gauntlt 1.0.6 → 1.0.8

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f86cdfaa7fd94ba53f0f403343a7f77e5314ca8b
+  data.tar.gz: 52c5aed3faff43e169f43847062151b4996f8c13
+SHA512:
+  metadata.gz: 5e5d76e535ddd2818c08d52470e748b750eba34bdd836d4088f6e1f022fecbee0a42f6093e31d2d8a432a9352f41dd529d2f941477c6bb2f6f3f1b516b488232
+  data.tar.gz: 67bf0684a67d349549dc6007926fe48a5f5f54889cedd3486e3214308dfcdd36c7a070495b38864378a678e5d2bf705e8af656438e13230e1effc1bc3a532f32

data/.gitignore

@@ -35,3 +35,7 @@ Gemfile.lock
 
 # possible dependency installs
 dirb
+
+# Testing
+resume
+my_attacks

data/.gitmodules

@@ -7,9 +7,3 @@
 [submodule "vendor/Garmr"]
 	path = vendor/Garmr
 	url = git://github.com/mozilla/Garmr.git
-[submodule "features/support/scapegoat"]
-	path = features/support/scapegoat
-	url = git://github.com/gauntlt/scapegoat.git
-[submodule "vendor/railsgoat"]
-	path = vendor/railsgoat
-	url = git://github.com/OWASP/railsgoat.git

data/.travis.yml

@@ -1,12 +1,12 @@
 language: ruby
 rvm:
   - 1.9.3
-  - jruby-head
 before_install:
   - git submodule update --init --recursive
 before_script:
   - sudo apt-get install nmap
   - sudo apt-get install wget
+  - sudo apt-get install unzip
   - sudo apt-get install libcurl4-openssl-dev
   - export SSLYZE_PATH="/home/travis/build/gauntlt/gauntlt/vendor/sslyze/sslyze.py"
   - export SQLMAP_PATH="/home/travis/build/gauntlt/gauntlt/vendor/sqlmap/sqlmap.py"

data/Gemfile

@@ -2,8 +2,12 @@ source 'https://rubygems.org'
 
 gemspec
 
+# to get railsgoat working
+gem 'service_manager'
+
 gem 'debugger', :platform => :mri
 gem 'ruby-debug-base', :platform => :jruby
 
 gem 'sqlite3', :platform => :mri
 gem 'jdbc-sqlite3', :platform => :jruby
+

data/README.md

@@ -176,3 +176,7 @@ gauntlt is licensed under The MIT License. See the LICENSE file in the repo or v
 [sslyze]: https://github.com/iSECPartners/sslyze
 [sqlmap]: http://sqlmap.org
 [garmr]: https://github.com/mozilla/Garmr
+
+
+[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/gauntlt/gauntlt/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
+

data/config/services.rb

@@ -0,0 +1,14 @@
+require 'service_manager'
+
+Bundler.with_clean_env do
+  Dir.chdir "./vendor/gruyere" do 
+  end
+
+  ServiceManager.define_service "gruyere" do |s|
+    s.start_cmd = "./launch_for_service_manager.sh"
+    s.loaded_cue = /Gruyere started.../
+    s.cwd = Dir.pwd + "/vendor/gruyere/"
+    s.host = "localhost"
+    s.port = 8008
+  end
+end

data/features/attack.feature

@@ -100,7 +100,7 @@ Feature: Verify the attack behaviour is correct
     When I run `gauntlt`
     Then it should fail with:
       """
-      Bad or undefined attack!
+      Not a recognized gauntlt attack step
       """
 
   Scenario: No attack files in default path

data/features/attacks/garmr.feature

@@ -1,8 +1,6 @@
-@scapegoat
 Feature: Garmr scan
   Background:
     Given an attack "garmr" exists
-    And scapegoat is running on port 9292
     And I copy the attack files from the "examples/garmr" folder
     And the following attack files exist:
       | filename      |
@@ -12,4 +10,3 @@ Feature: Garmr scan
       """
       6 steps (6 passed)
       """
-    And scapegoat should quit

data/features/step_definitions/support_steps.rb

@@ -18,36 +18,3 @@ Given /^the following attack files exist:$/ do |table|
     check_file_presence [hsh['filename']], true
   end
 end
-
-require 'rack/handler/webrick'
-Given /^scapegoat is running on port (\d+)$/ do |port|
-  if Scapegoat.running?
-    if Scapegoat.port != port.to_i
-      raise "Scapegoat already running on port #{Scapegoat.port} (not #{port})"
-    end
-  else
-    Scapegoat.set :port, port.to_i
-    Scapegoat.set :logging, nil
-
-    if RUBY_PLATFORM == 'java'
-      Thread.new { Scapegoat.run! }
-    else
-      @scapegoat_pid = Process.fork do
-        trap(:INT) { ::Rack::Handler::WEBrick.shutdown }
-        Scapegoat.run!
-        exit # manually exit; otherwise this sub-process will re-run the specs that haven't run yet.
-      end
-    end
-  end
-end
-
-Then /^scapegoat should quit$/ do
-  if @scapegoat_pid
-    Process.kill('INT', @scapegoat_pid)
-    begin
-      Process.wait(@scapegoat_pid)
-    rescue Errno::ECHILD
-      # ignore this error...I think it means the child process has already exited.
-    end
-  end
-end

data/features/support/services.rb

@@ -0,0 +1,3 @@
+require 'service_manager'
+
+ServiceManager.start

data/gauntlt.gemspec

@@ -7,23 +7,25 @@ Gem::Specification.new do |s|
   s.version     = Gauntlt::VERSION
   s.authors     = ["James Wickett", "Mani Tadayon"]
   s.email       = ["james@gauntlt.org"]
+  s.license     = 'MIT'
   s.homepage    = "https://github.com/gauntlt/gauntlt"
   s.summary     = %q{behaviour-driven security using cucumber}
   s.description = %q{Using standard Gherkin language to define security tests, gauntlt happily wraps cucumber functionality and provides a security testing framework that security engineers, developers and operations teams can collaborate on together.}
 
   s.files         = `git ls-files`.split("\n")
+  s.files.reject! { |fn| fn.include? "vendor" }
+  s.files.reject! { |fn| fn.include? "examples" }
+  s.files.reject! { |fn| fn.include? "ready_to_rumble" }
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
 
-  s.add_development_dependency "cucumber", "~>1.2.0"
-  s.add_development_dependency "aruba"
-  s.add_development_dependency "rake"
-  s.add_development_dependency "sinatra"
-  s.add_development_dependency "arachni"
+  s.add_development_dependency 'rake', '~> 10.1'
+  s.add_development_dependency 'arachni', '~> 0.4'
+
+  s.add_runtime_dependency 'cucumber', '= 1.3.11'
+  s.add_runtime_dependency 'aruba', '= 0.5.4'
+  s.add_runtime_dependency 'nokogiri', '= 1.6.1'
+  s.add_runtime_dependency 'trollop', '~> 2.0'
 
-  s.add_runtime_dependency "cucumber"
-  s.add_runtime_dependency "aruba"
-  s.add_runtime_dependency "nokogiri", "~>1.5.0"
-  s.add_runtime_dependency "trollop"
 end

data/lib/gauntlt/patches/errors.rb

@@ -0,0 +1,10 @@
+module Cucumber
+  class Undefined < StandardError
+    def initialize(step_name)
+      super %{Not a recognized gauntlt attack step: "#{step_name}"\nCheck available gauntlt steps with this command 'gauntlt --allsteps'}
+      @step_name = step_name
+    end
+  end
+end
+ 
+

data/lib/gauntlt/runtime.rb

@@ -1,8 +1,10 @@
 require 'cucumber'
 require 'cucumber/runtime'
 require 'cucumber/cli/main'
+require 'gauntlt/patches/errors.rb'
 
 module Gauntlt
+
   class Runtime
     class NoFilesFound < StandardError; end
     class ExecutionFailed < StandardError; end
@@ -18,7 +20,7 @@ module Gauntlt
     end
 
     def cuke_cli
-      args =  attack_files + ['--strict', '--require', self.class.adapters_dir]
+      args =  attack_files + ['--strict', '--no-snippets', '--require', self.class.adapters_dir]
       args += ['--tags', tags] unless tags.empty?
       args += ['--format', format] unless format.nil?
 
@@ -34,11 +36,7 @@ module Gauntlt
     end
 
     def execute!
-      if cuke_cli.execute! # cucumber failed, returning true
-        raise ExecutionFailed.new("Bad or undefined attack!")
-      else            # cucumber executed successfully, returning false
-        true
-      end
+      cuke_cli.execute! 
     end
 
     class << self

data/lib/gauntlt/version.rb

@@ -1,3 +1,3 @@
 module Gauntlt
-  VERSION = "1.0.6"
+  VERSION = "1.0.8"
 end

metadata

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gauntlt
 version: !ruby/object:Gem::Version
-  version: 1.0.6
-  prerelease: 
+  version: 1.0.8
 platform: ruby
 authors:
 - James Wickett
@@ -10,152 +9,92 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-08-30 00:00:00.000000000 Z
+date: 2014-03-06 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: cucumber
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 1.2.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 1.2.0
-- !ruby/object:Gem::Dependency
-  name: aruba
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: sinatra
-  requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '10.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '10.1'
 - !ruby/object:Gem::Dependency
   name: arachni
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.4'
 - !ruby/object:Gem::Dependency
   name: cucumber
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.11
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.11
 - !ruby/object:Gem::Dependency
   name: aruba
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.5.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.5.4
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - '='
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.6.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - '='
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.6.1
 - !ruby/object:Gem::Dependency
   name: trollop
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
 description: Using standard Gherkin language to define security tests, gauntlt happily
   wraps cucumber functionality and provides a security testing framework that security
   engineers, developers and operations teams can collaborate on together.
@@ -166,33 +105,17 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .gitmodules
-- .travis.yml
+- ".gitignore"
+- ".gitmodules"
+- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
 - bin/gauntlt
 - config/cucumber.yml
+- config/services.rb
 - config/warble.rb
-- examples/arachni/arachni-xss.attack
-- examples/curl/cookies.attack
-- examples/curl/simple.attack
-- examples/curl/verbs.attack
-- examples/dirb/dirb.attack
-- examples/garmr/garmr.attack
-- examples/generic/generic.attack
-- examples/nmap/nmap.attack
-- examples/nmap/os_detection.attack
-- examples/nmap/simple-env-var.attack
-- examples/nmap/simple.attack
-- examples/nmap/tcp_ping_ports.attack
-- examples/nmap/xml_output.attack
-- examples/simplest.attack
-- examples/simplest.audit
-- examples/sqlmap/sqlmap.attack
-- examples/sslyze/sslyze.attack
 - features/attack.feature
 - features/attacks/arachni.feature
 - features/attacks/curl.feature
@@ -200,7 +123,7 @@ files:
 - features/attacks/garmr.feature
 - features/attacks/generic.feature
 - features/attacks/nmap.feature
-- features/attacks/sqlmap.feature
+- features/attacks/sqlmap.broken
 - features/attacks/sslyze.feature
 - features/help.feature
 - features/report.feature
@@ -209,6 +132,7 @@ files:
 - features/support/aruba.rb
 - features/support/env.rb
 - features/support/hooks.rb
+- features/support/services.rb
 - features/tags.feature
 - gauntlt.gemspec
 - gem_tasks/cucumber.rake
@@ -234,40 +158,39 @@ files:
 - lib/gauntlt/attack_aliases/arachni.json
 - lib/gauntlt/attack_aliases/dirb.json
 - lib/gauntlt/attack_aliases/nmap.json
+- lib/gauntlt/patches/errors.rb
 - lib/gauntlt/runtime.rb
 - lib/gauntlt/stepdef.rb
 - lib/gauntlt/version.rb
-- ready_to_rumble.sh
 - test/gauntlt/attack_test.rb
 - test/gauntlt/runtime_test.rb
 - test/gauntlt/stepdef_test.rb
 - test/gauntlt_test.rb
 - test/test_helper.rb
 - test/tmf.rb
-- vendor/sslyze_output.README
 homepage: https://github.com/gauntlt/gauntlt
-licenses: []
+licenses:
+- MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.25
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: behaviour-driven security using cucumber
 test_files:
 - features/attack.feature
@@ -277,7 +200,7 @@ test_files:
 - features/attacks/garmr.feature
 - features/attacks/generic.feature
 - features/attacks/nmap.feature
-- features/attacks/sqlmap.feature
+- features/attacks/sqlmap.broken
 - features/attacks/sslyze.feature
 - features/help.feature
 - features/report.feature
@@ -286,6 +209,7 @@ test_files:
 - features/support/aruba.rb
 - features/support/env.rb
 - features/support/hooks.rb
+- features/support/services.rb
 - features/tags.feature
 - test/gauntlt/attack_test.rb
 - test/gauntlt/runtime_test.rb

data/examples/arachni/arachni-xss.attack

@@ -1,10 +0,0 @@
-@slow
-Feature: Look for cross site scripting (xss) using arachni against a URL
-
-Scenario: Using the arachni, look for cross site scripting and verify no issues are found
-  Given "arachni" is installed
-  And the following profile:
-     | name                | value                          |
-     | url                 | http://scanme.nmap.org         |
-  When I launch an "arachni-simple_xss" attack
-  Then the output should contain "0 issues were detected."

data/examples/curl/cookies.attack

@@ -1,17 +0,0 @@
-Feature: Evaluate received cookies against expected.
-
-Background:
-  Given "curl" is installed
-  And the following profile:
-    | name     | value      |
-    | hostname | google.com |
-
-Scenario: Verify server is returning the cookies expected
-  When I launch a "curl" attack with:
-    """
-    curl --include --location --head --silent <hostname>
-    """
-  Then the following cookies should be received:
-    | name | secure | _rest              |
-    | PREF | false  | {}                 |
-    | NID  | false  | {'HttpOnly': None} |

data/examples/curl/simple.attack

@@ -1,17 +0,0 @@
-Feature: Launch curl attack
-
-Background:
-  Given "curl" is installed
-  And the following profile:
-    | name     | value      |
-    | hostname | google.com |
-
-Scenario: Verify a 301 is received from a curl
-  When I launch a "curl" attack with:
-    """
-    curl --silent --output /dev/null --write-out "%{http_code}" <hostname>
-    """
-  Then it should pass with exactly:
-    """
-    301
-    """

data/examples/curl/verbs.attack

@@ -1,21 +0,0 @@
-Feature: Evaluate responses to various HTTP methods.
-
-Background:
-  Given "curl" is installed
-  And the following profile:
-    | name     | value      |
-    | hostname | google.com |
-
-Scenario Outline: Verify server responds correctly to various HTTP methods
-  When I launch a "curl" attack with:
-    """
-    curl -i -X <method> <hostname>
-    """
-  Then the output should contain "<response>"
-  Examples:
-    | method | response                       |
-    | delete | Error 405 (Method Not Allowed) |
-    | patch  | Error 405 (Method Not Allowed) |
-    | trace  | Error 405 (Method Not Allowed) |
-    | track  | Error 405 (Method Not Allowed) |
-    | bogus  | Error 405 (Method Not Allowed) |

data/examples/garmr/garmr.attack

@@ -1,21 +0,0 @@
-Feature: Run garmr scan on a URL
-
-Scenario: Use Garmr to scan a website for basic security requirements
-  Given "garmr" is installed
-  And the following profile:
-    | name       | value                           |
-    | target_url | http://localhost:9292/inline-js |
-  When I launch a "garmr" attack with:
-    """
-    garmr -u <target_url> -o my_garmr_output.xml
-    """
-  Then it should pass with:
-    """
-    [Garmr.corechecks.InlineJS] Fail Inline JavaScript found
-    """
-  And the file "my_garmr_output.xml" should contain XML:
-    | css                               |
-    | testcase[name="InlineJS"] failure |
-  And the file "my_garmr_output.xml" should not contain XML:
-    | css                               |
-    | testcase[name="SCSPHeaderCheck"] failure |

data/examples/generic/generic.attack

@@ -1,19 +0,0 @@
-Feature: Launch generic attack
-
-This attack adapter allows for any command line binary to be executed and the output parsed. This can be used to run new attacks not yet supported by gauntlt. It can also be used to run custom scripts created by the user, which can allow for gauntlt attacks to be fully customized.
-
-Background:
-  Given the "ping" command line binary is installed
-  And the following profile:
-    | name     | value      |
-    | hostname | google.com |
-
-Scenario: Verify a 301 is received from a curl
-  When I launch a "generic" attack with:
-    """
-    ping -c 1 <hostname>
-    """
-  Then it should pass with regexp:
-    """
-    1 packets transmitted, 1 (packets )?received, 0(\.0)?% packet loss
-    """

data/examples/nmap/nmap.attack

@@ -1,48 +0,0 @@
-@slow
-
-Feature: nmap attacks for scanme.nmap.org and to use this for your tests, change the value in the profile
-  Background:
-    Given "nmap" is installed
-    And the following profile:
-      | name           | value        |
-      | hostname       | scanme.nmap.org   |
-      | host           | scanme.nmap.org   |
-      | tcp_ping_ports | 22,25,80,443 |
-
-  Scenario: Verify server is open on expected set of ports using the nmap-fast attack step
-    When I launch a "nmap-fast" attack
-    Then the output should match /80.tcp\s+open/
-
-  Scenario: Verify server is open on expected set of ports using the nmap fast flag
-    When I launch an "nmap" attack with:
-      """
-      nmap -F <hostname>
-      """
-    Then the output should match:
-      """
-      80/tcp\s+open
-      """
-
-  Scenario: Verify that there are no unexpected ports open
-    When I launch an "nmap" attack with:
-      """
-      nmap -F <hostname>
-      """
-    Then the output should not contain:
-      """
-      22/tcp
-      25/tcp
-      """
-
-  Scenario: Output to XML
-    When I launch an "nmap" attack with:
-      """
-      nmap -p 80,443 -oX foo.xml <hostname>
-      """
-    And the file "foo.xml" should contain XML:
-      | css                                                          |
-      | ports port[protocol="tcp"][portid="80"] state[state="open"]  |
-      | ports port[protocol="tcp"][portid="443"] state[state="closed"] |
-    And the file "foo.xml" should not contain XML:
-      | css                                                          |
-      | ports port[protocol="tcp"][portid="123"] state[state="open"] |

data/examples/nmap/os_detection.attack

@@ -1,18 +0,0 @@
-Feature: OS detection
-
-  Background:
-    Given "nmap" is installed
-    And the following profile:
-      | name     | value      |
-      | hostname | scanme.nmap.org |
-
-  @slow
-  Scenario: Detect OS
-    When I launch an "nmap" attack with:
-      """
-      nmap -sV -p80 -PN <hostname>
-      """
-    Then the output should contain:
-      """
-      Apache
-      """

data/examples/nmap/simple-env-var.attack

@@ -1,25 +0,0 @@
-@slow
-Feature: simple nmap attack (sanity check)
-
-  Background:
-    Given "nmap" is installed
-
-    And the following environment variables:
-      | name      | environment_variable_name |
-      | hostname  | TEST_HOSTNAME             |
-
-    And the following profile:
-      | name     | value |
-      | https_port | 443 |
-      | http_port  | 80  |
-
-  Scenario: Verify server is available on standard web ports
-    When I launch an "nmap" attack with:
-      """
-      nmap -p <http_port>,<https_port> <hostname>
-      """
-    Then the output should match /80.tcp\s+open/      
-    And the output should not match:
-      """
-      443/tcp\s+open 
-      """

data/examples/nmap/simple.attack

@@ -1,20 +0,0 @@
-@slow
-Feature: simple nmap attack (sanity check)
-
-  Background:
-    Given "nmap" is installed
-    And the following profile:
-      | name     | value      |
-      | hostname | scanme.nmap.org |
-
-  Scenario: Verify server is available on standard web ports
-    When I launch an "nmap" attack with:
-      """
-      nmap -p 80,443 <hostname>
-      """
-    Then the output should match /80.tcp\s+open/
-    And the output should not match:
-      """
-      443/tcp\s+open
-      """
-

data/examples/nmap/tcp_ping_ports.attack

@@ -1,18 +0,0 @@
-@slow @announce
-Feature: nmap attacks for example.com
-  Background:
-    Given "nmap" is installed
-    And the following profile:
-      | name           | value           |
-      | hostname       | scanme.nmap.org |
-      | tcp_ping_ports | 22,25,80,443    |
-
-  Scenario: Using tcp syn ping scan and the nmap fast flag
-    When I launch an "nmap" attack with:
-      """
-      nmap -F -PS<tcp_ping_ports> <hostname> -oX foo.xml
-      """
-    Then the file "foo.xml" should contain XML:
-      | css                                                         |
-      | ports port[protocol="tcp"][portid="80"] state[state="open"] |
-      | ports port[protocol="tcp"][portid="22"] state[state="open"] |

data/examples/nmap/xml_output.attack

@@ -1,21 +0,0 @@
-@slow
-Feature: XML output
-
-  Background:
-    Given "nmap" is installed
-    And the following profile:
-      | name     | value      |
-      | hostname | scanme.nmap.org |
-
-  Scenario: Output to XML
-    When I launch an "nmap" attack with:
-      """
-      nmap -p 80,443 -oX foo.xml <hostname>
-      """
-    And the file "foo.xml" should contain XML:
-      | css                                                          |
-      | ports port[protocol="tcp"][portid="80"] state[state="open"]  |
-    And the file "foo.xml" should not contain XML:
-      | css                                                          |
-      | ports port[protocol="tcp"][portid="123"] state[state="open"] |
-      | ports port[protocol="tcp"][portid="443"] state[state="open"] |

data/examples/simplest.attack

@@ -1,10 +0,0 @@
-Feature: simplest attack possible
-  Scenario:
-    When I launch a "generic" attack with:
-      """
-      ls -a
-      """
-    Then the output should contain:
-      """
-      .
-      """

data/examples/simplest.audit

@@ -1,10 +0,0 @@
-Feature: simplest audit possible
-  Scenario:
-    When I launch a "generic" attack with:
-      """
-      ls -a
-      """
-    Then the output should contain:
-      """
-      .
-      """

data/examples/sqlmap/sqlmap.attack

@@ -1,26 +0,0 @@
-@slow @announce
-Feature: Run sqlmap against a target
-  # See:
-  #   https://github.com/sqlmapproject/sqlmap/wiki/Usage
-
-Scenario: Identify SQL injection vulnerabilities
-  Given "sqlmap" is installed
-  And the following profile:
-    | name       | value                                           |
-    | target_url | http://localhost:9292/sql-injection?number_id=1 |
-  When I launch a "sqlmap" attack with:
-    """
-    python <sqlmap_path> -u <target_url> --dbms sqlite --batch -v 0 --tables
-    """
-  Then the output should contain:
-    """
-    sqlmap identified the following injection points
-    """
-  And the output should contain:
-    """
-    [2 tables]
-    +-----------------+
-    | numbers         |
-    | sqlite_sequence |
-    +-----------------+
-    """

data/examples/sslyze/sslyze.attack

@@ -1,17 +0,0 @@
-Feature: Run sslyze against a target
-
-Background:
-  Given "sslyze" is installed
-  And the following profile:
-    | name     | value      |
-    | hostname | google.com |
-
-Scenario: Ensure no anonymous certificates
-  When I launch an "sslyze" attack with:
-    """
-    python <sslyze_path> <hostname>:443
-    """
-  Then the output should not contain:
-    """
-    Anon
-    """

data/ready_to_rumble.sh

@@ -1,63 +0,0 @@
-#!/bin/bash
-# This little script tries to mimic the .travis.yml setup so that when we are 
-# doing local dev, we can run tests and make sure we are passing CI.
-
-NMAP=`which nmap`
-GARMR=`which garmr`
-DIRB=`which dirb`
-ARACHNI=`which arachni`
-
-ERRORS=0
-
-if [ -z $ARACHNI ]
-  then
-    MESSAGE="It looks like you dont have arachni-web-scanner installed.  You should be able to do 'gem install arachni' to install it.  You might need to install libcurl first, on ubuntu you can run 'sudo apt-get install libcurl4-openssl-dev && gem install arachni' For more info on arachni, go to arachni-scanner.com"
-    ERRORS=$ERRORS+1 
-fi
-
-if [ -z $SSLYZE_PATH ]
-  then
-    MESSAGE="SSLYZE_PATH environment variable unset, try setting it to ./vendor/sslyze/sslyze.py if you havent updated the submodules we use in gauntlt, run this first: git submodule update --init --recursive"
-    ERRORS=$ERRORS+1 
-fi
-
-if [ -z $SQLMAP_PATH ]
-  then
-    MESSAGE="SQLMAP_PATH environment variable unset, try setting it to ./vendor/sslyze/sqlmap.py if you havent updated the submodules we use in gauntlt, run this first: git submodule update --init --recursive"
-    ERRORS=$ERRORS+1 
-fi
-
-if [ -z $GARMR ] 
-  then
-    MESSAGE="garmr is not installed in your path, try installing it 'cd vendor/Garmr && sudo python setup.py install && cd ../..'"
-    ERRORS=$ERRORS+1 
-fi
-
-if [ -z $DIRB_WORDLISTS ]
-  then 
-    MESSAGE="DIRB_WORDLISTS environment variable not set, please set it. Usually this is where you extracted dirb in a directory called 'wordlists'"
-    ERRORS=$ERRORS+1 
-fi
-
-if [ -z $DIRB ]
-  then 
-    MESSAGE="dirb is not installed in your path, try installing it 'wget http://downloads.sourceforge.net/project/dirb/dirb/2.03/dirb203.tar.gz && tar xvfz dirb203.tar.gz && cd dirb && ./configure && make && cd ..'"
-    ERRORS=$ERRORS+1 
-fi
-
-if [ -z $NMAP ] 
-  then
-    MESSAGE="nmap is not installed in your path, try installing it (brew install nmap OR apt-get install nmap) and adding it to your path"
-    ERRORS=$ERRORS+1 
-fi
-
-
-
-if [ $ERRORS -gt 0 ]
-  then
-  echo $MESSAGE
-  ERRORS=$ERRORS-1
-  echo "$ERRORS more things to fix... keep running ./ready_to_rumble.sh until you ARE."
-else
-  echo "You ARE ready to rumble!"
-fi

data/vendor/sslyze_output.README

@@ -1,91 +0,0 @@
-
-Warning: Running on MAC OS X. Disabling multiprocessing - scans will be slower.
-
-
-
- REGISTERING AVAILABLE PLUGINS
- -----------------------------
-
-   PluginCertInfo - OK
-   PluginEmpty - OK
-   PluginOpenSSLCipherSuites - OK
-   PluginSessionRenegotiation - OK
-   PluginSessionResumption - OK
-
-
-
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
-
-   www.google.com:443                  => 74.125.127.106:443
-
-
-
- SCAN RESULTS FOR WWW.GOOGLE.COM:443 - 74.125.127.106:443
- --------------------------------------------------------
-
-  * Session Renegotiation :
-      Client-initiated Renegotiations:    Rejected
-      Secure Renegotiation:               Supported
-
-  * Certificate :
-      Validation w/ Mozilla's CA Store:  Certificate is Trusted
-      Subject:                           /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
-      Issuer:                            /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
-      Serial Number:                     4F9D96D966B0992B54C2957CB4157D4D
-      Not Before:                        Oct 26 00:00:00 2011 GMT
-      Not After:                         Sep 30 23:59:59 2013 GMT
-      Signature Algorithm:               sha1WithRSAEncryption
-      Key Size:                          1024 bits
-      SHA1 Fingerprint:                  C1956DC8A7DFB2A5A56934DA09778E3A11023358
-
-  * Session Resumption :
-      With Session IDs:           Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
-      With TLS Session Tickets:   Supported
-
-  * TLSV1 Cipher Suites :
-
-      Rejected Cipher Suite(s): Hidden
-
-      Preferred Cipher Suite:
-        ECDHE-RSA-RC4-SHA        128 bits      HTTP 200 OK
-
-      Accepted Cipher Suite(s):
-        AES256-SHA               256 bits      HTTP 200 OK
-        DES-CBC3-SHA             168 bits      HTTP 200 OK
-        RC4-SHA                  128 bits      HTTP 200 OK
-        RC4-MD5                  128 bits      HTTP 200 OK
-        AES128-SHA               128 bits      HTTP 200 OK
-
-      Unknown Errors: None
-
-  * SSLV3 Cipher Suites :
-
-      Rejected Cipher Suite(s): Hidden
-
-      Preferred Cipher Suite:
-        ECDHE-RSA-RC4-SHA        128 bits      HTTP 200 OK
-
-      Accepted Cipher Suite(s):
-        AES256-SHA               256 bits      HTTP 200 OK
-        DES-CBC3-SHA             168 bits      HTTP 200 OK
-        RC4-SHA                  128 bits      HTTP 200 OK
-        RC4-MD5                  128 bits      HTTP 200 OK
-        AES128-SHA               128 bits      HTTP 200 OK
-
-      Unknown Errors: None
-
-  * SSLV2 Cipher Suites :
-
-      Rejected Cipher Suite(s): Hidden
-
-      Preferred Cipher Suite: None
-
-      Accepted Cipher Suite(s): None
-
-      Unknown Errors: None
-
-
-
- SCAN COMPLETED IN 2.50 S
- ------------------------