-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
153 lines (136 loc) · 6.64 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
---
layout: default
title: GAUNTLT - Go Ahead, Be Mean To Your Code - Security and Rugged Testing
---
<div class="container">
<div class="github">
<a href="https://github.com/gauntlt/gauntlt"><img style="position: absolute; top: 0; left: 0; border: 0; z-index: 1032;" src="https://s3.amazonaws.com/github/ribbons/forkme_left_green_007200.png" alt="Fork me on GitHub" /></a>
</div>
<div class="hero-unit">
<h1>GAUNTLT</h1>
<p>BE MEAN TO YOUR CODE AND LIKE IT</p>
<p>
<a class="btn btn-large btn-success" href="https://groups.google.com/d/forum/gauntlt"><span class="btn-label">Join the mailing list for the lastest updates</span></a>
</p>
</div>
<p class="text-info lead">Gauntlt provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testing and communication between groups and create actionable tests that can be hooked into your deploy and testing processes.</p>
<div class="row">
<div class="span4">
<div class="well">
<h4>Features</h4>
<ul>
<li>Gauntlt attacks are written in a easy-to-read language</li>
<li>Easily hooks into your org's testing tools and processes</li>
<li>Security tool adapters come with gauntlt</li>
<li>Uses unix standard error and standard out to pass status</li>
</ul>
</div>
</div>
<div class="span4">
<div class="well">
<h4>Gauntlt includes attack adapters for these tools:</h4>
<ul>
<li><a href="http://curl.haxx.se">curl</a></li>
<li><a href="http://nmap.org">nmap</a></li>
<li><a href="https://github.com/iSECPartners/sslyze">sslyze</a></li>
<li><a href="http://sqlmap.org">sqlmap</a></li>
<li><a href="https://github.com/mozilla/Garmr">Garmr</a></li>
<li>generic command line</li>
<li>more coming soon</li>
</ul>
</div>
</div>
<div class="span4">
<div class="well">
<h4>Join the community</h4>
<p>There are several ways to get involved:
<ul>
<li><a href="https://groups.google.com/d/forum/gauntlt">Google Group for gauntlt</a></li>
<li><a href="https://kiwiirc.com/client/irc.freenode.net/gauntlt">IRC: #gauntlt on freenode</a> this is the best way to get help, and now you can reach us straight from the web IRC client.</li>
<li><a href="https://github.com/gauntlt">Github organization</a></li>
</ul>
</p>
</div>
</div>
</div>
<p class="text-info lead">There are two ways to get started with gauntlt. You can use the gem install method which will require you to download and setup the security tools (don't worry gauntlt walks you through it) or you can use the Gauntlt Starter Kit which is a vagrant script that will bootstrap the tools for you automagically.</p>
<div class="row">
<div class="span6" id="getting-started">
<div class="well">
<h4>Get started using in 3 easy steps</h4>
<ol>
<li>
<p>Install the gem</p>
<pre class="sh_gherkin_en"><code>
$ gem install gauntlt
</code></pre>
</li>
<li>
<p>Download <a href="https://github.com/gauntlt/gauntlt/tree/master/examples">example attacks</a> and customize. Here is a very simple network attack using the nmap adapter.</p>
<pre class="sh_gherkin_en"><code>
# nmap-simple.attack
Feature: simple nmap attack to check for open ports
Background:
Given "nmap" is installed
And the following profile:
| name | value |
| hostname | example.com |
Scenario: Check standard web ports
When I launch an "nmap" attack with:
"""
nmap -F <hostname>
"""
Then the output should match /80.tcp\s+open/
Then the output should not match:
"""
25\/tcp\s+open
"""
</code></pre>
</li>
<li>
<p>Run gauntlt to launch the attack defined above</p>
<pre class="sh_gherkin_en"><code>
$ gauntlt
# equivalent to gauntlt ./**/*.attack
# you can also specify one or more paths yourself:
$ gauntlt my_attacks/nmap-simple.attack
# other commands to help
$ gauntlt --list
# the list option will show you the tools that are
# available to use with gauntlt
$ gauntlt --steps
# the steps option will show the gauntlt specific
# steps you can use in your attacks
$ gauntlt --allsteps
# the allsteps option will show all steps including
# aruba file operations and parsing steps that are
# available to use in attacks
$ gauntlt --help
# when all else fails use the help
</code></pre>
<p>For more attack examples, refer to the <a href="https://github.com/gauntlt/gauntlt/tree/master/examples">examples</a>.</p>
</li>
</ol>
</div>
</div>
<div class="span6" id="getting-started">
<div class="well">
<h4>Get started with the Gauntlt Starter Kit</h4>
<p>If you don't want to bother with installing ruby on your local box or you dont want to bother setting up all the security tools that gauntlt hooks for running tests, then this is the way to go. Simply follow along with the video and you can have a running virtual machine that includes gauntlt's dependencies, gauntlt itself and a variety of security tools that gauntlt uses to run its tests.</p>
<p>Watch this video to help you get started:
<br />
<object width="425" height="344">
<param name="movie" value="http://www.youtube.com/v/hMpVQKcyGSE&hl=en&fs=1" />
</param>
<param name="allowFullScreen" value="true" />
</param>
<embed src="http://www.youtube.com/v/hMpVQKcyGSE&hl=en&fs=1" type="application/x-shockwave-flash" allowfullscreen="true" width="425" height="344"></embed>
</object>
</p>
</div>
</div>
<div class="span6">
<div class="tweet"> twitter feed</div>
</div>
</div>
<p class="text-info lead">Security testing is usually done on the auditors' schedule and that testing output isn't always actionable. Because of this, often regressions for fixed issues find their way back into the code. Thats not good. It should be different.</p>