gauntlt 0.1.2 → 0.1.3

data/.travis.yml

@@ -6,10 +6,18 @@ before_install:
   - git submodule update --init --recursive
 before_script:
   - sudo apt-get install nmap
-  - export SSLYZE_PATH="/home/vagrant/builds/gauntlt/gauntlt/vendor/sslyze/sslyze.py"
-  - export SQLMAP_PATH="/home/vagrant/builds/gauntlt/gauntlt/vendor/sqlmap/sqlmap.py"
+  - export SSLYZE_PATH="/home/travis/build/gauntlt/gauntlt/vendor/sslyze/sslyze.py"
+  - export SQLMAP_PATH="/home/travis/build/gauntlt/gauntlt/vendor/sqlmap/sqlmap.py"
   - 'cd vendor/Garmr && sudo python setup.py install && cd ../..'
+  - 'cd vendor && tar xvfz dirb203.tar.gz && cd dirb && ./configure && make && sudo cp dirb /usr/local/bin/ && cd ..'
+  - export DIRB_WORDLISTS="/home/travis/build/gauntlt/gauntlt/vendor/dirb/wordlists"
 
 matrix:
   allow_failures:
-    - rvm: jruby-head
+    - rvm: jruby-head
+
+notifications:
+  irc:
+    channels:
+      - "chat.freenode.net#gauntlt"
+    use_notice: true

data/Gemfile

@@ -1,4 +1,4 @@
-source :rubygems
+source 'https://rubygems.org'
 
 gemspec
 

data/README.md

@@ -4,7 +4,7 @@ gauntlt is a ruggedization framework
 
 ## PROJECT STATUS
 
-The gauntlt project is under active development and is not ready for production use but we are looking for community feedback and involvement on the project.  Please file issues via github and follow the project on twitter: [@gauntlt](https://twitter.com/gauntlt).
+gauntlt is under active development. We welcome community feedback and contributions.  Please file issues via github and follow the project on twitter: [@gauntlt](https://twitter.com/gauntlt).
 
 Have questions?  Ask us anything on the [gauntlt google group](http://bit.ly/gauntlt_group) or find us on irc at [#gauntlt](http://webchat.freenode.net/?channels=gauntlt) (irc.freenode.net).
 
@@ -16,43 +16,49 @@ You will need ruby version `1.9.3` to run gauntlt, but you can run gauntlt again
 
 1. Install the gem
 
-        $ gem install gauntlt
+    ```shell
+    $ gem install gauntlt
+    ```
 
 2. Create an attack file and put it anywhere you like
 
-        # simplest.attack
-        Feature: simplest attack possible
-          Scenario:
-            When I launch a "generic" attack with:
-              """
-              ls -a
-              """
-            Then the output should contain:
-              """
-              .
-              """
+    ```gherkin
+    # simplest.attack
+    Feature: simplest attack possible
+      Scenario:
+        When I launch a "generic" attack with:
+          """
+          ls -a
+          """
+        Then the output should contain:
+          """
+          .
+          """
+    ```
 
 3. Run gauntlt to launch the attack defined above
 
-        $ gauntlt
-        # equivalent to gauntlt ./**/*.attack
-        # by default, gauntlt will search in the current folder
-        # and its subfolders for files with the .attack extension
-        #
-        # you can also specify one or more paths yourself:
-        $ gauntlt my_attacks/*.attack some_other.file
+    ```shell
+    $ gauntlt
+    # equivalent to gauntlt ./**/*.attack
+    # by default, gauntlt will search in the current folder
+    # and its subfolders for files with the .attack extension
 
+    # you can also specify one or more paths yourself:
+    $ gauntlt my_attacks/*.attack some_other.file
+    ```
 
-      For more attack examples, refer to the [examples](https://github.com/gauntlt/gauntlt/tree/master/examples).
+  For more attacks, refer to the [examples](https://github.com/gauntlt/gauntlt/tree/master/examples).
 
 4. Other commands
 
-        # list defined attacks
-        $ gauntlt --list
-
-        # get help
-        $ gauntlt --help
+    ```shell
+    # list defined attacks
+    $ gauntlt --list
 
+    # get help
+    $ gauntlt --help
+    ```
 
 ## ATTACK ADAPTERS
 
@@ -77,41 +83,44 @@ To use gauntlt, you will need one or more attack files. An attack file is a plai
 
 ### What an attack file looks like
 
-    # my.attack
-    Feature: Description for all scenarios in this file
-      Scenario: Description of this scenario
-        Given ...
-        When ...
-        Then ...
+```gherkin
+# my.attack
+Feature: Description for all scenarios in this file
+  Scenario: Description of this scenario
+    Given ...
+    When ...
+    Then ...
 
-      Scenario: ...
-        Given ...
-        When ...
-        Then ...
+  Scenario: ...
+    Given ...
+    When ...
+    Then ...
+```
 
 You can have as many `Scenario` entries as you like, but it is good practice to keep the number low and to ensure that the scenarios in an attack file are all related. You can create as many attack files as you like and organize them in folders and sub-folders as well.
 
 There are a large number of step definitions available, but you can do a lot with just these 3:
 
-    Feature: Attack with kindness
+```gherkin
+Feature: Attack with kindness
 
-      Scenario: Ensure I am not mean
-        # verify a given attack adapter is installed
-        # HIGHLY RECOMMENDED to catch installation/configuration problems
-        Given "kindness" is installed
+  Scenario: Ensure I am not mean
+    # verify a given attack adapter is installed
+    # HIGHLY RECOMMENDED to catch installation/configuration problems
+    Given "kindness" is installed
 
-        # Execute the attack
-        When I launch a "kindness" attack with:
-          """
-          whoami  # EXACT commands to be executed on the command line
-          """
-
-        # Check exit status and STDOUT
-        Then it should pass with:
-          """
-          very_kind
-          """
+    # Execute the attack
+    When I launch a "kindness" attack with:
+      """
+      whoami  # EXACT commands to be executed on the command line
+      """
 
+    # Check exit status and STDOUT
+    Then it should pass with:
+      """
+      very_kind
+      """
+```
 
 ## FOR DEVELOPERS
 
@@ -119,30 +128,40 @@ NOTE: We currently use `ruby 1.9.3` and `JRuby 1.7.0` for development and testin
 
 1. Clone the git repo and get the submodules
 
-        $ git clone --recursive git://github.com/gauntlt/gauntlt.git
+    ```shell
+    $ git clone --recursive git://github.com/gauntlt/gauntlt.git
+    ```
 
 2. Install bundler
 
-        $ gem install bundler
+    ```shell
+    $ gem install bundler
+    ```
 
 3. Install dependencies
 
-        $ bundle
-        # if you get errors, you may need to install curl libs first
-        # on ubuntu:
-        #   $ sudo apt-get install libcurl4-openssl-dev
-
+    ```shell
+    $ bundle
+    # if you get errors, you may need to install curl libs first
+    # on ubuntu:
+    #   $ sudo apt-get install libcurl4-openssl-dev
+    ```
 
 4. Run the cucumber features and rspec examples
 
-        $ bundle exec rake
+    ```shell
+    $ bundle exec rake
+    ```
 
 5. Launch attacks with bin/gauntlt
 
-        $ bin/gauntlt attack
+    ```shell
+    $ bin/gauntlt attack
+    ```
 
 5. Refer to the features directory for usage examples and please write cucumber features for any new functionality you wish to submit.
 
+6. Run the ready_to_rumble.sh script to make sure you have all the dependencies installed like sqlmap and sslyze.  This is meant to replicate the travis setup for devs. This should be a rake task instead. 
 
 ## ROADMAP
 
@@ -156,4 +175,4 @@ gauntlt is licensed under The MIT License. See the LICENSE file in the repo or v
 [nmap]: http://nmap.org
 [sslyze]: https://github.com/iSECPartners/sslyze
 [sqlmap]: http://sqlmap.org
-[garmr]: https://github.com/mozilla/Garmr
+[garmr]: https://github.com/mozilla/Garmr

data/bin/gauntlt

@@ -21,6 +21,7 @@ EOS
       :multi => true
 
   opt :list, "List defined attacks"
+  opt :steps, "List all available step definitions"
 end
 
 opts[:path] = if ARGV.empty?
@@ -33,6 +34,10 @@ if opts[:list]
   attack_list = Gauntlt.attacks.map{|s| "  #{s}"}.join("\n")
   puts "Defined attacks: #{}"
   puts attack_list
+elsif opts[:steps]
+  all_step_defs = Gauntlt.stepdefs( opts[:path], opts[:tags].join(',') )
+  puts all_step_defs[:gauntlt].sort
 else
   Gauntlt.attack( opts[:path], opts[:tags].join(',') )
-end
+end
+

data/config/warble.rb

@@ -0,0 +1,6 @@
+Warbler::Config.new do |config|
+  config.dirs = %w(bin features vendor gem_tasks lib)
+  config.includes = FileList["*.rb"] # I don't know why I have to force the
+  # ruby file inclusion, but for now it solves the problem described
+  # at https://github.com/gauntlt/gauntlt/issues/45
+end

data/examples/dirb/dirb.attack

@@ -0,0 +1,18 @@
+@slow
+Feature: Run dirb scan on a URL
+
+Scenario: Use dirb to scan a website for basic security requirements and the DIRB_WORDLISTS environment variable must be set in your path.  You can use different wordlists by changing the environment variable.
+  Given "dirb" is installed
+  And the following profile:
+     | name                | value                          |
+     | hostname            | https://google.com             |
+     | dirb_wordlists_path | Overwritten by $DIRB_WORDLISTS |
+     | wordlist            | vulns/tests.txt                |
+  When I launch a "dirb" attack with:
+  """
+  dirb <hostname> <dirb_wordlists_path>/<wordlist> 
+  """
+  Then the output should contain:
+  """
+  FOUND: 0
+  """

data/examples/nmap/nmap.attack

@@ -1,11 +1,11 @@
 @slow
 
-Feature: nmap attacks for example.com
+Feature: nmap attacks for scanme.nmap.org and to use this for your tests, change the value in the profile
   Background:
     Given "nmap" is installed
     And the following profile:
       | name           | value        |
-      | hostname       | google.com   |
+      | hostname       | scanme.nmap.org   |
       | tcp_ping_ports | 22,25,80,443 |
 
   Scenario: Verify server is open on expected set of ports using the nmap fast flag
@@ -16,9 +16,6 @@ Feature: nmap attacks for example.com
     Then the output should contain:
       """
       80/tcp   open  http
-      443/tcp  open  https
-      3128/tcp open  squid-http
-      8080/tcp open  http-proxy
       """
   Scenario: Verify that there are no unexpected ports open
     When I launch an "nmap" attack with:
@@ -39,7 +36,7 @@ Feature: nmap attacks for example.com
     And the file "foo.xml" should contain XML:
       | css                                                          |
       | ports port[protocol="tcp"][portid="80"] state[state="open"]  |
-      | ports port[protocol="tcp"][portid="443"] state[state="open"] |
+      | ports port[protocol="tcp"][portid="443"] state[state="closed"] |
     And the file "foo.xml" should not contain XML:
       | css                                                          |
-      | ports port[protocol="tcp"][portid="123"] state[state="open"] |
+      | ports port[protocol="tcp"][portid="123"] state[state="open"] |

data/examples/nmap/os_detection.attack

@@ -4,7 +4,7 @@ Feature: OS detection
     Given "nmap" is installed
     And the following profile:
       | name     | value      |
-      | hostname | google.com |
+      | hostname | scanme.nmap.org |
 
   @slow
   Scenario: Detect OS
@@ -14,5 +14,5 @@ Feature: OS detection
       """
     Then the output should contain:
       """
-      Service Info: OS: Linux
+      Apache
       """

data/examples/nmap/simple.attack

@@ -4,7 +4,7 @@ Feature: simple nmap attack (sanity check)
     Given "nmap" is installed
     And the following profile:
       | name     | value      |
-      | hostname | google.com |
+      | hostname | scanme.nmap.org |
 
   Scenario: Verify server is available on standard web ports
     When I launch an "nmap" attack with:
@@ -13,6 +13,6 @@ Feature: simple nmap attack (sanity check)
       """
     Then the output should contain:
       """
-      80/tcp  open  http
-      443/tcp open  https
+      80/tcp  open   http
+      443/tcp closed https
       """

data/examples/nmap/tcp_ping_ports.attack

@@ -15,4 +15,4 @@ Feature: nmap attacks for example.com
     Then the file "foo.xml" should contain XML:
       | css                                                         |
       | ports port[protocol="tcp"][portid="80"] state[state="open"] |
-      | ports port[protocol="tcp"][portid="22"] state[state="open"] |
+      | ports port[protocol="tcp"][portid="22"] state[state="open"] |

data/examples/nmap/xml_output.attack

@@ -4,7 +4,7 @@ Feature: XML output
     Given "nmap" is installed
     And the following profile:
       | name     | value      |
-      | hostname | google.com |
+      | hostname | scanme.nmap.org |
 
   Scenario: Output to XML
     When I launch an "nmap" attack with:
@@ -14,7 +14,7 @@ Feature: XML output
     And the file "foo.xml" should contain XML:
       | css                                                          |
       | ports port[protocol="tcp"][portid="80"] state[state="open"]  |
-      | ports port[protocol="tcp"][portid="443"] state[state="open"] |
+      | ports port[protocol="tcp"][portid="443"] state[state="closed"] |
     And the file "foo.xml" should not contain XML:
       | css                                                          |
       | ports port[protocol="tcp"][portid="123"] state[state="open"] |

data/features/attack.feature

@@ -12,6 +12,27 @@ Feature: Verify the attack behaviour is correct
       nmap
       """
 
+  Scenario: List defined step definitions
+    Given an attack "nmap" exists
+    And a file named "nmap.attack" with:
+      """
+      Feature: simplest attack possible
+        Scenario:
+          When I launch a "generic" attack with:
+            \"\"\"
+            ls -a
+            \"\"\"
+          Then the output should contain:
+            \"\"\"
+            .
+            \"\"\"
+      """
+    When I run `gauntlt --steps`
+    Then it should pass with:
+      """
+      /^"nmap" is installed$/
+      """
+
   Scenario: Run attack
     Given an attack "nmap" exists
     And a file named "nmap.attack" with:
@@ -53,7 +74,7 @@ Feature: Verify the attack behaviour is correct
       """
       Feature: my non-existent attack
         Scenario: Fail on undefined step definition
-          Given "thisattackwouldneverexist" is installed
+          Given this_attack_would_never_exist 
       """
     When I run `gauntlt`
     Then it should fail with:
@@ -73,4 +94,4 @@ Feature: Verify the attack behaviour is correct
     Then it should fail with:
       """
       No files found in path: apaththatdoesnotexist
-      """
+      """

data/features/attacks/dirb.feature

@@ -0,0 +1,13 @@
+@slow
+Feature: dirb scan
+  Background:
+    Given an attack "dirb" exists
+    And I copy the attack files from the "examples/dirb" folder
+    And the following attack files exist:
+      | filename     |
+      | dirb.attack  |
+    When I run `gauntlt`
+    Then it should pass with:
+      """
+      4 steps (4 passed)
+      """

data/gauntlt.gemspec

@@ -6,7 +6,7 @@ Gem::Specification.new do |s|
   s.name        = "gauntlt"
   s.version     = Gauntlt::VERSION
   s.authors     = ["James Wickett", "Mani Tadayon"]
-  s.email       = ["james@ruggeddevops.org"]
+  s.email       = ["james@gauntlt.org"]
   s.homepage    = "https://github.com/gauntlt/gauntlt"
   s.summary     = %q{behaviour-driven security using cucumber}
   s.description = %q{Using standard Gherkin language to define security tests, gauntlt happily wraps cucumber functionality and provides a security testing framework that security engineers, developers and operations teams can collaborate on together.}
@@ -16,11 +16,11 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
 
-  s.add_development_dependency "cucumber"
+  s.add_development_dependency "cucumber", "~>1.2.0"
   s.add_development_dependency "aruba"
   s.add_development_dependency "rake"
   s.add_development_dependency "sinatra"
-  
+
   s.add_runtime_dependency "cucumber"
   s.add_runtime_dependency "aruba"
   s.add_runtime_dependency "nokogiri"

data/lib/gauntlt.rb

@@ -3,6 +3,7 @@ require "gauntlt/version"
 require 'rubygems'
 require 'cucumber'
 require 'gauntlt/attack'
+require 'gauntlt/stepdef'
 
 module Gauntlt
   CURRENT_DIR = if defined?(Pathname) # ruby 1.9
@@ -31,5 +32,10 @@ module Gauntlt
     def attack(path, tags=[])
       Attack.new(path, tags).run
     end
+
+    def stepdefs(path, tags=[])
+      cuke_runtime = Gauntlt::Runtime.cuke_runtime(path, tags)
+      Stepdef.sources(cuke_runtime)
+    end
   end
 end

data/lib/gauntlt/attack.rb

@@ -1,46 +1,15 @@
-require 'cucumber'
-require 'cucumber/cli/main'
+require 'gauntlt/runtime'
 
 module Gauntlt
   class Attack
-    class NoFilesFound < StandardError; end
-    class ExecutionFailed < StandardError; end
-
-    attr_accessor :path, :attack_files, :tags
+    attr_accessor :runtime
 
     def initialize(path, tags=[])
-      self.path         = path
-      self.attack_files = self.class.attack_files_for(path)
-      self.tags         = tags
-
-      raise NoFilesFound.new("No files found in path: #{path}") if attack_files.empty?
+      self.runtime = Runtime.new(path, tags)
     end
 
     def run
-      args =  attack_files + ['--strict', '--require', self.class.adapters_dir]
-      args += ['--tags', tags] unless tags.empty?
-
-      cli = Cucumber::Cli::Main.new(args)
-
-      if cli.execute! # cucumber failed, returning true
-        raise ExecutionFailed.new("Bad or undefined attack!")
-      else            # cucumber executed successfully, returning false
-        true
-      end
-    end
-
-    class << self
-      def attack_files_for(path)
-        path.split(' ').map{|p| Dir.glob(p)}.flatten
-      end
-
-      def base_dir
-        File.expand_path( File.dirname(__FILE__) )
-      end
-
-      def adapters_dir
-        File.join(base_dir, "attack_adapters")
-      end
+      runtime.execute!
     end
   end
 end

data/lib/gauntlt/attack_adapters/dirb.rb

@@ -0,0 +1,29 @@
+When /^"dirb" is installed$/ do
+  ensure_cli_installed("dirb")
+end
+
+When /^the DIRB_WORDLISTS environment variable is set$/ do
+  ensure_shell_variable_set("DIRB_WORDLISTS")
+end
+
+When /^I launch a "dirb" attack with:$/ do |command|
+  add_to_profile('dirb_wordlists_path', get_shell_variable("DIRB_WORDLISTS"))
+  run_with_profile command
+  @raw_dirb_output = all_output
+end
+   
+#
+# When I run a "dirb" scan with this word list:
+  # """
+  # Admin
+  # Administror
+  # Secret-stats
+  # dashboard
+  # devtools
+  # """
+
+# When I run a "dirb" scan against an apache server
+# When I run a "dirb" scan against a nginx server
+# When I run a "dirb" scan with the small wordlist
+# When I run a "dirb" scan with the large wordlist
+# When I run a "dirb" scan with my custom wordlist: /path/to/wordlist.txt

data/lib/gauntlt/attack_adapters/generic.rb

@@ -4,4 +4,8 @@ end
 
 Given /^the "(.*?)" command line binary is installed$/ do |bin|
   ensure_cli_installed(bin)
-end
+end
+
+Given /^"(\w+)" is installed in my path$/ do |value|
+  ensure_cli_installed("#{value}")
+end

data/lib/gauntlt/attack_adapters/support/cli_helper.rb

@@ -14,6 +14,21 @@ module Gauntlt
       def ensure_cli_installed(bin)
         raise "#{bin} is not installed or is not in your path" unless cli_installed?(bin)
       end
+
+      def ensure_shell_variable_set(shell_variable)
+        raise "#{shell_variable} is not set" unless shell_variable_exists?(shell_variable)
+      end
+
+      def get_shell_variable(shell_variable)
+        ENV[shell_variable]
+      end
+
+      def shell_variable_exists?(shell_variable)
+        path = get_shell_variable(shell_variable)
+        File.exists?(path) if path
+      end
+
+  
     end
   end
 end
@@ -22,4 +37,4 @@ World(Gauntlt::Support::CliHelper)
 
 Before('@slow') do
   @aruba_timeout_seconds = 30
-end
+end

data/lib/gauntlt/runtime.rb

@@ -0,0 +1,61 @@
+require 'cucumber'
+require 'cucumber/runtime'
+require 'cucumber/cli/main'
+
+module Gauntlt
+  class Runtime
+    class NoFilesFound < StandardError; end
+    class ExecutionFailed < StandardError; end
+
+    attr_accessor :path, :attack_files, :tags
+
+    def initialize(path, tags=[])
+      self.path         = path
+      self.attack_files = self.class.attack_files_for(path)
+      self.tags         = tags
+
+      raise NoFilesFound.new("No files found in path: #{path}") if attack_files.empty?
+    end
+
+    def cuke_cli
+      args =  attack_files + ['--strict', '--require', self.class.adapters_dir]
+      args += ['--tags', tags] unless tags.empty?
+
+      Cucumber::Cli::Main.new(args)
+    end
+
+    def cuke_config
+      cli.config
+    end
+
+    def cuke_runtime
+      Cucumber::Runtime.new(cuke_cli.configuration)
+    end
+
+    def execute!
+      if cuke_cli.execute! # cucumber failed, returning true
+        raise ExecutionFailed.new("Bad or undefined attack!")
+      else            # cucumber executed successfully, returning false
+        true
+      end
+    end
+
+    class << self
+      def cuke_runtime(*args)
+        self.new(*args).cuke_runtime
+      end
+
+      def attack_files_for(path)
+        path.split(' ').map{|p| Dir.glob(p)}.flatten
+      end
+
+      def base_dir
+        File.expand_path( File.dirname(__FILE__) )
+      end
+
+      def adapters_dir
+        File.join(base_dir, "attack_adapters")
+      end
+    end
+  end
+end

data/lib/gauntlt/stepdef.rb

@@ -0,0 +1,26 @@
+require 'gauntlt/runtime'
+
+module Gauntlt
+  class Stepdef
+    class << self
+      def find(cuke_runtime)
+        cuke_runtime.send(:load_step_definitions)
+        cuke_runtime.instance_variable_get(:@support_code).step_definitions
+      end
+
+      def sources(cuke_runtime)
+        returner = {:aruba => [], :gauntlt => []}
+
+        self.find(cuke_runtime).each do |step_definition|
+          if step_definition.file =~ /aruba/
+            returner[:aruba] << step_definition.regexp_source
+          else
+            returner[:gauntlt] << step_definition.regexp_source
+          end
+        end
+
+        returner
+      end
+    end
+  end
+end

data/lib/gauntlt/version.rb

@@ -1,3 +1,3 @@
 module Gauntlt
-  VERSION = "0.1.2"
+  VERSION = "0.1.3"
 end

data/ready_to_rumble.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+# This little script tries to mimic the .travis.yml setup so that when we are 
+# doing local dev, we can run tests and make sure we are passing CI.
+
+NMAP=`which nmap`
+GARMR=`which garmr`
+DIRB=`which dirb`
+
+if [ -z $NMAP ] 
+  then
+    echo "nmap is not installed in your path, try installing it and adding it to your path"
+    exit
+fi
+
+if [ -z $SSLYZE_PATH ]
+  then
+    echo "SSLYZE_PATH environment variable unset, try setting it to ./vendor/sslyze/sslyze.py if you havent updated the submodules we use in gauntlt, run this first: git submodule update --init --recursive"
+    exit
+fi
+
+if [ -z $SQLMAP_PATH ]
+  then
+    echo "SQLMAP_PATH environment variable unset, try setting it to ./vendor/sslyze/sqlmap.py if you havent updated the submodules we use in gauntlt, run this first: git submodule update --init --recursive"
+    exit
+fi
+
+if [ -z $GARMR ] 
+  then
+    echo "garmr is not installed in your path, try installing it 'cd vendor/Garmr && sudo python setup.py install && cd ../..'"
+    exit
+fi
+
+if [ -z $DIRB ]
+  then 
+    echo "dirb is not installed in your path, try installing it 'wget http://downloads.sourceforge.net/project/dirb/dirb/2.03/dirb203.tar.gz && tar xvfz dirb203.tar.gz && cd dirb && ./configure && make && cd ..'"
+    exit
+fi
+
+if [ -z $DIRB_WORDLISTS ]
+  then 
+    echo "DIRB_WORDLISTS environment variable not set, please set it. Usually this is where you extracted dirb in a directory called 'wordlists'"
+    exit
+fi
+
+echo "You are ready to rumble!"

data/test/gauntlt/attack_test.rb

@@ -1,73 +1,22 @@
 require 'test_helper'
 
-subject = stub(Gauntlt::Attack, :method => :attack_files_for, :return => [:bar]) do
-  Gauntlt::Attack.new(:foo)
-end
-
-# .initialize
-# sets path and attack_files when attack file exists
-lambda do
-  assert subject.path, :== => :foo
-  assert subject.attack_files, :== => [:bar]
-end.call
-
-# .initialize
-# raises an error if the attack file does not exist
-lambda do
-  begin
-    stub(Gauntlt::Attack, :method => :attack_files_for, :return => []) do
-      Gauntlt::Attack.new(:foo)
-    end
-  rescue
-    assert $!, :is_a? => Gauntlt::Attack::NoFilesFound
-    assert $!.message, :=~ => /No files found in path/
-  end
-end.call
-
-# #run
-# executes the attack file, specifies failure for undefined steps and specifies the attacks_dir
+# #new
+# initializes runtime with passed arguments
 lambda do
-  mock_cli = Object.new
-
-  stub(Gauntlt::Attack, :spy => :adapters_dir, :return => '/bar') do
-    stub(subject, :spy => :attack_files, :return => ['/bar/baz.attack']) do
-      stub(mock_cli, :spy => :execute!) do
-        stub(Cucumber::Cli::Main, :spy => :new, :return => mock_cli) do
-          assert subject.run, :== =>  true
-        end
-      end
-    end
+  stub(Gauntlt::Runtime, :spy => :new) do
+    Gauntlt::Attack.new(:foo)
   end
 end.call
 
-# #run
-# returns nil if if Cucumber::Cli::Main.execute succeeds (i.e. returns nil)
-lambda do
-  mock_cli = Object.new
-
-  stub(Gauntlt::Attack, :spy => :adapters_dir) do
-    stub(mock_cli, :spy => :execute!, :return => nil) do
-      stub(Cucumber::Cli::Main, :spy => :new, :return => mock_cli) do
-        assert subject.run, :== =>  true
-      end
-    end
-  end
-end.call
+mock_runtime = Object.new
+subject = stub(Gauntlt::Runtime, :method => :new, :return => mock_runtime) do
+  Gauntlt::Attack.new(:foo)
+end
 
 # #run
-# raises an error if Cucumber::Cli::Main.execute fails (i.e. returns true)
+# executes and returns value
 lambda do
-  mock_cli = Object.new
-
-  stub(Gauntlt::Attack, :spy => :adapters_dir) do
-    stub(mock_cli, :spy => :execute!, :return => true) do
-      stub(Cucumber::Cli::Main, :spy => :new, :return => mock_cli) do
-        begin
-          subject.run
-        rescue
-          assert $!, :is_a? => subject.class::ExecutionFailed
-        end
-      end
-    end
+  stub(mock_runtime, :method => :execute!, :return => :anything_at_all) do
+    assert subject.run, :== =>  :anything_at_all
   end
 end.call

data/test/gauntlt/runtime_test.rb

@@ -0,0 +1,57 @@
+require 'test_helper'
+
+subject = stub(Gauntlt::Runtime, :method => :attack_files_for, :return => [:bar]) do
+  Gauntlt::Runtime.new(:foo)
+end
+
+# .initialize
+# sets path and attack_files when attack file exists
+lambda do
+  assert subject.path, :== => :foo
+  assert subject.attack_files, :== => [:bar]
+end.call
+
+# .initialize
+# raises an error if the attack file does not exist
+lambda do
+  begin
+    stub(Gauntlt::Runtime, :method => :attack_files_for, :return => []) do
+      Gauntlt::Runtime.new(:foo)
+    end
+  rescue
+    assert $!, :is_a? => Gauntlt::Runtime::NoFilesFound
+    assert $!.message, :=~ => /No files found in path/
+  end
+end.call
+
+# #run
+# returns nil if if Cucumber::Cli::Main.execute succeeds (i.e. returns nil)
+lambda do
+  mock_cli = Object.new
+
+  stub(Gauntlt::Runtime, :spy => :adapters_dir) do
+    stub(mock_cli, :spy => :execute!, :return => nil) do
+      stub(Cucumber::Cli::Main, :spy => :new, :return => mock_cli) do
+        subject.execute!
+      end
+    end
+  end
+end.call
+
+# #run
+# raises an error if Cucumber::Cli::Main.execute fails (i.e. returns true)
+lambda do
+  mock_cli = Object.new
+
+  stub(Gauntlt::Runtime, :spy => :adapters_dir) do
+    stub(mock_cli, :spy => :execute!, :return => true) do
+      stub(Cucumber::Cli::Main, :spy => :new, :return => mock_cli) do
+        begin
+          subject.execute!
+        rescue
+          assert $!, :is_a? => subject.class::ExecutionFailed
+        end
+      end
+    end
+  end
+end.call

data/test/gauntlt/stepdef_test.rb

@@ -0,0 +1,42 @@
+require 'test_helper'
+
+mock_cuke_runtime = Object.new
+def mock_cuke_runtime.load_step_definitions
+  mock_support_code = Object.new
+  def mock_support_code.step_definitions
+    [:foo, :bar]
+  end
+
+  @support_code = mock_support_code
+end
+
+# #find
+# roots in cucumber innards to extract step definitions
+lambda do
+  assert Gauntlt::Stepdef.find(mock_cuke_runtime), :== => [:foo, :bar]
+end.call
+
+# #sources
+# returns regexp source for each step definition
+lambda do
+  module StepDef
+    def file; end
+    def regexp_source; end
+  end
+
+  mock_step_def1 = Object.new.extend(StepDef)
+  mock_step_def2 = Object.new.extend(StepDef)
+  mock_step_definitions = [ mock_step_def1 , mock_step_def2 ]
+
+  stub(Gauntlt::Stepdef, :method => :find, :return => mock_step_definitions) do
+    stub(mock_step_def1, :spy => :file) do
+      stub(mock_step_def1, :spy => :regexp_source) do
+        stub(mock_step_def2, :spy => :file) do
+          stub(mock_step_def2, :spy => :regexp_source) do
+            Gauntlt::Stepdef.sources(:foo)
+          end
+        end
+      end
+    end
+  end
+end.call

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gauntlt
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
   prerelease: 
 platform: ruby
 authors:
@@ -10,24 +10,24 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-10-30 00:00:00.000000000 Z
+date: 2013-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cucumber
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: aruba
   requirement: !ruby/object:Gem::Requirement
@@ -144,7 +144,7 @@ description: Using standard Gherkin language to define security tests, gauntlt h
   wraps cucumber functionality and provides a security testing framework that security
   engineers, developers and operations teams can collaborate on together.
 email:
-- james@ruggeddevops.org
+- james@gauntlt.org
 executables:
 - gauntlt
 extensions: []
@@ -158,9 +158,11 @@ files:
 - README.md
 - Rakefile
 - bin/gauntlt
+- config/warble.rb
 - examples/curl/cookies.attack
 - examples/curl/simple.attack
 - examples/curl/verbs.attack
+- examples/dirb/dirb.attack
 - examples/garmr/garmr.attack
 - examples/generic/generic.attack
 - examples/nmap/nmap.attack
@@ -173,6 +175,7 @@ files:
 - examples/sslyze/sslyze.attack
 - features/attack.feature
 - features/attacks/curl.feature
+- features/attacks/dirb.feature
 - features/attacks/garmr.feature
 - features/attacks/generic.feature
 - features/attacks/nmap.feature
@@ -192,6 +195,7 @@ files:
 - lib/gauntlt.rb
 - lib/gauntlt/attack.rb
 - lib/gauntlt/attack_adapters/curl.rb
+- lib/gauntlt/attack_adapters/dirb.rb
 - lib/gauntlt/attack_adapters/garmr.rb
 - lib/gauntlt/attack_adapters/gauntlt.rb
 - lib/gauntlt/attack_adapters/generic.rb
@@ -204,11 +208,17 @@ files:
 - lib/gauntlt/attack_adapters/support/profile_helper.rb
 - lib/gauntlt/attack_adapters/support/python_script_helper.rb
 - lib/gauntlt/attack_adapters/support/xml_helper.rb
+- lib/gauntlt/runtime.rb
+- lib/gauntlt/stepdef.rb
 - lib/gauntlt/version.rb
+- ready_to_rumble.sh
 - test/gauntlt/attack_test.rb
+- test/gauntlt/runtime_test.rb
+- test/gauntlt/stepdef_test.rb
 - test/gauntlt_test.rb
 - test/test_helper.rb
 - test/tmf.rb
+- vendor/dirb203.tar.gz
 - vendor/sslyze_output.README
 homepage: https://github.com/gauntlt/gauntlt
 licenses: []
@@ -230,13 +240,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 1.8.25
 signing_key: 
 specification_version: 3
 summary: behaviour-driven security using cucumber
 test_files:
 - features/attack.feature
 - features/attacks/curl.feature
+- features/attacks/dirb.feature
 - features/attacks/garmr.feature
 - features/attacks/generic.feature
 - features/attacks/nmap.feature
@@ -251,6 +262,8 @@ test_files:
 - features/support/hooks.rb
 - features/tags.feature
 - test/gauntlt/attack_test.rb
+- test/gauntlt/runtime_test.rb
+- test/gauntlt/stepdef_test.rb
 - test/gauntlt_test.rb
 - test/test_helper.rb
 - test/tmf.rb