attack with:
|
11
|
-
"""
|
12
|
-
curl -i -X <method> <hostname>
|
13
|
-
"""
|
14
|
-
Then the output should contain "<response>"
|
15
|
-
Examples:
|
16
|
-
| method | response |
|
17
|
-
| delete | Error 405 (Method Not Allowed) |
|
18
|
-
| patch | Error 405 (Method Not Allowed) |
|
19
|
-
| trace | Error 405 (Method Not Allowed) |
|
20
|
-
| track | Error 405 (Method Not Allowed) |
|
21
|
-
| bogus | Error 405 (Method Not Allowed) |
|
data/examples/garmr/garmr.attack
DELETED
@@ -1,21 +0,0 @@
|
|
1
|
-
Feature: Run garmr scan on a URL
|
2
|
-
|
3
|
-
Scenario: Use Garmr to scan a website for basic security requirements
|
4
|
-
Given "garmr" is installed
|
5
|
-
And the following profile:
|
6
|
-
| name | value |
|
7
|
-
| target_url | http://localhost:9292/inline-js |
|
8
|
-
When I launch a "garmr" attack with:
|
9
|
-
"""
|
10
|
-
garmr -u <target_url> -o my_garmr_output.xml
|
11
|
-
"""
|
12
|
-
Then it should pass with:
|
13
|
-
"""
|
14
|
-
[Garmr.corechecks.InlineJS] Fail Inline JavaScript found
|
15
|
-
"""
|
16
|
-
And the file "my_garmr_output.xml" should contain XML:
|
17
|
-
| css |
|
18
|
-
| testcase[name="InlineJS"] failure |
|
19
|
-
And the file "my_garmr_output.xml" should not contain XML:
|
20
|
-
| css |
|
21
|
-
| testcase[name="SCSPHeaderCheck"] failure |
|
@@ -1,19 +0,0 @@
|
|
1
|
-
Feature: Launch generic attack
|
2
|
-
|
3
|
-
This attack adapter allows for any command line binary to be executed and the output parsed. This can be used to run new attacks not yet supported by gauntlt. It can also be used to run custom scripts created by the user, which can allow for gauntlt attacks to be fully customized.
|
4
|
-
|
5
|
-
Background:
|
6
|
-
Given the "ping" command line binary is installed
|
7
|
-
And the following profile:
|
8
|
-
| name | value |
|
9
|
-
| hostname | google.com |
|
10
|
-
|
11
|
-
Scenario: Verify a 301 is received from a curl
|
12
|
-
When I launch a "generic" attack with:
|
13
|
-
"""
|
14
|
-
ping -c 1 <hostname>
|
15
|
-
"""
|
16
|
-
Then it should pass with regexp:
|
17
|
-
"""
|
18
|
-
1 packets transmitted, 1 (packets )?received, 0(\.0)?% packet loss
|
19
|
-
"""
|
data/examples/nmap/nmap.attack
DELETED
@@ -1,48 +0,0 @@
|
|
1
|
-
@slow
|
2
|
-
|
3
|
-
Feature: nmap attacks for scanme.nmap.org and to use this for your tests, change the value in the profile
|
4
|
-
Background:
|
5
|
-
Given "nmap" is installed
|
6
|
-
And the following profile:
|
7
|
-
| name | value |
|
8
|
-
| hostname | scanme.nmap.org |
|
9
|
-
| host | scanme.nmap.org |
|
10
|
-
| tcp_ping_ports | 22,25,80,443 |
|
11
|
-
|
12
|
-
Scenario: Verify server is open on expected set of ports using the nmap-fast attack step
|
13
|
-
When I launch a "nmap-fast" attack
|
14
|
-
Then the output should match /80.tcp\s+open/
|
15
|
-
|
16
|
-
Scenario: Verify server is open on expected set of ports using the nmap fast flag
|
17
|
-
When I launch an "nmap" attack with:
|
18
|
-
"""
|
19
|
-
nmap -F <hostname>
|
20
|
-
"""
|
21
|
-
Then the output should match:
|
22
|
-
"""
|
23
|
-
80/tcp\s+open
|
24
|
-
"""
|
25
|
-
|
26
|
-
Scenario: Verify that there are no unexpected ports open
|
27
|
-
When I launch an "nmap" attack with:
|
28
|
-
"""
|
29
|
-
nmap -F <hostname>
|
30
|
-
"""
|
31
|
-
Then the output should not contain:
|
32
|
-
"""
|
33
|
-
22/tcp
|
34
|
-
25/tcp
|
35
|
-
"""
|
36
|
-
|
37
|
-
Scenario: Output to XML
|
38
|
-
When I launch an "nmap" attack with:
|
39
|
-
"""
|
40
|
-
nmap -p 80,443 -oX foo.xml <hostname>
|
41
|
-
"""
|
42
|
-
And the file "foo.xml" should contain XML:
|
43
|
-
| css |
|
44
|
-
| ports port[protocol="tcp"][portid="80"] state[state="open"] |
|
45
|
-
| ports port[protocol="tcp"][portid="443"] state[state="closed"] |
|
46
|
-
And the file "foo.xml" should not contain XML:
|
47
|
-
| css |
|
48
|
-
| ports port[protocol="tcp"][portid="123"] state[state="open"] |
|
@@ -1,18 +0,0 @@
|
|
1
|
-
Feature: OS detection
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given "nmap" is installed
|
5
|
-
And the following profile:
|
6
|
-
| name | value |
|
7
|
-
| hostname | scanme.nmap.org |
|
8
|
-
|
9
|
-
@slow
|
10
|
-
Scenario: Detect OS
|
11
|
-
When I launch an "nmap" attack with:
|
12
|
-
"""
|
13
|
-
nmap -sV -p80 -PN <hostname>
|
14
|
-
"""
|
15
|
-
Then the output should contain:
|
16
|
-
"""
|
17
|
-
Apache
|
18
|
-
"""
|
@@ -1,25 +0,0 @@
|
|
1
|
-
@slow
|
2
|
-
Feature: simple nmap attack (sanity check)
|
3
|
-
|
4
|
-
Background:
|
5
|
-
Given "nmap" is installed
|
6
|
-
|
7
|
-
And the following environment variables:
|
8
|
-
| name | environment_variable_name |
|
9
|
-
| hostname | TEST_HOSTNAME |
|
10
|
-
|
11
|
-
And the following profile:
|
12
|
-
| name | value |
|
13
|
-
| https_port | 443 |
|
14
|
-
| http_port | 80 |
|
15
|
-
|
16
|
-
Scenario: Verify server is available on standard web ports
|
17
|
-
When I launch an "nmap" attack with:
|
18
|
-
"""
|
19
|
-
nmap -p <http_port>,<https_port> <hostname>
|
20
|
-
"""
|
21
|
-
Then the output should match /80.tcp\s+open/
|
22
|
-
And the output should not match:
|
23
|
-
"""
|
24
|
-
443/tcp\s+open
|
25
|
-
"""
|
data/examples/nmap/simple.attack
DELETED
@@ -1,20 +0,0 @@
|
|
1
|
-
@slow
|
2
|
-
Feature: simple nmap attack (sanity check)
|
3
|
-
|
4
|
-
Background:
|
5
|
-
Given "nmap" is installed
|
6
|
-
And the following profile:
|
7
|
-
| name | value |
|
8
|
-
| hostname | scanme.nmap.org |
|
9
|
-
|
10
|
-
Scenario: Verify server is available on standard web ports
|
11
|
-
When I launch an "nmap" attack with:
|
12
|
-
"""
|
13
|
-
nmap -p 80,443 <hostname>
|
14
|
-
"""
|
15
|
-
Then the output should match /80.tcp\s+open/
|
16
|
-
And the output should not match:
|
17
|
-
"""
|
18
|
-
443/tcp\s+open
|
19
|
-
"""
|
20
|
-
|
@@ -1,18 +0,0 @@
|
|
1
|
-
@slow @announce
|
2
|
-
Feature: nmap attacks for example.com
|
3
|
-
Background:
|
4
|
-
Given "nmap" is installed
|
5
|
-
And the following profile:
|
6
|
-
| name | value |
|
7
|
-
| hostname | scanme.nmap.org |
|
8
|
-
| tcp_ping_ports | 22,25,80,443 |
|
9
|
-
|
10
|
-
Scenario: Using tcp syn ping scan and the nmap fast flag
|
11
|
-
When I launch an "nmap" attack with:
|
12
|
-
"""
|
13
|
-
nmap -F -PS<tcp_ping_ports> <hostname> -oX foo.xml
|
14
|
-
"""
|
15
|
-
Then the file "foo.xml" should contain XML:
|
16
|
-
| css |
|
17
|
-
| ports port[protocol="tcp"][portid="80"] state[state="open"] |
|
18
|
-
| ports port[protocol="tcp"][portid="22"] state[state="open"] |
|
@@ -1,21 +0,0 @@
|
|
1
|
-
@slow
|
2
|
-
Feature: XML output
|
3
|
-
|
4
|
-
Background:
|
5
|
-
Given "nmap" is installed
|
6
|
-
And the following profile:
|
7
|
-
| name | value |
|
8
|
-
| hostname | scanme.nmap.org |
|
9
|
-
|
10
|
-
Scenario: Output to XML
|
11
|
-
When I launch an "nmap" attack with:
|
12
|
-
"""
|
13
|
-
nmap -p 80,443 -oX foo.xml <hostname>
|
14
|
-
"""
|
15
|
-
And the file "foo.xml" should contain XML:
|
16
|
-
| css |
|
17
|
-
| ports port[protocol="tcp"][portid="80"] state[state="open"] |
|
18
|
-
And the file "foo.xml" should not contain XML:
|
19
|
-
| css |
|
20
|
-
| ports port[protocol="tcp"][portid="123"] state[state="open"] |
|
21
|
-
| ports port[protocol="tcp"][portid="443"] state[state="open"] |
|
data/examples/simplest.attack
DELETED
data/examples/simplest.audit
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
@slow @announce
|
2
|
-
Feature: Run sqlmap against a target
|
3
|
-
# See:
|
4
|
-
# https://github.com/sqlmapproject/sqlmap/wiki/Usage
|
5
|
-
|
6
|
-
Scenario: Identify SQL injection vulnerabilities
|
7
|
-
Given "sqlmap" is installed
|
8
|
-
And the following profile:
|
9
|
-
| name | value |
|
10
|
-
| target_url | http://localhost:9292/sql-injection?number_id=1 |
|
11
|
-
When I launch a "sqlmap" attack with:
|
12
|
-
"""
|
13
|
-
python <sqlmap_path> -u <target_url> --dbms sqlite --batch -v 0 --tables
|
14
|
-
"""
|
15
|
-
Then the output should contain:
|
16
|
-
"""
|
17
|
-
sqlmap identified the following injection points
|
18
|
-
"""
|
19
|
-
And the output should contain:
|
20
|
-
"""
|
21
|
-
[2 tables]
|
22
|
-
+-----------------+
|
23
|
-
| numbers |
|
24
|
-
| sqlite_sequence |
|
25
|
-
+-----------------+
|
26
|
-
"""
|
@@ -1,17 +0,0 @@
|
|
1
|
-
Feature: Run sslyze against a target
|
2
|
-
|
3
|
-
Background:
|
4
|
-
Given "sslyze" is installed
|
5
|
-
And the following profile:
|
6
|
-
| name | value |
|
7
|
-
| hostname | google.com |
|
8
|
-
|
9
|
-
Scenario: Ensure no anonymous certificates
|
10
|
-
When I launch an "sslyze" attack with:
|
11
|
-
"""
|
12
|
-
python <sslyze_path> <hostname>:443
|
13
|
-
"""
|
14
|
-
Then the output should not contain:
|
15
|
-
"""
|
16
|
-
Anon
|
17
|
-
"""
|
data/ready_to_rumble.sh
DELETED
@@ -1,63 +0,0 @@
|
|
1
|
-
#!/bin/bash
|
2
|
-
# This little script tries to mimic the .travis.yml setup so that when we are
|
3
|
-
# doing local dev, we can run tests and make sure we are passing CI.
|
4
|
-
|
5
|
-
NMAP=`which nmap`
|
6
|
-
GARMR=`which garmr`
|
7
|
-
DIRB=`which dirb`
|
8
|
-
ARACHNI=`which arachni`
|
9
|
-
|
10
|
-
ERRORS=0
|
11
|
-
|
12
|
-
if [ -z $ARACHNI ]
|
13
|
-
then
|
14
|
-
MESSAGE="It looks like you dont have arachni-web-scanner installed. You should be able to do 'gem install arachni' to install it. You might need to install libcurl first, on ubuntu you can run 'sudo apt-get install libcurl4-openssl-dev && gem install arachni' For more info on arachni, go to arachni-scanner.com"
|
15
|
-
ERRORS=$ERRORS+1
|
16
|
-
fi
|
17
|
-
|
18
|
-
if [ -z $SSLYZE_PATH ]
|
19
|
-
then
|
20
|
-
MESSAGE="SSLYZE_PATH environment variable unset, try setting it to ./vendor/sslyze/sslyze.py if you havent updated the submodules we use in gauntlt, run this first: git submodule update --init --recursive"
|
21
|
-
ERRORS=$ERRORS+1
|
22
|
-
fi
|
23
|
-
|
24
|
-
if [ -z $SQLMAP_PATH ]
|
25
|
-
then
|
26
|
-
MESSAGE="SQLMAP_PATH environment variable unset, try setting it to ./vendor/sslyze/sqlmap.py if you havent updated the submodules we use in gauntlt, run this first: git submodule update --init --recursive"
|
27
|
-
ERRORS=$ERRORS+1
|
28
|
-
fi
|
29
|
-
|
30
|
-
if [ -z $GARMR ]
|
31
|
-
then
|
32
|
-
MESSAGE="garmr is not installed in your path, try installing it 'cd vendor/Garmr && sudo python setup.py install && cd ../..'"
|
33
|
-
ERRORS=$ERRORS+1
|
34
|
-
fi
|
35
|
-
|
36
|
-
if [ -z $DIRB_WORDLISTS ]
|
37
|
-
then
|
38
|
-
MESSAGE="DIRB_WORDLISTS environment variable not set, please set it. Usually this is where you extracted dirb in a directory called 'wordlists'"
|
39
|
-
ERRORS=$ERRORS+1
|
40
|
-
fi
|
41
|
-
|
42
|
-
if [ -z $DIRB ]
|
43
|
-
then
|
44
|
-
MESSAGE="dirb is not installed in your path, try installing it 'wget http://downloads.sourceforge.net/project/dirb/dirb/2.03/dirb203.tar.gz && tar xvfz dirb203.tar.gz && cd dirb && ./configure && make && cd ..'"
|
45
|
-
ERRORS=$ERRORS+1
|
46
|
-
fi
|
47
|
-
|
48
|
-
if [ -z $NMAP ]
|
49
|
-
then
|
50
|
-
MESSAGE="nmap is not installed in your path, try installing it (brew install nmap OR apt-get install nmap) and adding it to your path"
|
51
|
-
ERRORS=$ERRORS+1
|
52
|
-
fi
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
if [ $ERRORS -gt 0 ]
|
57
|
-
then
|
58
|
-
echo $MESSAGE
|
59
|
-
ERRORS=$ERRORS-1
|
60
|
-
echo "$ERRORS more things to fix... keep running ./ready_to_rumble.sh until you ARE."
|
61
|
-
else
|
62
|
-
echo "You ARE ready to rumble!"
|
63
|
-
fi
|
data/vendor/sslyze_output.README
DELETED
@@ -1,91 +0,0 @@
|
|
1
|
-
|
2
|
-
Warning: Running on MAC OS X. Disabling multiprocessing - scans will be slower.
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
REGISTERING AVAILABLE PLUGINS
|
7
|
-
-----------------------------
|
8
|
-
|
9
|
-
PluginCertInfo - OK
|
10
|
-
PluginEmpty - OK
|
11
|
-
PluginOpenSSLCipherSuites - OK
|
12
|
-
PluginSessionRenegotiation - OK
|
13
|
-
PluginSessionResumption - OK
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
CHECKING HOST(S) AVAILABILITY
|
18
|
-
-----------------------------
|
19
|
-
|
20
|
-
www.google.com:443 => 74.125.127.106:443
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
SCAN RESULTS FOR WWW.GOOGLE.COM:443 - 74.125.127.106:443
|
25
|
-
--------------------------------------------------------
|
26
|
-
|
27
|
-
* Session Renegotiation :
|
28
|
-
Client-initiated Renegotiations: Rejected
|
29
|
-
Secure Renegotiation: Supported
|
30
|
-
|
31
|
-
* Certificate :
|
32
|
-
Validation w/ Mozilla's CA Store: Certificate is Trusted
|
33
|
-
Subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
|
34
|
-
Issuer: /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
|
35
|
-
Serial Number: 4F9D96D966B0992B54C2957CB4157D4D
|
36
|
-
Not Before: Oct 26 00:00:00 2011 GMT
|
37
|
-
Not After: Sep 30 23:59:59 2013 GMT
|
38
|
-
Signature Algorithm: sha1WithRSAEncryption
|
39
|
-
Key Size: 1024 bits
|
40
|
-
SHA1 Fingerprint: C1956DC8A7DFB2A5A56934DA09778E3A11023358
|
41
|
-
|
42
|
-
* Session Resumption :
|
43
|
-
With Session IDs: Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
|
44
|
-
With TLS Session Tickets: Supported
|
45
|
-
|
46
|
-
* TLSV1 Cipher Suites :
|
47
|
-
|
48
|
-
Rejected Cipher Suite(s): Hidden
|
49
|
-
|
50
|
-
Preferred Cipher Suite:
|
51
|
-
ECDHE-RSA-RC4-SHA 128 bits HTTP 200 OK
|
52
|
-
|
53
|
-
Accepted Cipher Suite(s):
|
54
|
-
AES256-SHA 256 bits HTTP 200 OK
|
55
|
-
DES-CBC3-SHA 168 bits HTTP 200 OK
|
56
|
-
RC4-SHA 128 bits HTTP 200 OK
|
57
|
-
RC4-MD5 128 bits HTTP 200 OK
|
58
|
-
AES128-SHA 128 bits HTTP 200 OK
|
59
|
-
|
60
|
-
Unknown Errors: None
|
61
|
-
|
62
|
-
* SSLV3 Cipher Suites :
|
63
|
-
|
64
|
-
Rejected Cipher Suite(s): Hidden
|
65
|
-
|
66
|
-
Preferred Cipher Suite:
|
67
|
-
ECDHE-RSA-RC4-SHA 128 bits HTTP 200 OK
|
68
|
-
|
69
|
-
Accepted Cipher Suite(s):
|
70
|
-
AES256-SHA 256 bits HTTP 200 OK
|
71
|
-
DES-CBC3-SHA 168 bits HTTP 200 OK
|
72
|
-
RC4-SHA 128 bits HTTP 200 OK
|
73
|
-
RC4-MD5 128 bits HTTP 200 OK
|
74
|
-
AES128-SHA 128 bits HTTP 200 OK
|
75
|
-
|
76
|
-
Unknown Errors: None
|
77
|
-
|
78
|
-
* SSLV2 Cipher Suites :
|
79
|
-
|
80
|
-
Rejected Cipher Suite(s): Hidden
|
81
|
-
|
82
|
-
Preferred Cipher Suite: None
|
83
|
-
|
84
|
-
Accepted Cipher Suite(s): None
|
85
|
-
|
86
|
-
Unknown Errors: None
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
SCAN COMPLETED IN 2.50 S
|
91
|
-
------------------------
|