Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Add AttackAdapters and remove hard-coded attack definitions to allow …

…users to create their own attacks
  • Loading branch information...
commit 327fcbe3f8b517147eba539152299fb87a53bfe8 1 parent b7b60c4
@bowsersenior bowsersenior authored
Showing with 385 additions and 257 deletions.
  1. +2 −1  .gitignore
  2. +10 −2 bin/gauntlt
  3. +41 −14 features/attack.feature
  4. +25 −0 features/attacks/cookies.feature
  5. +23 −0 features/attacks/curl.feature
  6. +33 −0 features/attacks/http_methods.feature
  7. +40 −0 features/attacks/nmap.feature
  8. +36 −0 features/attacks/sslyze.feature
  9. +5 −5 features/report.feature
  10. +1 −0  features/support/attack_steps.rb
  11. +3 −0  features/support/hooks.rb
  12. +3 −3 lib/gauntlt.rb
  13. +5 −5 lib/gauntlt/attack.rb
  14. +3 −2 lib/gauntlt/{attacks/step_definitions/cookie_steps.rb → attack_adapters/cookies.rb}
  15. +3 −0  lib/gauntlt/attack_adapters/curl.rb
  16. +12 −0 lib/gauntlt/attack_adapters/http_methods.rb
  17. +14 −0 lib/gauntlt/attack_adapters/nmap.rb
  18. +8 −1 lib/gauntlt/{attacks/step_definitions/sslyze_steps.rb → attack_adapters/sslyze.rb}
  19. +4 −6 lib/gauntlt/{attacks → attack_adapters}/support/cookie_helper.rb
  20. 0  lib/gauntlt/{attacks → attack_adapters}/support/env.rb
  21. +3 −0  lib/gauntlt/attack_adapters/support/hooks.rb
  22. +13 −0 lib/gauntlt/attack_adapters/support/nmap_helper.rb
  23. +2 −2 lib/gauntlt/{attacks → attack_adapters}/support/profile_helper.rb
  24. +91 −0 lib/gauntlt/attack_adapters/support/sslyze_output.README
  25. +5 −1 lib/gauntlt/{attacks → attack_adapters}/support/system_helper.rb
  26. +0 −12 lib/gauntlt/attacks/cookies.attack
  27. +0 −9 lib/gauntlt/attacks/curl.attack
  28. +0 −16 lib/gauntlt/attacks/http_methods.attack
  29. +0 −25 lib/gauntlt/attacks/nmap.attack
  30. +0 −17 lib/gauntlt/attacks/sslyze.attack
  31. +0 −12 lib/gauntlt/attacks/step_definitions/curl_steps.rb
  32. +0 −23 lib/gauntlt/attacks/step_definitions/nmap_steps.rb
  33. +0 −7 lib/gauntlt/attacks/step_definitions/profile_steps.rb
  34. +0 −3  lib/gauntlt/attacks/step_definitions/system_steps.rb
  35. +0 −91 lib/gauntlt/attacks/support/sslyze_output.README
View
3  .gitignore
@@ -24,4 +24,5 @@ tmp
doc
Gemfile.lock
.rvmrc
-.rbenv*
+.rbenv*
+*.gem
View
12 bin/gauntlt
@@ -24,7 +24,7 @@ class Gauntlt::Command::Attack < Gauntlt::Command
option :list, '-l', '--list', 'List of available attacks'
option :name, '-n', '--name', 'Name of attack to launch', arity: [1, 0]
- option :host, '-H', '--host', 'Host to attack', arity: [1, 0]
+ option :attack_file, '-a', '--attack-file', 'Name of file with attack definition', arity: [1, 0]
action do |options, args|
if options.list? || options.empty?
@@ -36,8 +36,16 @@ class Gauntlt::Command::Attack < Gauntlt::Command
elsif options.help?
help options: false
Gauntlt::Command.run 'help'
+ puts " try: gauntlt attack -n nmap -a your.attack"
else
- puts Gauntlt.attack(options.name, :host => options.host)
+ if options.attack_file? && options.name?
+ puts Gauntlt.attack(options.name, :attack_file => options.attack_file)
+ else
+ puts " Must specify name and attack-file"
+ puts ""
+ puts " try: gauntlt attack -n nmap -a your.attack"
+ raise
+ end
end
end
end
View
55 features/attack.feature
@@ -12,24 +12,51 @@ Feature: Verify the attack behaviour is correct
nmap
"""
- Scenario Outline: Run attacks for existing tests
- Given an attack "<name>" exists
- When I run `gauntlt attack --name <name> --host www.google.com`
+ Scenario: Run attack for existing tests
+ Given an attack "nmap" exists
+ And a file named "nmap.attack" with:
+ """
+ Feature: my nmap attacks
+ Scenario: nmap attack works
+ Given "nmap" is installed
+ And the target hostname is "google.com"
+ When I launch an "nmap" attack with:
+ \"\"\"
+ nmap -p 80,443 <hostname>
+ \"\"\"
+ Then the output should contain:
+ \"\"\"
+ 80/tcp open http
+ 443/tcp open https
+ \"\"\"
+ """
+ When I run `gauntlt attack --name nmap --attack-file nmap.attack`
Then it should pass
- Examples:
- | name |
- | nmap |
- | cookies |
- | curl |
- | http_methods |
- | sqlmap |
- | sslyze |
Scenario: Bad attack name specified
When I run `gauntlt attack --name thisattackwouldneverexist`
Then it should fail with:
- """
- No 'thisattackwouldneverexist' attack found
- """
+ """
+ Must specify name and attack-file
+ """
+ Scenario: No attack name specified
+ When I run `gauntlt attack --attack-file thisattackwouldneverexist`
+ Then it should fail with:
+ """
+ Must specify name and attack-file
+ """
+ Scenario: Bad attack file specified
+ When I run `gauntlt attack --name nmap --attack-file thisattackwouldneverexist`
+ Then it should fail with:
+ """
+ No 'thisattackwouldneverexist' attack found
+ """
+
+ Scenario: No attack file specified
+ When I run `gauntlt attack --name nmap`
+ Then it should fail with:
+ """
+ Must specify name and attack-file
+ """
View
25 features/attacks/cookies.feature
@@ -0,0 +1,25 @@
+Feature: Cookies attack
+
+ Scenario: Launch cookies attack
+ Given an attack "cookies" exists
+ And a file named "cookies.attack" with:
+ """
+ Feature: Evaluate received cookies against expected.
+
+ Background:
+ Given "curl" is installed
+ And the target hostname is "google.com"
+
+ Scenario: Verify server is returning the cookies expected
+ When I launch a "cookies" attack
+ Then the following cookies should be received:
+ | name | secure | _rest |
+ | PREF | false | {} |
+ | NID | false | {'HttpOnly': None} |
+ """
+ When I run `gauntlt attack --name cookies --attack-file cookies.attack`
+ Then it should pass
+ And the output should contain:
+ """
+ 4 steps (4 passed)
+ """
View
23 features/attacks/curl.feature
@@ -0,0 +1,23 @@
+Feature: curl attack
+ Background:
+ Given an attack "curl" exists
+
+ Scenario: curl attack
+ Given a file named "curl.attack" with:
+ """
+ Feature: Launch curl attack
+
+ Background:
+ Given "curl" is installed
+ And the target hostname is "google.com"
+
+ Scenario: Verify a 301 is received from a curl
+ When I launch a "curl" attack
+ Then the response code should be "301"
+ """
+ When I run `gauntlt attack --name curl --attack-file curl.attack`
+ Then it should pass
+ And the output should contain:
+ """
+ 4 steps (4 passed)
+ """
View
33 features/attacks/http_methods.feature
@@ -0,0 +1,33 @@
+Feature: http_methods attack
+ Background:
+ Given an attack "http_methods" exists
+
+ Scenario: http methods
+ Given a file named "http_methods.attack" with:
+ """
+ Feature: Evaluate responses to various HTTP methods.
+
+ Background:
+ Given "curl" is installed
+ And the target hostname is "google.com"
+
+ Scenario Outline: Verify server responds correctly to various HTTP methods
+ When I launch a "curl" attack with:
+ \"\"\"
+ curl -i -X <method> <hostname>
+ \"\"\"
+ Then the output should contain "<response>"
+ Examples:
+ | method | response |
+ | delete | Error 405 (Method Not Allowed) |
+ | patch | Error 405 (Method Not Allowed) |
+ | trace | Error 405 (Method Not Allowed) |
+ | track | Error 405 (Method Not Allowed) |
+ | bogus | Error 405 (Method Not Allowed) |
+ """
+ When I run `gauntlt attack --name http_methods --attack-file http_methods.attack`
+ Then it should pass
+ And the output should contain:
+ """
+ 5 scenarios (5 passed)
+ """
View
40 features/attacks/nmap.feature
@@ -0,0 +1,40 @@
+Feature: nmap attack
+ @slow
+ Scenario: Launch nmap attack
+ Given an attack "nmap" exists
+ And a file named "nmap.attack" with:
+ """
+ Feature: nmap attacks
+
+ Background:
+ Given "nmap" is installed
+ And the target hostname is "google.com"
+
+ Scenario: Verify server is available on standard web ports
+ When I launch an "nmap" attack with:
+ \"\"\"
+ nmap -p 80,443 <hostname>
+ \"\"\"
+ Then the output should contain:
+ \"\"\"
+ 80/tcp open http
+ 443/tcp open https
+ \"\"\"
+
+ @slow
+ Scenario: Detect OS
+ When I launch an "nmap" attack with:
+ \"\"\"
+ nmap -sV -p80 -PN <hostname>
+ \"\"\"
+ Then the output should contain:
+ \"\"\"
+ Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
+ \"\"\"
+ """
+ When I run `gauntlt attack --name nmap --attack-file nmap.attack`
+ Then it should pass
+ And the output should contain:
+ """
+ 8 steps (8 passed)
+ """
View
36 features/attacks/sslyze.feature
@@ -0,0 +1,36 @@
+Feature: sslyze attack
+
+ Scenario:
+ Given an attack "sslyze" exists
+ And a file named "sslyze.attack" with:
+ """
+ Feature: Run sslyze against a target
+
+ Background:
+ Given sslyze is installed
+ And the target hostname is "google.com"
+
+ Scenario: Ensure no anonymous certificates
+ When I launch an "sslyze" attack with:
+ \"\"\"
+ sslyze --regular <hostname>:443
+ \"\"\"
+ Then the output should not contain:
+ \"\"\"
+ Anon
+ \"\"\"
+
+ # Scenario: Make sure that the certificate key size is at least 2048
+ # Given the target hostname is "google.com"
+ # When I launch an "sslyze" attack with:
+ # \"\"\"
+ # sslyze --regular <hostname>:443
+ # \"\"\"
+ # Then the key size should be at least 2048
+ """
+ When I run `gauntlt attack --name sslyze --attack-file sslyze.attack`
+ Then it should pass
+ And the output should contain:
+ """
+ 4 steps (4 passed)
+ """
View
10 features/report.feature
@@ -1,5 +1,5 @@
-Feature: Report details of security behaviour
-
- In order to document and analyze security behaviour,
- As a software developer or security expert,
- I want to generate a report.
+# Feature: Report details of security behaviour
+#
+# In order to document and analyze security behaviour,
+# As a software developer or security expert,
+# I want to generate a report.
View
1  features/support/attack_steps.rb
@@ -0,0 +1 @@
+require 'gauntlt'
View
3  features/support/hooks.rb
@@ -0,0 +1,3 @@
+Before('@slow') do
+ @aruba_timeout_seconds = 10
+end
View
6 lib/gauntlt.rb
@@ -13,9 +13,9 @@ module Gauntlt
GAUNTLT_DIR = File.join(CURRENT_DIR, 'gauntlt')
- ATTACKS_DIR = File.join(GAUNTLT_DIR, 'attacks')
+ ATTACKS_DIR = File.join(GAUNTLT_DIR, 'attack_adapters')
- ATTACK_GLOB_PATTERN = ATTACKS_DIR + '/**/*.attack'
+ ATTACK_GLOB_PATTERN = ATTACKS_DIR + '/*.rb'
class << self
def attack_files
@@ -24,7 +24,7 @@ def attack_files
def attacks
attack_files.map do |full_path|
- File.basename(full_path, '.attack')
+ File.basename(full_path, '.rb')
end.sort
end
View
10 lib/gauntlt/attack.rb
@@ -8,12 +8,12 @@ class NotFound < Exception; end
attr_accessor :name, :opts, :attack_file
def initialize(name, opts={})
- if File.exists?( attack_file = attack_file_for(name) )
+ if opts[:attack_file] && File.exists?( opts[:attack_file] )
self.name = name
self.opts = opts
- self.attack_file = attack_file
+ self.attack_file = opts[:attack_file]
else
- raise NotFound.new("No '#{name}' attack found")
+ raise NotFound.new("No '#{opts[:attack_file]}' attack found")
end
end
@@ -26,11 +26,11 @@ def base_dir
end
def attacks_dir
- File.join(base_dir, "attacks")
+ File.join(base_dir, "attack_adapters")
end
def run
- Cucumber::Cli::Main.execute([self.attack_file, '--require', self.attacks_dir])
+ Cucumber::Cli::Main.execute([self.attack_file, '--strict', '--require', self.attacks_dir])
end
end
end
View
5 .../attacks/step_definitions/cookie_steps.rb → lib/gauntlt/attack_adapters/cookies.rb
@@ -1,10 +1,11 @@
-When /^I send a GET request to the hostname$/ do
+When /^I launch a "cookies" attack$/ do
set_cookies( cookies_for(hostname) )
end
Then /^the following cookies should be received:$/ do |table|
names = table.hashes.map{|h| h['name'] }
names.each do |name|
- cookies.any?{|s| s =~ /^#{name}/}.should be_true
+ cookies.any?{|s| s =~ /^#{name}/}.should be_true
+ # TODO: check other values in table
end
end
View
3  lib/gauntlt/attack_adapters/curl.rb
@@ -0,0 +1,3 @@
+Then /^the response code should be "(.*?)"$/ do |http_code|
+ @response.response_code.should == http_code.to_i
+end
View
12 lib/gauntlt/attack_adapters/http_methods.rb
@@ -0,0 +1,12 @@
+When /^"curl" is installed$/ do
+ ensure_cli_installed("curl")
+end
+
+When /^I launch a "curl" attack$/ do
+ @response = Curl::Easy.http_get(hostname)
+end
+
+When /^I launch a "curl" attack with:$/ do |command|
+ command.gsub!('<hostname>', hostname)
+ run command
+end
View
14 lib/gauntlt/attack_adapters/nmap.rb
@@ -0,0 +1,14 @@
+# TODO: figure out if there's a way to namespace these step definitions
+
+When /^"nmap" is installed$/ do
+ ensure_cli_installed("nmap")
+end
+
+When /^the target hostname is "(.*?)"$/ do |host|
+ set_hostname host
+end
+
+When /^I launch an "nmap" attack with:$/ do |command|
+ command.gsub!('<hostname>', hostname)
+ run command
+end
View
9 .../attacks/step_definitions/sslyze_steps.rb → lib/gauntlt/attack_adapters/sslyze.rb
@@ -1,6 +1,6 @@
Given /^sslyze is installed$/ do
begin
- steps %{
+ steps %{
When I run `which sslyze`
Then the output should contain:
"""
@@ -33,6 +33,13 @@
}
end
+When /^I launch an "sslyze" attack with:$/ do |command|
+ command.gsub!('<hostname>', hostname)
+ run command
+end
+
+
+
Then /^the key size should be at least (\d+)$/ do |arg1|
pending # express the regexp above with the code you wish you had
end
View
10 lib/gauntlt/attacks/support/cookie_helper.rb → .../attack_adapters/support/cookie_helper.rb
@@ -1,29 +1,27 @@
require 'curb'
module CookieHelper
-
def cookies_for(url)
[].tap do |returner|
c = Curl::Easy.perform(url) do |curl|
curl.follow_location = true
curl.enable_cookies = true
-
+
curl.on_header do |header|
returner << "#{$1}=#{$2}" if header =~ /^Set-Cookie: ([^=]+)=([^;]+;)/
end
end
end
end
-
+
def cookies
raise "No cookies set" if @cookies.nil?
-
+
@cookies
end
-
+
def set_cookies(a)
@cookies = a
end
-
end
World(CookieHelper)
View
0  lib/gauntlt/attacks/support/env.rb → lib/gauntlt/attack_adapters/support/env.rb
File renamed without changes
View
3  lib/gauntlt/attack_adapters/support/hooks.rb
@@ -0,0 +1,3 @@
+Before('@slow') do
+ @aruba_timeout_seconds = 10
+end
View
13 lib/gauntlt/attack_adapters/support/nmap_helper.rb
@@ -0,0 +1,13 @@
+require 'aruba'
+
+module NmapHelper
+ def run_nmap_attack(host, opts)
+ args = opts.map{|k,v| "#{k} #{v}"}
+
+ command = "nmap #{args.join(' ')} #{host}"
+
+ # run is from aruba
+ run command
+ end
+end
+World(NmapHelper)
View
4 ...gauntlt/attacks/support/profile_helper.rb → ...attack_adapters/support/profile_helper.rb
@@ -1,10 +1,10 @@
module ProfileHelper
def hostname
raise "No host defined" if @hostname.nil?
-
+
@hostname
end
-
+
def set_hostname(s)
@hostname = s
end
View
91 lib/gauntlt/attack_adapters/support/sslyze_output.README
@@ -0,0 +1,91 @@
+
+Warning: Running on MAC OS X. Disabling multiprocessing - scans will be slower.
+
+
+
+ REGISTERING AVAILABLE PLUGINS
+ -----------------------------
+
+ PluginCertInfo - OK
+ PluginEmpty - OK
+ PluginOpenSSLCipherSuites - OK
+ PluginSessionRenegotiation - OK
+ PluginSessionResumption - OK
+
+
+
+ CHECKING HOST(S) AVAILABILITY
+ -----------------------------
+
+ www.google.com:443 => 74.125.127.106:443
+
+
+
+ SCAN RESULTS FOR WWW.GOOGLE.COM:443 - 74.125.127.106:443
+ --------------------------------------------------------
+
+ * Session Renegotiation :
+ Client-initiated Renegotiations: Rejected
+ Secure Renegotiation: Supported
+
+ * Certificate :
+ Validation w/ Mozilla's CA Store: Certificate is Trusted
+ Subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
+ Issuer: /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
+ Serial Number: 4F9D96D966B0992B54C2957CB4157D4D
+ Not Before: Oct 26 00:00:00 2011 GMT
+ Not After: Sep 30 23:59:59 2013 GMT
+ Signature Algorithm: sha1WithRSAEncryption
+ Key Size: 1024 bits
+ SHA1 Fingerprint: C1956DC8A7DFB2A5A56934DA09778E3A11023358
+
+ * Session Resumption :
+ With Session IDs: Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
+ With TLS Session Tickets: Supported
+
+ * TLSV1 Cipher Suites :
+
+ Rejected Cipher Suite(s): Hidden
+
+ Preferred Cipher Suite:
+ ECDHE-RSA-RC4-SHA 128 bits HTTP 200 OK
+
+ Accepted Cipher Suite(s):
+ AES256-SHA 256 bits HTTP 200 OK
+ DES-CBC3-SHA 168 bits HTTP 200 OK
+ RC4-SHA 128 bits HTTP 200 OK
+ RC4-MD5 128 bits HTTP 200 OK
+ AES128-SHA 128 bits HTTP 200 OK
+
+ Unknown Errors: None
+
+ * SSLV3 Cipher Suites :
+
+ Rejected Cipher Suite(s): Hidden
+
+ Preferred Cipher Suite:
+ ECDHE-RSA-RC4-SHA 128 bits HTTP 200 OK
+
+ Accepted Cipher Suite(s):
+ AES256-SHA 256 bits HTTP 200 OK
+ DES-CBC3-SHA 168 bits HTTP 200 OK
+ RC4-SHA 128 bits HTTP 200 OK
+ RC4-MD5 128 bits HTTP 200 OK
+ AES128-SHA 128 bits HTTP 200 OK
+
+ Unknown Errors: None
+
+ * SSLV2 Cipher Suites :
+
+ Rejected Cipher Suite(s): Hidden
+
+ Preferred Cipher Suite: None
+
+ Accepted Cipher Suite(s): None
+
+ Unknown Errors: None
+
+
+
+ SCAN COMPLETED IN 2.50 S
+ ------------------------
View
6 lib/gauntlt/attacks/support/system_helper.rb → .../attack_adapters/support/system_helper.rb
@@ -1,4 +1,4 @@
-require 'English'
+require 'English'
# English.rb adds human-readable names for things like $?, $!, etc.:
# http://www.ruby-doc.org/stdlib-1.9.3/libdoc/English/rdoc/English_rb.html
@@ -6,5 +6,9 @@ module SystemHelper
def installed?(bin_name)
`which #{bin_name}` && $CHILD_STATUS.success?
end
+
+ def ensure_cli_installed(bin)
+ raise "#{bin} is not installed or is not in your path" unless installed?(bin)
+ end
end
World(SystemHelper)
View
12 lib/gauntlt/attacks/cookies.attack
@@ -1,12 +0,0 @@
-Feature: Evaulate received cookies against expected.
-
-Background:
- Given "curl" is installed
-
-Scenario: Verify server is returning the cookies expected
- Given the target hostname is "google.com"
- When I send a GET request to the hostname
- Then the following cookies should be received:
- | name | secure | _rest |
- | PREF | false | {} |
- | NID | false | {'HttpOnly': None} |
View
9 lib/gauntlt/attacks/curl.attack
@@ -1,9 +0,0 @@
-Feature: Run curl against a target and pass the value of the hostname from the profile.xml.
-
-Background:
- Given "curl" is installed
-
-Scenario: Verify a 301 is received from a curl
- Given the target hostname is "google.com"
- When I run curl against the hostname
- Then the response code should be "301"
View
16 lib/gauntlt/attacks/http_methods.attack
@@ -1,16 +0,0 @@
-Feature: Evaulate responses to various HTTP methods.
-
-Background:
- Given "curl" is installed
- And the target hostname is "google.com"
-
-Scenario Outline: Verify server responds correctly to various HTTP methods
- When I make a "<method>" request to the hostname
- Then the output should contain "<response>"
- Examples:
- | method | response |
- | delete | Error 405 (Method Not Allowed) |
- | patch | Error 405 (Method Not Allowed) |
- | trace | Error 405 (Method Not Allowed) |
- | track | Error 405 (Method Not Allowed) |
- | bogus | Error 405 (Method Not Allowed) |
View
25 lib/gauntlt/attacks/nmap.attack
@@ -1,25 +0,0 @@
-Feature: Run nmap against a target and pass the value of the hostname from the profile.xml.
-
-Background:
- Given nmap is installed
-
-Scenario: Verify server is available on standard web ports
- Given the target hostname is "yahoo.com"
- When I run nmap against the following ports:
- | port_number |
- | 80 |
- | 443 |
- Then the output should contain:
- """
- 80/tcp open http
- 443/tcp open https
- """
-
-Scenario: Check to see the OS version of the host matches as expected
- Given the target hostname is "google.com"
- When I run nmap with OS detection
- Then the output should contain:
- """
- OS: Linux
- """
-
View
17 lib/gauntlt/attacks/sslyze.attack
@@ -1,17 +0,0 @@
-Feature: Run sslyze against a target and pass the value of the hostname from the profile.xml.
-
-Background:
- Given sslyze is installed
-
-Scenario: Make sure that the server does not have any anonymous certificates
- Given the target hostname is "google.com"
- When I run sslyze against the hostname
- Then the output should not contain:
- """
- Anon
- """
-
-Scenario: Make sure that the certificate key size is at least 2048
- Given the target hostname is "google.com"
- When I run sslyze against the hostname
- Then the key size should be at least 2048
View
12 lib/gauntlt/attacks/step_definitions/curl_steps.rb
@@ -1,12 +0,0 @@
-When /^I run curl against the hostname$/ do
- @response = Curl::Easy.http_get(hostname)
-end
-
-Then /^the response code should be "(.*?)"$/ do |http_code|
- @response.response_code.should == http_code.to_i
-end
-
-When /^I make a "(.*?)" request to the hostname$/ do |http_method|
- method_name = http_method.upcase
- run "curl -i -X #{method_name} http://#{hostname}"
-end
View
23 lib/gauntlt/attacks/step_definitions/nmap_steps.rb
@@ -1,23 +0,0 @@
-Given /^nmap is installed$/ do
- steps %{
- When I run `which nmap`
- Then the output should contain:
- """
- nmap
- """
- }
-end
-
-When /^I run nmap against the following ports:$/ do |ports|
- opts = '-p' + ports.hashes.map{ |hsh| hsh['port_number']}.join(',')
- steps %{
- When I run `nmap \"#{hostname}\" #{opts}`
- }
-end
-
-When /^I run nmap with OS detection$/ do
- steps %{
- When I run `nmap -sV -p80 -PN \"#{hostname}\"`
- }
-
-end
View
7 lib/gauntlt/attacks/step_definitions/profile_steps.rb
@@ -1,7 +0,0 @@
-Given /^the target hostname is "(.*?)"$/ do |host|
- # ultimately settings like hostname will be read
- # from a profile stored as xml, YAML, etc.
- # but for now, we are passing settings explicitly
- set_hostname host
-end
-
View
3  lib/gauntlt/attacks/step_definitions/system_steps.rb
@@ -1,3 +0,0 @@
-Given /^"(.*?)" is installed$/ do |bin|
- raise "#{bin} is not installed or is not in your path" unless installed?(bin)
-end
View
91 lib/gauntlt/attacks/support/sslyze_output.README
@@ -1,91 +0,0 @@
-
-Warning: Running on MAC OS X. Disabling multiprocessing - scans will be slower.
-
-
-
- REGISTERING AVAILABLE PLUGINS
- -----------------------------
-
- PluginCertInfo - OK
- PluginEmpty - OK
- PluginOpenSSLCipherSuites - OK
- PluginSessionRenegotiation - OK
- PluginSessionResumption - OK
-
-
-
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
-
- www.google.com:443 => 74.125.127.106:443
-
-
-
- SCAN RESULTS FOR WWW.GOOGLE.COM:443 - 74.125.127.106:443
- --------------------------------------------------------
-
- * Session Renegotiation :
- Client-initiated Renegotiations: Rejected
- Secure Renegotiation: Supported
-
- * Certificate :
- Validation w/ Mozilla's CA Store: Certificate is Trusted
- Subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
- Issuer: /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
- Serial Number: 4F9D96D966B0992B54C2957CB4157D4D
- Not Before: Oct 26 00:00:00 2011 GMT
- Not After: Sep 30 23:59:59 2013 GMT
- Signature Algorithm: sha1WithRSAEncryption
- Key Size: 1024 bits
- SHA1 Fingerprint: C1956DC8A7DFB2A5A56934DA09778E3A11023358
-
- * Session Resumption :
- With Session IDs: Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
- With TLS Session Tickets: Supported
-
- * TLSV1 Cipher Suites :
-
- Rejected Cipher Suite(s): Hidden
-
- Preferred Cipher Suite:
- ECDHE-RSA-RC4-SHA 128 bits HTTP 200 OK
-
- Accepted Cipher Suite(s):
- AES256-SHA 256 bits HTTP 200 OK
- DES-CBC3-SHA 168 bits HTTP 200 OK
- RC4-SHA 128 bits HTTP 200 OK
- RC4-MD5 128 bits HTTP 200 OK
- AES128-SHA 128 bits HTTP 200 OK
-
- Unknown Errors: None
-
- * SSLV3 Cipher Suites :
-
- Rejected Cipher Suite(s): Hidden
-
- Preferred Cipher Suite:
- ECDHE-RSA-RC4-SHA 128 bits HTTP 200 OK
-
- Accepted Cipher Suite(s):
- AES256-SHA 256 bits HTTP 200 OK
- DES-CBC3-SHA 168 bits HTTP 200 OK
- RC4-SHA 128 bits HTTP 200 OK
- RC4-MD5 128 bits HTTP 200 OK
- AES128-SHA 128 bits HTTP 200 OK
-
- Unknown Errors: None
-
- * SSLV2 Cipher Suites :
-
- Rejected Cipher Suite(s): Hidden
-
- Preferred Cipher Suite: None
-
- Accepted Cipher Suite(s): None
-
- Unknown Errors: None
-
-
-
- SCAN COMPLETED IN 2.50 S
- ------------------------
Please sign in to comment.
Something went wrong with that request. Please try again.