gauntlt 0.0.6 → 0.0.7
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +3 -3
- data/bin/gauntlt +1 -1
- data/features/attack.feature +11 -3
- data/lib/gauntlt/attack.rb +10 -1
- data/lib/gauntlt/attack_adapters/nmap.rb +3 -4
- data/lib/gauntlt/attack_adapters/support/profile_helper.rb +0 -2
- data/lib/gauntlt/version.rb +1 -1
- data/spec/gauntlt/attack_spec.rb +32 -1
- metadata +2 -2
data/README.md
CHANGED
|
@@ -95,10 +95,10 @@ Below are some tools we are targeting but don't let that stop you from adding yo
|
|
|
95
95
|
* [w3af] [w3af]
|
|
96
96
|
* [arachni] [arachni]
|
|
97
97
|
|
|
98
|
-
Have questions? Ask us anything on the [gauntlt google group](http://bit.ly/gauntlt_group).
|
|
99
98
|
|
|
100
|
-
## ADD
|
|
101
|
-
|
|
99
|
+
## ADD AN ATTACK ADAPTER
|
|
100
|
+
|
|
101
|
+
See the wiki on how to add an attack adapter to gauntlt. We would love your contributions.
|
|
102
102
|
|
|
103
103
|
## LICENSE
|
|
104
104
|
|
data/bin/gauntlt
CHANGED
|
@@ -44,7 +44,7 @@ cmd_opts = case cmd
|
|
|
44
44
|
|
|
45
45
|
if cmd == "attack"
|
|
46
46
|
if cmd_opts[:'attack-file_given'] && cmd_opts[:name]
|
|
47
|
-
|
|
47
|
+
puts Gauntlt.attack(cmd_opts[:name], :attack_file => cmd_opts[:'attack-file'])
|
|
48
48
|
else
|
|
49
49
|
puts "Available attacks:"
|
|
50
50
|
puts ""
|
data/features/attack.feature
CHANGED
|
@@ -33,13 +33,21 @@ Feature: Verify the attack behaviour is correct
|
|
|
33
33
|
When I run `gauntlt attack --name nmap --attack-file nmap.attack`
|
|
34
34
|
Then it should pass
|
|
35
35
|
|
|
36
|
-
Scenario:
|
|
37
|
-
|
|
36
|
+
Scenario: Run attack with undefined steps
|
|
37
|
+
Given an attack "nmap" exists
|
|
38
|
+
And a file named "nmap.attack" with:
|
|
39
|
+
"""
|
|
40
|
+
Feature: my non-existent attack
|
|
41
|
+
Scenario: Fail on undefined step definition
|
|
42
|
+
Given "thisattackwouldneverexist" is installed
|
|
43
|
+
"""
|
|
44
|
+
When I run `gauntlt attack --name nmap --attack-file nmap.attack`
|
|
38
45
|
Then it should fail with:
|
|
39
46
|
"""
|
|
40
|
-
|
|
47
|
+
Bad or undefined attack!
|
|
41
48
|
"""
|
|
42
49
|
|
|
50
|
+
|
|
43
51
|
Scenario: No attack name specified
|
|
44
52
|
When I run `gauntlt attack --attack-file thisattackwouldneverexist`
|
|
45
53
|
Then it should fail with:
|
data/lib/gauntlt/attack.rb
CHANGED
|
@@ -4,6 +4,7 @@ require 'cucumber/cli/main'
|
|
|
4
4
|
module Gauntlt
|
|
5
5
|
class Attack
|
|
6
6
|
class NotFound < Exception; end
|
|
7
|
+
class ExecutionFailed < Exception; end
|
|
7
8
|
|
|
8
9
|
attr_accessor :name, :opts, :attack_file
|
|
9
10
|
|
|
@@ -26,7 +27,15 @@ module Gauntlt
|
|
|
26
27
|
end
|
|
27
28
|
|
|
28
29
|
def run
|
|
29
|
-
|
|
30
|
+
@out = StringIO.new ""
|
|
31
|
+
|
|
32
|
+
cli = Cucumber::Cli::Main.new([self.attack_file, '--strict', '--require', self.attacks_dir], @out)
|
|
33
|
+
|
|
34
|
+
if cli.execute! # cucumber failed, returning true
|
|
35
|
+
raise ExecutionFailed.new("Bad or undefined attack!")
|
|
36
|
+
else # cucumber executed successfully, returning false
|
|
37
|
+
@out.string
|
|
38
|
+
end
|
|
30
39
|
end
|
|
31
40
|
end
|
|
32
41
|
end
|
|
@@ -13,12 +13,11 @@ When /^the target tcp_ping_ports are "(.*?)"$/ do |ports|
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
When /^I launch an "nmap" attack with:$/ do |command|
|
|
16
|
+
# hostname defined in Gauntlt::Support::ProfileHelper
|
|
16
17
|
command.gsub!('<hostname>', hostname)
|
|
17
18
|
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
command.gsub!('<tcp_ping_ports>', tcp_ping_ports)
|
|
21
|
-
end
|
|
19
|
+
# tcp_ping_ports defined in Gauntlt::Support::ProfileHelper
|
|
20
|
+
command.gsub!('<tcp_ping_ports>', tcp_ping_ports) if tcp_ping_ports
|
|
22
21
|
|
|
23
22
|
run command
|
|
24
23
|
end
|
data/lib/gauntlt/version.rb
CHANGED
data/spec/gauntlt/attack_spec.rb
CHANGED
|
@@ -50,9 +50,40 @@ describe Gauntlt::Attack do
|
|
|
50
50
|
it "executes the attack file, specifies failure for undefined steps and specifies the attacks_dir" do
|
|
51
51
|
subject.should_receive(:attacks_dir).and_return('/bar')
|
|
52
52
|
subject.should_receive(:attack_file).and_return('/bar/baz.attack')
|
|
53
|
-
|
|
53
|
+
|
|
54
|
+
mock_io = mock('io')
|
|
55
|
+
mock_io.stub(:string)
|
|
56
|
+
StringIO.stub(:new).and_return(mock_io)
|
|
57
|
+
|
|
58
|
+
mock_cli = mock(Cucumber::Cli::Main)
|
|
59
|
+
mock_cli.should_receive(:execute!)
|
|
60
|
+
Cucumber::Cli::Main.should_receive(:new).with(['/bar/baz.attack', '--strict', '--require', '/bar'], mock_io).and_return(mock_cli)
|
|
54
61
|
|
|
55
62
|
subject.run
|
|
56
63
|
end
|
|
64
|
+
|
|
65
|
+
it "returns nil if if Cucumber::Cli::Main.execute succeeds (i.e. returns nil)" do
|
|
66
|
+
subject.stub(:attacks_dir)
|
|
67
|
+
subject.stub(:attack_file)
|
|
68
|
+
|
|
69
|
+
mock_cli = mock(Cucumber::Cli::Main)
|
|
70
|
+
mock_cli.should_receive(:execute!).and_return(nil)
|
|
71
|
+
Cucumber::Cli::Main.stub(:new).and_return(mock_cli)
|
|
72
|
+
|
|
73
|
+
subject.run.should be_true
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
it "raises an error if Cucumber::Cli::Main.execute fails (i.e. returns true)" do
|
|
77
|
+
subject.stub(:attacks_dir)
|
|
78
|
+
subject.stub(:attack_file)
|
|
79
|
+
|
|
80
|
+
mock_cli = mock(Cucumber::Cli::Main)
|
|
81
|
+
mock_cli.should_receive(:execute!).and_return(true)
|
|
82
|
+
Cucumber::Cli::Main.stub(:new).and_return(mock_cli)
|
|
83
|
+
|
|
84
|
+
expect {
|
|
85
|
+
subject.run
|
|
86
|
+
}.to raise_error(subject.class::ExecutionFailed)
|
|
87
|
+
end
|
|
57
88
|
end
|
|
58
89
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gauntlt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.7
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2012-08-
|
|
13
|
+
date: 2012-08-11 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: cucumber
|