Date post: | 19-Oct-2014 |
Category: |
Technology |
View: | 1,055 times |
Download: | 1 times |
Run your code through
the
Gauntlt
we faced skilled
adversaries
we couldn’t win
Instead of
Engineering
InfoSec
became
Actuaries
“It’s
Certified”
-You
Your punch is soft,just like your heart
enterRugged DevOps
enter gauntlt
Philosophy
Tooling
$ gem install gauntlt
install gauntlt
gauntlt is
like this
sqlmap sslyze
dirbcurl
generic
nmap
your appgauntlt
exit status: 0
Codify your
knowledge
(cheat sheets)
security
testing on
every commit
gauntlt promotes
collaboration
running gauntlt with failing tests
$ gauntlt
Feature: nmap attacks for example.com
Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """
1 scenario (1 failed)5 steps (1 failed, 4 passed)0m18.341s
GivenWhenThen
$ gauntlt
Feature: nmap attacks for example.com
Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """
1 scenario (1 passed)4 steps (4 passed)0m18.341s
running gauntlt with passing tests
@slowFeature: Run dirb scan on a URL
Scenario: Run a dirb scan looking for common vulnerabilities in apache
Given "dirb" is installed And the following profile: | name | value | | hostname | http://example.com | | wordlist | vulns/apache.txt |
When I launch a "dirb" attack with: """ dirb <hostname> <dirb_wordlists_path>/<wordlist> """
Then the output should contain: """ FOUND: 0 """
.htaccess.htpasswd
.meta.web
access_logcgi
cgi-bincgi-pub
cgi-scriptdummyerror
error_loghtdocshttpd
httpd.pidicons
server-infoserver-status
logsmanualprintenvtest-cgi
tmp~bin~ftp
~nobody~root
gauntlt credits:
Creators:
Mani Tadayon
James Wickett
Community Wrangler: Jeremiah Shirk
Friends: Jason Chan, NetflixNeil Matatall, Twitter
my_first.attack
Start with the gauntlt.org tutorial
Add your config (hostname, login url, user)
Use examples from github
Repeat
#gauntlt on freenode
@gauntlt on twitter