Presented at DevOps Days Silicon Valley 2013. Gauntlt is a rugged testing framework to integrate security testing into your process. It was spawned out of the Rugged DevOps movement.
15. running gauntlt with failing tests
$ gauntlt
Feature: nmap attacks for example.com
Background:
Given "nmap" is installed
And the following profile:
| name | value |
| hostname | example.com |
Scenario: Verify server is open on expected ports
When I launch an "nmap" attack with:
"""
nmap -F www.example.com
"""
Then the output should contain:
"""
443/tcp open https
"""
1 scenario (1 failed)
5 steps (1 failed, 4 passed)
0m18.341s
Given
When
Then
16. $ gauntlt
Feature: nmap attacks for example.com
Background:
Given "nmap" is installed
And the following profile:
| name | value |
| hostname | example.com |
Scenario: Verify server is open on expected ports
When I launch an "nmap" attack with:
"""
nmap -F www.example.com
"""
Then the output should contain:
"""
443/tcp open https
"""
1 scenario (1 passed)
4 steps (4 passed)
0m18.341s
running gauntlt with passing tests
17. @slow
Feature: Run dirb scan on a URL
Scenario: Run a dirb scan looking for common
vulnerabilities in apache
Given "dirb" is installed
And the following profile:
| name | value |
| hostname | http://example.com |
| wordlist | vulns/apache.txt |
When I launch a "dirb" attack with:
"""
dirb <hostname> <dirb_wordlists_path>/<wordlist>
"""
Then the output should contain:
"""
FOUND: 0
"""
.htaccess
.htpasswd
.meta
.web
access_log
cgi
cgi-bin
cgi-pub
cgi-script
dummy
error
error_log
htdocs
httpd
httpd.pid
icons
server-info
server-status
logs
manual
printenv
test-cgi
tmp
~bin
~ftp
~nobody
~root
19. my_first.attack
Start with the gauntlt.org
tutorial
Add your config (hostname,
login url, user)
Use examples from github
Repeat
#gauntlt on freenode
@gauntlt on twitter