gauntlt 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +43 -26
- data/bin/gauntlt +46 -43
- data/examples/nmap/nmap.attack +57 -0
- data/features/attack.feature +3 -3
- data/features/attacks/nmap.feature +82 -6
- data/features/help.feature +25 -20
- data/gauntlt.gemspec +7 -7
- data/lib/gauntlt/attack_adapters/nmap.rb +24 -0
- data/lib/gauntlt/attack_adapters/support/cli_helper.rb +8 -1
- data/lib/gauntlt/attack_adapters/support/cookie_helper.rb +22 -17
- data/lib/gauntlt/attack_adapters/support/nmap_helper.rb +12 -7
- data/lib/gauntlt/attack_adapters/support/profile_helper.rb +24 -8
- data/lib/gauntlt/attack_adapters/support/python_script_helper.rb +1 -0
- data/lib/gauntlt/attack_adapters/support/xml_helper.rb +31 -0
- data/lib/gauntlt/version.rb +1 -1
- data/spec/gauntlt_spec.rb +3 -4
- data/spec/spec_helper.rb +0 -3
- data/{lib/gauntlt/attack_adapters/support → vendor}/sslyze_output.README +0 -0
- metadata +17 -21
- data/features/step_definitions/help_steps.rb +0 -8
- data/lib/gauntlt/attack_adapters/support/env.rb +0 -1
- data/lib/gauntlt/attack_adapters/support/hooks.rb +0 -3
- data/spec/support/mock_constants.rb +0 -46
data/README.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# gauntlt [![Build Status](https://secure.travis-ci.org/thegauntlet/gauntlt.png?branch=master)](http://travis-ci.org/thegauntlet/gauntlt)
|
1
|
+
# gauntlt [![Build Status](https://secure.travis-ci.org/thegauntlet/gauntlt.png?branch=master)](http://travis-ci.org/thegauntlet/gauntlt) [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/thegauntlet/gauntlt)
|
2
2
|
|
3
3
|
gauntlt is a ruggedization framework
|
4
4
|
|
@@ -6,35 +6,18 @@ gauntlt is a ruggedization framework
|
|
6
6
|
|
7
7
|
The gauntlt project is under active development and is not ready for production use but we are looking for community feedback and involvement on the project. Please file issues via github and follow the project on twitter: [@gauntlt](https://twitter.com/gauntlt).
|
8
8
|
|
9
|
-
Have questions? Ask us anything on the [gauntlt google group](http://bit.ly/gauntlt_group).
|
9
|
+
Have questions? Ask us anything on the [gauntlt google group](http://bit.ly/gauntlt_group) or find us on irc at [#gauntlt](http://webchat.freenode.net/?channels=gauntlt) (irc.freenode.net).
|
10
10
|
|
11
11
|
## GET STARTED
|
12
12
|
|
13
13
|
Before you start, please note that gauntlt is tested regularly against ruby 1.9.3. We don't test againt older versions of ruby. Keep in mind that you run gauntlt separately from the application it targets, so it does not matter whether the targeted application uses ruby.
|
14
14
|
|
15
|
-
1.
|
16
|
-
|
17
|
-
$ git clone --recursive git@github.com:thegauntlet/gauntlt.git
|
18
|
-
$ cd gauntlt
|
19
|
-
|
20
|
-
|
21
|
-
2. Install bundler
|
15
|
+
1. Install the gem
|
22
16
|
|
23
|
-
$ gem install
|
24
|
-
|
25
|
-
|
26
|
-
3. Install dependencies
|
17
|
+
$ gem install gauntlt
|
27
18
|
|
28
|
-
|
19
|
+
2. Create an attack file and put it anywhere you like
|
29
20
|
|
30
|
-
$ bundle
|
31
|
-
|
32
|
-
4. Create an attack file
|
33
|
-
|
34
|
-
# general format
|
35
|
-
$ bin/gauntlt attack --name <attack_name> --attack-file my_attack.attack
|
36
|
-
|
37
|
-
# for example, launch an nmap attack
|
38
21
|
# nmap.attack
|
39
22
|
Feature: nmap attacks
|
40
23
|
Background:
|
@@ -52,17 +35,51 @@ Note, you may see errors in bundle related to the curb gem. It is looking for c
|
|
52
35
|
443/tcp open https
|
53
36
|
"""
|
54
37
|
|
55
|
-
|
38
|
+
3. Run gauntlt to launch the attack defined above
|
39
|
+
|
40
|
+
$ gauntlt attack -n nmap -a nmap.attack
|
41
|
+
# general format:
|
42
|
+
# $ gauntlt attack --name <attack_name> --attack-file <path>
|
43
|
+
|
56
44
|
|
57
45
|
For more attack examples, refer to features/attacks.
|
58
46
|
|
59
|
-
|
47
|
+
4. Other commands
|
60
48
|
|
61
49
|
# list defined attacks
|
62
|
-
$
|
50
|
+
$ gauntlt attack --list
|
63
51
|
|
64
52
|
# get help
|
65
|
-
$
|
53
|
+
$ gauntlt help
|
54
|
+
|
55
|
+
|
56
|
+
## For developers
|
57
|
+
|
58
|
+
1. Clone the git repo and get the submodules
|
59
|
+
|
60
|
+
$ git clone --recursive git://github.com/thegauntlet/gauntlt.git
|
61
|
+
|
62
|
+
2. Install bundler
|
63
|
+
|
64
|
+
$ gem install bundler
|
65
|
+
|
66
|
+
3. Install dependencies
|
67
|
+
|
68
|
+
$ bundle
|
69
|
+
# if you get errors, you may need to install curl libs first
|
70
|
+
# on ubuntu:
|
71
|
+
# $ sudo apt-get install libcurl4-openssl-dev
|
72
|
+
|
73
|
+
|
74
|
+
4. Run the cucumber features and rspec examples
|
75
|
+
|
76
|
+
$ bundle exec rake
|
77
|
+
|
78
|
+
5. Launch attacks with bin/gauntlt
|
79
|
+
|
80
|
+
$ bin/gauntlt attack -n nmap -a my_attack_file.attack
|
81
|
+
|
82
|
+
5. Refer to the features directory for usage examples and please write cucumber features for any new functionality you wish to submit.
|
66
83
|
|
67
84
|
|
68
85
|
## ROADMAP
|
data/bin/gauntlt
CHANGED
@@ -1,53 +1,56 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
-
|
2
|
+
require 'rubygems'
|
3
|
+
$:.push File.expand_path("../../lib", __FILE__) unless $:.include?( File.expand_path("../../lib", __FILE__) )
|
3
4
|
require 'gauntlt'
|
4
5
|
|
5
|
-
require '
|
6
|
+
require 'trollop'
|
6
7
|
|
7
|
-
|
8
|
-
|
9
|
-
|
8
|
+
SUB_COMMANDS = %w(
|
9
|
+
attack
|
10
|
+
)
|
10
11
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
Gauntlt::Command.run 'help'
|
15
|
-
elsif options.version?
|
16
|
-
puts Gauntlt::VERSION
|
17
|
-
end
|
18
|
-
end
|
12
|
+
global_opts = Trollop::options do
|
13
|
+
banner "usage: gauntlt attack [<args>]"
|
14
|
+
stop_on SUB_COMMANDS
|
19
15
|
end
|
20
16
|
|
21
|
-
#
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
puts Gauntlt.attack(options.name, :attack_file => options.attack_file)
|
43
|
-
else
|
44
|
-
puts " Must specify name and attack-file"
|
45
|
-
puts ""
|
46
|
-
puts " try: gauntlt attack -n nmap -a your.attack"
|
47
|
-
raise
|
48
|
-
end
|
17
|
+
cmd = ARGV.shift # get the subcommand
|
18
|
+
|
19
|
+
cmd_opts = case cmd
|
20
|
+
when "attack" # parse delete options
|
21
|
+
Trollop::options do
|
22
|
+
banner "usage: gauntlt attack -n [attack-name] -a [attack-file]"
|
23
|
+
|
24
|
+
opt :name,
|
25
|
+
"attack name",
|
26
|
+
:short => '-n',
|
27
|
+
:type => String
|
28
|
+
|
29
|
+
opt :"attack-file",
|
30
|
+
"attack file",
|
31
|
+
:short => "-a",
|
32
|
+
:type => String
|
33
|
+
|
34
|
+
opt :list,
|
35
|
+
"list defined attacks",
|
36
|
+
:short => "-l"
|
37
|
+
|
49
38
|
end
|
39
|
+
when nil
|
40
|
+
puts "Try --help for help"
|
41
|
+
else
|
42
|
+
Trollop::die "unknown subcommand #{cmd.inspect}"
|
50
43
|
end
|
51
|
-
end
|
52
44
|
|
53
|
-
|
45
|
+
if cmd == "attack"
|
46
|
+
if cmd_opts[:'attack-file_given'] && cmd_opts[:name]
|
47
|
+
puts Gauntlt.attack(cmd_opts[:name], :attack_file => cmd_opts[:'attack-file'])
|
48
|
+
else
|
49
|
+
puts "Available attacks:"
|
50
|
+
puts ""
|
51
|
+
puts Gauntlt.attacks.map{|a| " #{a}"}.join("\n")
|
52
|
+
puts ""
|
53
|
+
puts " try: gauntlt attack -n nmap"
|
54
|
+
Trollop.die "must specify name and attack-file" unless cmd_opts[:list_given]
|
55
|
+
end
|
56
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
@slow
|
2
|
+
|
3
|
+
Feature: nmap attacks for example.com
|
4
|
+
Background:
|
5
|
+
Given "nmap" is installed
|
6
|
+
And the target hostname is "google.com"
|
7
|
+
And the target tcp_ping_ports are "22,25,80,443"
|
8
|
+
|
9
|
+
|
10
|
+
Scenario: Verify server is open on expected set of ports using the nmap fast flag
|
11
|
+
When I launch an "nmap" attack with:
|
12
|
+
"""
|
13
|
+
nmap -F <hostname>
|
14
|
+
"""
|
15
|
+
Then the output should contain:
|
16
|
+
"""
|
17
|
+
80/tcp open http
|
18
|
+
443/tcp open https
|
19
|
+
3128/tcp open squid-http
|
20
|
+
8080/tcp open http-proxy
|
21
|
+
"""
|
22
|
+
Scenario: Verify that there are no unexpected ports open
|
23
|
+
When I launch an "nmap" attack with:
|
24
|
+
"""
|
25
|
+
nmap -F <hostname>
|
26
|
+
"""
|
27
|
+
Then the output should not contain:
|
28
|
+
"""
|
29
|
+
22/tcp
|
30
|
+
25/tcp
|
31
|
+
"""
|
32
|
+
|
33
|
+
Scenario: Using tcp syn ping scan and the nmap fast flag
|
34
|
+
When I launch an "nmap" attack with:
|
35
|
+
"""
|
36
|
+
nmap -F -PS<tcp_ping_ports> <hostname>
|
37
|
+
"""
|
38
|
+
Then the output should contain:
|
39
|
+
"""
|
40
|
+
80/tcp open http
|
41
|
+
443/tcp open https
|
42
|
+
3128/tcp open squid-http
|
43
|
+
8080/tcp open http-proxy
|
44
|
+
"""
|
45
|
+
|
46
|
+
Scenario: Output to XML
|
47
|
+
When I launch an "nmap" attack with:
|
48
|
+
"""
|
49
|
+
nmap -p 80,443 -oX foo.xml <hostname>
|
50
|
+
"""
|
51
|
+
And the file "foo.xml" should contain XML:
|
52
|
+
| css |
|
53
|
+
| ports port[protocol="tcp"][portid="80"] state[state="open"] |
|
54
|
+
| ports port[protocol="tcp"][portid="443"] state[state="open"] |
|
55
|
+
And the file "foo.xml" should not contain XML:
|
56
|
+
| css |
|
57
|
+
| ports port[protocol="tcp"][portid="123"] state[state="open"] |
|
data/features/attack.feature
CHANGED
@@ -37,14 +37,14 @@ Feature: Verify the attack behaviour is correct
|
|
37
37
|
When I run `gauntlt attack --name thisattackwouldneverexist`
|
38
38
|
Then it should fail with:
|
39
39
|
"""
|
40
|
-
|
40
|
+
must specify name and attack-file
|
41
41
|
"""
|
42
42
|
|
43
43
|
Scenario: No attack name specified
|
44
44
|
When I run `gauntlt attack --attack-file thisattackwouldneverexist`
|
45
45
|
Then it should fail with:
|
46
46
|
"""
|
47
|
-
|
47
|
+
must specify name and attack-file
|
48
48
|
"""
|
49
49
|
|
50
50
|
Scenario: Bad attack file specified
|
@@ -58,5 +58,5 @@ Feature: Verify the attack behaviour is correct
|
|
58
58
|
When I run `gauntlt attack --name nmap`
|
59
59
|
Then it should fail with:
|
60
60
|
"""
|
61
|
-
|
61
|
+
must specify name and attack-file
|
62
62
|
"""
|
@@ -1,10 +1,9 @@
|
|
1
1
|
Feature: nmap attack
|
2
|
-
|
3
|
-
Scenario: Launch nmap attack
|
2
|
+
Background:
|
4
3
|
Given an attack "nmap" exists
|
5
|
-
And a file named "
|
4
|
+
And a file named "simple_nmap.attack" with:
|
6
5
|
"""
|
7
|
-
Feature: nmap
|
6
|
+
Feature: simple nmap attack (sanity check)
|
8
7
|
|
9
8
|
Background:
|
10
9
|
Given "nmap" is installed
|
@@ -20,6 +19,14 @@ Feature: nmap attack
|
|
20
19
|
80/tcp open http
|
21
20
|
443/tcp open https
|
22
21
|
\"\"\"
|
22
|
+
"""
|
23
|
+
And a file named "os_detection_nmap.attack" with:
|
24
|
+
"""
|
25
|
+
Feature: OS detection
|
26
|
+
|
27
|
+
Background:
|
28
|
+
Given "nmap" is installed
|
29
|
+
And the target hostname is "google.com"
|
23
30
|
|
24
31
|
@slow
|
25
32
|
Scenario: Detect OS
|
@@ -32,9 +39,78 @@ Feature: nmap attack
|
|
32
39
|
Service Info: OS: Linux
|
33
40
|
\"\"\"
|
34
41
|
"""
|
35
|
-
|
42
|
+
And a file named "tcp_ping_ports_nmap.attack" with:
|
43
|
+
"""
|
44
|
+
Feature: nmap attacks for example.com
|
45
|
+
Background:
|
46
|
+
Given "nmap" is installed
|
47
|
+
And the target hostname is "google.com"
|
48
|
+
And the target tcp_ping_ports are "22,25,80,443"
|
49
|
+
|
50
|
+
@slow
|
51
|
+
Scenario: Using tcp syn ping scan and the nmap fast flag
|
52
|
+
When I launch an "nmap" attack with:
|
53
|
+
\"\"\"
|
54
|
+
nmap -F -PS<tcp_ping_ports> <hostname>
|
55
|
+
\"\"\"
|
56
|
+
Then the output should contain:
|
57
|
+
\"\"\"
|
58
|
+
80/tcp
|
59
|
+
\"\"\"
|
60
|
+
|
61
|
+
"""
|
62
|
+
And a file named "xml_output_nmap.attack" with:
|
63
|
+
"""
|
64
|
+
Feature: simple nmap attack (sanity check)
|
65
|
+
|
66
|
+
Background:
|
67
|
+
Given "nmap" is installed
|
68
|
+
And the target hostname is "google.com"
|
69
|
+
|
70
|
+
Scenario: Output to XML
|
71
|
+
When I launch an "nmap" attack with:
|
72
|
+
\"\"\"
|
73
|
+
nmap -p 80,443 -oX foo.xml <hostname>
|
74
|
+
\"\"\"
|
75
|
+
And the file "foo.xml" should contain XML:
|
76
|
+
| css |
|
77
|
+
| ports port[protocol="tcp"][portid="80"] state[state="open"] |
|
78
|
+
| ports port[protocol="tcp"][portid="443"] state[state="open"] |
|
79
|
+
And the file "foo.xml" should not contain XML:
|
80
|
+
| css |
|
81
|
+
| ports port[protocol="tcp"][portid="123"] state[state="open"] |
|
82
|
+
"""
|
83
|
+
|
84
|
+
|
85
|
+
Scenario: Simple nmap attack
|
86
|
+
When I run `gauntlt attack --name nmap --attack-file simple_nmap.attack`
|
87
|
+
Then it should pass
|
88
|
+
And the output should contain:
|
89
|
+
"""
|
90
|
+
4 steps (4 passed)
|
91
|
+
"""
|
92
|
+
|
93
|
+
@slow
|
94
|
+
Scenario: OS detection nmap attack
|
95
|
+
When I run `gauntlt attack -n nmap -a os_detection_nmap.attack`
|
96
|
+
Then it should pass
|
97
|
+
And the output should contain:
|
98
|
+
"""
|
99
|
+
4 steps (4 passed)
|
100
|
+
"""
|
101
|
+
|
102
|
+
Scenario: Testing the tcp_ping_ports
|
103
|
+
When I run `gauntlt attack -n nmap -a tcp_ping_ports_nmap.attack`
|
104
|
+
Then it should pass
|
105
|
+
And the output should contain:
|
106
|
+
"""
|
107
|
+
5 steps (5 passed)
|
108
|
+
"""
|
109
|
+
|
110
|
+
Scenario: Handle XML output file
|
111
|
+
When I run `gauntlt attack -n nmap -a xml_output_nmap.attack`
|
36
112
|
Then it should pass
|
37
113
|
And the output should contain:
|
38
114
|
"""
|
39
|
-
|
115
|
+
5 steps (5 passed)
|
40
116
|
"""
|
data/features/help.feature
CHANGED
@@ -4,34 +4,39 @@ Feature: Display help info
|
|
4
4
|
I want contextual help info,
|
5
5
|
In order to learn the options required by an attack
|
6
6
|
|
7
|
-
Scenario:
|
7
|
+
Scenario: Global help
|
8
8
|
When I run `gauntlt --help`
|
9
|
-
Then
|
9
|
+
Then the output should contain:
|
10
|
+
"""
|
11
|
+
usage: gauntlt attack [<args>]
|
12
|
+
"""
|
10
13
|
|
11
|
-
Scenario:
|
14
|
+
Scenario: Attack help
|
12
15
|
When I run `gauntlt attack -h -n nmap`
|
13
16
|
Then the output should contain:
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
+
"""
|
18
|
+
usage: gauntlt attack -n [attack-name] -a [attack-file]
|
19
|
+
"""
|
17
20
|
|
18
21
|
Scenario: A user runs gauntlt without any arguments
|
19
22
|
When I run `gauntlt`
|
20
|
-
Then
|
23
|
+
Then the output should contain:
|
24
|
+
"""
|
25
|
+
Try --help for help
|
26
|
+
"""
|
21
27
|
|
22
28
|
Scenario: A user runs the attack command without specifying attack name
|
23
29
|
When I run `gauntlt attack`
|
24
30
|
Then the output should contain:
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
31
|
+
"""
|
32
|
+
Available attacks:
|
33
|
+
|
34
|
+
cookies
|
35
|
+
curl
|
36
|
+
http_methods
|
37
|
+
nmap
|
38
|
+
sqlmap
|
39
|
+
sslyze
|
40
|
+
|
41
|
+
try: gauntlt attack -n nmap
|
42
|
+
"""
|
data/gauntlt.gemspec
CHANGED
@@ -7,24 +7,24 @@ Gem::Specification.new do |s|
|
|
7
7
|
s.version = Gauntlt::VERSION
|
8
8
|
s.authors = ["James Wickett", "Mani Tadayon"]
|
9
9
|
s.email = ["james@ruggeddevops.org"]
|
10
|
-
s.homepage = ""
|
10
|
+
s.homepage = "https://github.com/thegauntlet/gauntlt"
|
11
11
|
s.summary = %q{behaviour-driven security using cucumber}
|
12
12
|
s.description = %q{Using standard Gherkin language to define security tests, gauntlt happily wraps cucumber functionality and provides a security testing framework that security engineers, developers and operations teams can collaborate on together.}
|
13
13
|
|
14
|
-
|
14
|
+
s.files = `git ls-files`.split("\n")
|
15
15
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
16
16
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
17
17
|
s.require_paths = ["lib"]
|
18
18
|
|
19
19
|
# specify any dependencies here; for example:
|
20
20
|
s.add_development_dependency "cucumber"
|
21
|
-
s.add_development_dependency "rspec"
|
21
|
+
s.add_development_dependency "rspec", "~> 2.11"
|
22
22
|
s.add_development_dependency "aruba"
|
23
|
-
s.add_development_dependency "rake"
|
23
|
+
s.add_development_dependency "rake"
|
24
24
|
|
25
25
|
s.add_runtime_dependency "cucumber"
|
26
26
|
s.add_runtime_dependency "aruba"
|
27
|
-
s.add_runtime_dependency "curb"
|
28
|
-
s.add_runtime_dependency "
|
29
|
-
s.add_runtime_dependency "
|
27
|
+
s.add_runtime_dependency "curb"
|
28
|
+
s.add_runtime_dependency "nokogiri"
|
29
|
+
s.add_runtime_dependency "trollop"
|
30
30
|
end
|
@@ -8,7 +8,31 @@ When /^the target hostname is "(.*?)"$/ do |host|
|
|
8
8
|
set_hostname host
|
9
9
|
end
|
10
10
|
|
11
|
+
When /^the target tcp_ping_ports are "(.*?)"$/ do |ports|
|
12
|
+
set_tcp_ping_ports ports
|
13
|
+
end
|
14
|
+
|
11
15
|
When /^I launch an "nmap" attack with:$/ do |command|
|
12
16
|
command.gsub!('<hostname>', hostname)
|
17
|
+
|
18
|
+
if tcp_ping_ports.nil?
|
19
|
+
else
|
20
|
+
command.gsub!('<tcp_ping_ports>', tcp_ping_ports)
|
21
|
+
end
|
22
|
+
|
13
23
|
run command
|
14
24
|
end
|
25
|
+
|
26
|
+
require 'nokogiri'
|
27
|
+
|
28
|
+
When /^the file "(.*?)" should contain XML:$/ do |filename, css_selectors|
|
29
|
+
css_selectors.hashes.each do |row|
|
30
|
+
assert_xml_includes(filename, row['css'])
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
When /^the file "(.*?)" should not contain XML:$/ do |filename, css_selectors|
|
35
|
+
css_selectors.hashes.each do |row|
|
36
|
+
assert_xml_does_not_include(filename, row['css'])
|
37
|
+
end
|
38
|
+
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
require 'aruba/cucumber'
|
2
|
+
|
1
3
|
require 'English'
|
2
4
|
# English.rb adds human-readable names for things like $?, $!, etc.:
|
3
5
|
# http://www.ruby-doc.org/stdlib-1.9.3/libdoc/English/rdoc/English_rb.html
|
@@ -15,4 +17,9 @@ module Gauntlt
|
|
15
17
|
end
|
16
18
|
end
|
17
19
|
end
|
18
|
-
|
20
|
+
|
21
|
+
World(Gauntlt::Support::CliHelper)
|
22
|
+
|
23
|
+
Before('@slow') do
|
24
|
+
@aruba_timeout_seconds = 10
|
25
|
+
end
|
@@ -1,27 +1,32 @@
|
|
1
1
|
require 'curb'
|
2
2
|
|
3
|
-
module
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
3
|
+
module Gauntlt
|
4
|
+
module Support
|
5
|
+
module CookieHelper
|
6
|
+
def cookies_for(url)
|
7
|
+
[].tap do |returner|
|
8
|
+
c = Curl::Easy.perform(url) do |curl|
|
9
|
+
curl.follow_location = true
|
10
|
+
curl.enable_cookies = true
|
9
11
|
|
10
|
-
|
11
|
-
|
12
|
+
curl.on_header do |header|
|
13
|
+
returner << "#{$1}=#{$2}" if header =~ /^Set-Cookie: ([^=]+)=([^;]+;)/
|
14
|
+
end
|
15
|
+
end
|
12
16
|
end
|
13
17
|
end
|
14
|
-
end
|
15
|
-
end
|
16
18
|
|
17
|
-
|
18
|
-
|
19
|
+
def cookies
|
20
|
+
raise "No cookies set" if @cookies.nil?
|
19
21
|
|
20
|
-
|
21
|
-
|
22
|
+
@cookies
|
23
|
+
end
|
22
24
|
|
23
|
-
|
24
|
-
|
25
|
+
def set_cookies(a)
|
26
|
+
@cookies = a
|
27
|
+
end
|
28
|
+
end
|
25
29
|
end
|
26
30
|
end
|
27
|
-
|
31
|
+
|
32
|
+
World(Gauntlt::Support::CookieHelper)
|
@@ -1,13 +1,18 @@
|
|
1
1
|
require 'aruba'
|
2
2
|
|
3
|
-
module
|
4
|
-
|
5
|
-
|
3
|
+
module Gauntlt
|
4
|
+
module Support
|
5
|
+
module NmapHelper
|
6
|
+
def run_nmap_attack(host, opts)
|
7
|
+
args = opts.map{|k,v| "#{k} #{v}"}
|
6
8
|
|
7
|
-
|
9
|
+
command = "nmap #{args.join(' ')} #{host}"
|
8
10
|
|
9
|
-
|
10
|
-
|
11
|
+
# run is from aruba
|
12
|
+
run command
|
13
|
+
end
|
14
|
+
end
|
11
15
|
end
|
12
16
|
end
|
13
|
-
|
17
|
+
|
18
|
+
World(Gauntlt::Support::NmapHelper)
|
@@ -1,12 +1,28 @@
|
|
1
|
-
module
|
2
|
-
|
3
|
-
|
1
|
+
module Gauntlt
|
2
|
+
module Support
|
3
|
+
module ProfileHelper
|
4
|
+
def hostname
|
5
|
+
raise "No host defined" if @hostname.nil?
|
4
6
|
|
5
|
-
|
6
|
-
|
7
|
+
@hostname
|
8
|
+
end
|
9
|
+
|
10
|
+
def tcp_ping_ports
|
11
|
+
#raise "No tcp_ping_ports defined" if @tcp_ping_ports.nil?
|
12
|
+
|
13
|
+
@tcp_ping_ports
|
14
|
+
end
|
7
15
|
|
8
|
-
|
9
|
-
|
16
|
+
def set_hostname(s)
|
17
|
+
@hostname = s
|
18
|
+
end
|
19
|
+
|
20
|
+
def set_tcp_ping_ports(s)
|
21
|
+
@tcp_ping_ports = s
|
22
|
+
end
|
23
|
+
end
|
10
24
|
end
|
11
25
|
end
|
12
|
-
|
26
|
+
|
27
|
+
World(Gauntlt::Support::ProfileHelper)
|
28
|
+
|
@@ -0,0 +1,31 @@
|
|
1
|
+
require 'aruba/cucumber'
|
2
|
+
|
3
|
+
module Gauntlt
|
4
|
+
module Support
|
5
|
+
module XmlHelper
|
6
|
+
def load_xml_from_file(filename)
|
7
|
+
content = ""
|
8
|
+
prep_for_fs_check do
|
9
|
+
content = IO.read(filename)
|
10
|
+
end
|
11
|
+
Nokogiri::XML(content)
|
12
|
+
end
|
13
|
+
|
14
|
+
|
15
|
+
def xml_at_css(filename, css)
|
16
|
+
xml = load_xml_from_file(filename)
|
17
|
+
xml.at_css(css)
|
18
|
+
end
|
19
|
+
|
20
|
+
def assert_xml_includes(filename, css)
|
21
|
+
raise "#{css} not found in #{filename}" if xml_at_css(filename, css).nil?
|
22
|
+
end
|
23
|
+
|
24
|
+
def assert_xml_does_not_include(filename, css)
|
25
|
+
raise "#{css} found in #{filename}" unless xml_at_css(filename, css).nil?
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
World(Gauntlt::Support::XmlHelper)
|
data/lib/gauntlt/version.rb
CHANGED
data/spec/gauntlt_spec.rb
CHANGED
@@ -23,10 +23,9 @@ describe Gauntlt do
|
|
23
23
|
|
24
24
|
describe :attack_files do
|
25
25
|
it "returns the full path to each attack file" do
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
end
|
26
|
+
stub_const "Gauntlt::ATTACK_GLOB_PATTERN",'foo'
|
27
|
+
Dir.stub(:glob).with('foo').and_return(['bar', 'baz'])
|
28
|
+
subject.attack_files.should == ['bar', 'baz']
|
30
29
|
end
|
31
30
|
end
|
32
31
|
|
data/spec/spec_helper.rb
CHANGED
File without changes
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: gauntlt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.6
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2012-08-
|
13
|
+
date: 2012-08-07 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: cucumber
|
@@ -33,17 +33,17 @@ dependencies:
|
|
33
33
|
requirement: !ruby/object:Gem::Requirement
|
34
34
|
none: false
|
35
35
|
requirements:
|
36
|
-
- -
|
36
|
+
- - ~>
|
37
37
|
- !ruby/object:Gem::Version
|
38
|
-
version: '
|
38
|
+
version: '2.11'
|
39
39
|
type: :development
|
40
40
|
prerelease: false
|
41
41
|
version_requirements: !ruby/object:Gem::Requirement
|
42
42
|
none: false
|
43
43
|
requirements:
|
44
|
-
- -
|
44
|
+
- - ~>
|
45
45
|
- !ruby/object:Gem::Version
|
46
|
-
version: '
|
46
|
+
version: '2.11'
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
name: aruba
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
@@ -125,7 +125,7 @@ dependencies:
|
|
125
125
|
- !ruby/object:Gem::Version
|
126
126
|
version: '0'
|
127
127
|
- !ruby/object:Gem::Dependency
|
128
|
-
name:
|
128
|
+
name: nokogiri
|
129
129
|
requirement: !ruby/object:Gem::Requirement
|
130
130
|
none: false
|
131
131
|
requirements:
|
@@ -141,21 +141,21 @@ dependencies:
|
|
141
141
|
- !ruby/object:Gem::Version
|
142
142
|
version: '0'
|
143
143
|
- !ruby/object:Gem::Dependency
|
144
|
-
name:
|
144
|
+
name: trollop
|
145
145
|
requirement: !ruby/object:Gem::Requirement
|
146
146
|
none: false
|
147
147
|
requirements:
|
148
|
-
- - '
|
148
|
+
- - ! '>='
|
149
149
|
- !ruby/object:Gem::Version
|
150
|
-
version: 0
|
150
|
+
version: '0'
|
151
151
|
type: :runtime
|
152
152
|
prerelease: false
|
153
153
|
version_requirements: !ruby/object:Gem::Requirement
|
154
154
|
none: false
|
155
155
|
requirements:
|
156
|
-
- - '
|
156
|
+
- - ! '>='
|
157
157
|
- !ruby/object:Gem::Version
|
158
|
-
version: 0
|
158
|
+
version: '0'
|
159
159
|
description: Using standard Gherkin language to define security tests, gauntlt happily
|
160
160
|
wraps cucumber functionality and provides a security testing framework that security
|
161
161
|
engineers, developers and operations teams can collaborate on together.
|
@@ -174,6 +174,7 @@ files:
|
|
174
174
|
- README.md
|
175
175
|
- Rakefile
|
176
176
|
- bin/gauntlt
|
177
|
+
- examples/nmap/nmap.attack
|
177
178
|
- features/attack.feature
|
178
179
|
- features/attacks/cookies.feature
|
179
180
|
- features/attacks/curl.feature
|
@@ -185,7 +186,6 @@ files:
|
|
185
186
|
- features/report.feature
|
186
187
|
- features/step_definitions/aruba_extension_steps.rb
|
187
188
|
- features/step_definitions/config_steps.rb
|
188
|
-
- features/step_definitions/help_steps.rb
|
189
189
|
- features/step_definitions/support_steps.rb
|
190
190
|
- features/support/aruba.rb
|
191
191
|
- features/support/attack_steps.rb
|
@@ -205,18 +205,16 @@ files:
|
|
205
205
|
- lib/gauntlt/attack_adapters/sslyze.rb
|
206
206
|
- lib/gauntlt/attack_adapters/support/cli_helper.rb
|
207
207
|
- lib/gauntlt/attack_adapters/support/cookie_helper.rb
|
208
|
-
- lib/gauntlt/attack_adapters/support/env.rb
|
209
|
-
- lib/gauntlt/attack_adapters/support/hooks.rb
|
210
208
|
- lib/gauntlt/attack_adapters/support/nmap_helper.rb
|
211
209
|
- lib/gauntlt/attack_adapters/support/profile_helper.rb
|
212
210
|
- lib/gauntlt/attack_adapters/support/python_script_helper.rb
|
213
|
-
- lib/gauntlt/attack_adapters/support/
|
211
|
+
- lib/gauntlt/attack_adapters/support/xml_helper.rb
|
214
212
|
- lib/gauntlt/version.rb
|
215
213
|
- spec/gauntlt/attack_spec.rb
|
216
214
|
- spec/gauntlt_spec.rb
|
217
215
|
- spec/spec_helper.rb
|
218
|
-
-
|
219
|
-
homepage:
|
216
|
+
- vendor/sslyze_output.README
|
217
|
+
homepage: https://github.com/thegauntlet/gauntlt
|
220
218
|
licenses: []
|
221
219
|
post_install_message:
|
222
220
|
rdoc_options: []
|
@@ -236,7 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
236
234
|
version: '0'
|
237
235
|
requirements: []
|
238
236
|
rubyforge_project:
|
239
|
-
rubygems_version: 1.8.
|
237
|
+
rubygems_version: 1.8.24
|
240
238
|
signing_key:
|
241
239
|
specification_version: 3
|
242
240
|
summary: behaviour-driven security using cucumber
|
@@ -252,7 +250,6 @@ test_files:
|
|
252
250
|
- features/report.feature
|
253
251
|
- features/step_definitions/aruba_extension_steps.rb
|
254
252
|
- features/step_definitions/config_steps.rb
|
255
|
-
- features/step_definitions/help_steps.rb
|
256
253
|
- features/step_definitions/support_steps.rb
|
257
254
|
- features/support/aruba.rb
|
258
255
|
- features/support/attack_steps.rb
|
@@ -262,4 +259,3 @@ test_files:
|
|
262
259
|
- spec/gauntlt/attack_spec.rb
|
263
260
|
- spec/gauntlt_spec.rb
|
264
261
|
- spec/spec_helper.rb
|
265
|
-
- spec/support/mock_constants.rb
|
@@ -1 +0,0 @@
|
|
1
|
-
require 'aruba/cucumber'
|
@@ -1,46 +0,0 @@
|
|
1
|
-
# from http://missingbit.blogspot.com/2011/07/stubbing-constants-in-rspec_20.html
|
2
|
-
# example: (from http://digitaldumptruck.jotabout.com/?p=551)
|
3
|
-
# it "does not allow links to be added in production environment" do
|
4
|
-
# with_constants :RAILS_ENV => 'production' do
|
5
|
-
# get :add, @nonexistent_link.url
|
6
|
-
# response.should_not be_success
|
7
|
-
# end
|
8
|
-
# end
|
9
|
-
module RSpecConstantsHelpers
|
10
|
-
def constantize(camel_cased_word)
|
11
|
-
names = camel_cased_word.split('::')
|
12
|
-
names.shift if names.empty? || names.first.empty?
|
13
|
-
|
14
|
-
constant = Object
|
15
|
-
names.each do |name|
|
16
|
-
constant = constant.const_defined?(name) ? constant.const_get(name) : constant.const_missing(name)
|
17
|
-
end
|
18
|
-
constant
|
19
|
-
end
|
20
|
-
|
21
|
-
def parse(constant)
|
22
|
-
source, _, constant_name = constant.to_s.rpartition('::')
|
23
|
-
|
24
|
-
[constantize(source), constant_name]
|
25
|
-
end
|
26
|
-
|
27
|
-
def with_constants(constants, &block)
|
28
|
-
saved_constants = {}
|
29
|
-
constants.each do |constant, val|
|
30
|
-
source_object, const_name = parse(constant)
|
31
|
-
|
32
|
-
saved_constants[constant] = source_object.const_get(const_name)
|
33
|
-
source_object.const_set(const_name, val)
|
34
|
-
end
|
35
|
-
|
36
|
-
begin
|
37
|
-
block.call
|
38
|
-
ensure
|
39
|
-
constants.each do |constant, val|
|
40
|
-
source_object, const_name = parse(constant)
|
41
|
-
|
42
|
-
source_object.const_set(const_name, saved_constants[constant])
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|