Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Security Testing Tool

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 .gitignore
Octocat-spinner-32 README.md
Octocat-spinner-32 config.txt
Octocat-spinner-32 corechecks.py
Octocat-spinner-32 djangochecks.py
Octocat-spinner-32 garmr.py
Octocat-spinner-32 reporter.py
Octocat-spinner-32 scanner.py
README.md

I NO LONG MAINTAIN THIS. Please follow Yvan's Fork

Garmr

Garmr is a tool to inspect the responses from websites for basic security requirements.

Garmr includes a set of core test cases implemented in corechecks that are derived from the Secure Coding Guidelines that can be found at [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines]

Installation

This version of Garmr :

Usage

usage: garmr.py [-h] [-u TARGETS] [-m MODULES] [-f TARGET_FILES] [-p] [-d]

optional arguments: -h, --help show this help message and exit -u TARGETS, --url TARGETS add a target to test -m MODULES, --module MODULES load a test suite -f TARGET_FILES, --file TARGET_FILES File with urls to test -p, --force-passive Force passives to be run for each active test -d, --dns Skip DNS resolution when registering a target.

Tasks

  • Implement sequences (i.e. a series of ActiveTests that once invoked, maintains a cookie jar until the list of URLs is exhausted)
  • Implement a proper detailed reporter; currently a range of data is accumulated, but never reported.
  • Implement more checks
Something went wrong with that request. Please try again.