gauntlt is a framework for behaviour-driven security.
The gauntlt project is under active development and is not ready for production use but we are looking for community feedback and involvement on the project. Please file issues via github and follow the project on twitter: @gauntlt.
Before you start, please note that gauntlt is tested regularly against ruby 1.9.3. We don't test againt older versions of ruby. Keep in mind that you run gauntlt separately from the application it targets, so it does not matter whether the targeted application uses ruby.
-
Clone the git repo
$ git clone git@github.com:thegauntlet/gauntlt.git $ cd gauntlt -
Install bundler
$ gem install bundler -
Install dependencies
Note, you may see errors in bundle related to the curb gem. It is looking for curl dependencies. In ubuntu you can do a sudo apt-get install libcurl4-openssl-dev
$ bundle
-
Run a specific gauntlt attack
# general format $ bin/gauntlt attack --name <attack_name> --host <hostname> # for example, run the nmap test on yahoo (-n & -H are equivalent to --name & --host) $ bin/gauntlt attack -n nmap -H yahoo.com # list defined tests $ bin/gauntlt attack --list # get help $ bin/gauntlt help
We are adding different features into gauntlt rignt now. Please submit issues via github and tag them as enhancements. The core team meets weekly and will divide out the enhancement requests into our monthly releases.
Below are some tools we are targeting but don't let that stop you from adding your favorite hacking tool.
curl
w3af
sqlmap
arachni
See the wiki on how to add a module into gauntlt. We would love your contributions.
gauntlt is licensed under The MIT License. See the LICENSE file in the repo or visit gauntlt.mit-license.org for details.