Add a generic profile step and clean up cukes

gauntlt · Oct 28, 2012 · 5c3fcae · 5c3fcae
1 parent 5f871ae
commit 5c3fcae
Show file tree

Hide file tree

Showing 23 changed files with 147 additions and 177 deletions.
diff --git a/examples/curl/cookies.attack b/examples/curl/cookies.attack
@@ -2,7 +2,9 @@ Feature: Evaluate received cookies against expected.
 
 Background:
   Given "curl" is installed
-  And the target hostname is "google.com"
+  And the following profile:
+    | name     | value      |
+    | hostname | google.com |
 
 Scenario: Verify server is returning the cookies expected
   When I launch a "curl" attack with:

diff --git a/examples/curl/simple.attack b/examples/curl/simple.attack
@@ -2,7 +2,9 @@ Feature: Launch curl attack
 
 Background:
   Given "curl" is installed
-  And the target hostname is "google.com"
+  And the following profile:
+    | name     | value      |
+    | hostname | google.com |
 
 Scenario: Verify a 301 is received from a curl
   When I launch a "curl" attack with:

diff --git a/examples/curl/verbs.attack b/examples/curl/verbs.attack
@@ -2,7 +2,9 @@ Feature: Evaluate responses to various HTTP methods.
 
 Background:
   Given "curl" is installed
-  And the target hostname is "google.com"
+  And the following profile:
+    | name     | value      |
+    | hostname | google.com |
 
 Scenario Outline: Verify server responds correctly to various HTTP methods
   When I launch a "curl" attack with:

diff --git a/examples/garmr/garmr.attack b/examples/garmr/garmr.attack
@@ -2,7 +2,9 @@ Feature: Run garmr scan on a URL
 
 Scenario: Use Garmr to scan a website for basic security requirements
   Given "garmr" is installed
-  And the target URL is "http://localhost:9292/inline-js"
+  And the following profile:
+    | name       | value                           |
+    | target_url | http://localhost:9292/inline-js |
   When I launch a "garmr" attack with:
     """
     garmr -u <target_url> -o my_garmr_output.xml

diff --git a/examples/generic/generic.attack b/examples/generic/generic.attack
@@ -4,7 +4,9 @@ This attack adapter allows for any command line binary to be executed and the ou
 
 Background:
   Given the "ping" command line binary is installed
-  And the target hostname is "google.com"
+  And the following profile:
+    | name     | value      |
+    | hostname | google.com |
 
 Scenario: Verify a 301 is received from a curl
   When I launch a "generic" attack with:

diff --git a/examples/nmap/nmap.attack b/examples/nmap/nmap.attack
@@ -3,9 +3,10 @@
 Feature: nmap attacks for example.com
   Background:
     Given "nmap" is installed
-    And the target hostname is "google.com"
-    And the target tcp_ping_ports are "22,25,80,443"
-
+    And the following profile:
+      | name           | value        |
+      | hostname       | google.com   |
+      | tcp_ping_ports | 22,25,80,443 |
 
   Scenario: Verify server is open on expected set of ports using the nmap fast flag
     When I launch an "nmap" attack with:
@@ -30,19 +31,6 @@ Feature: nmap attacks for example.com
       25/tcp
       """
 
-  Scenario: Using tcp syn ping scan and the nmap fast flag
-    When I launch an "nmap" attack with:
-      """
-      nmap -F -PS<tcp_ping_ports> <hostname>
-      """
-    Then the output should contain:
-      """
-      80/tcp   open  http
-      443/tcp  open  https
-      3128/tcp open  squid-http
-      8080/tcp open  http-proxy
-      """
-
   Scenario: Output to XML
     When I launch an "nmap" attack with:
       """

diff --git a/examples/nmap/os_detection.attack b/examples/nmap/os_detection.attack
@@ -2,7 +2,9 @@ Feature: OS detection
 
   Background:
     Given "nmap" is installed
-    And the target hostname is "google.com"
+    And the following profile:
+      | name     | value      |
+      | hostname | google.com |
 
   @slow
   Scenario: Detect OS

diff --git a/examples/nmap/simple.attack b/examples/nmap/simple.attack
@@ -2,7 +2,9 @@ Feature: simple nmap attack (sanity check)
 
   Background:
     Given "nmap" is installed
-    And the target hostname is "google.com"
+    And the following profile:
+      | name     | value      |
+      | hostname | google.com |
 
   Scenario: Verify server is available on standard web ports
     When I launch an "nmap" attack with:

diff --git a/examples/nmap/tcp_ping_ports.attack b/examples/nmap/tcp_ping_ports.attack
@@ -1,16 +1,20 @@
+@slow
 Feature: nmap attacks for example.com
   Background:
     Given "nmap" is installed
-    And the target hostname is "google.com"
-    And the target tcp_ping_ports are "22,25,80,443"
+    And the following profile:
+      | name           | value        |
+      | hostname       | google.com   |
+      | tcp_ping_ports | 22,25,80,443 |
 
-  @slow
   Scenario: Using tcp syn ping scan and the nmap fast flag
     When I launch an "nmap" attack with:
       """
       nmap -F -PS<tcp_ping_ports> <hostname>
       """
     Then the output should contain:
       """
-      80/tcp
-      """
+      21/tcp   open  ftp
+      80/tcp   open  http
+      443/tcp  open  https
+      """
diff --git a/examples/nmap/xml_output.attack b/examples/nmap/xml_output.attack
@@ -2,7 +2,9 @@ Feature: XML output
 
   Background:
     Given "nmap" is installed
-    And the target hostname is "google.com"
+    And the following profile:
+      | name     | value      |
+      | hostname | google.com |
 
   Scenario: Output to XML
     When I launch an "nmap" attack with:

diff --git a/examples/sqlmap/sqlmap.attack b/examples/sqlmap/sqlmap.attack
@@ -3,7 +3,9 @@ Feature: Run sqlmap against a target
 
 Scenario: Identify SQL injection vulnerabilities
   Given "sqlmap" is installed
-  And the target URL is "http://localhost:9292/sql-injection?number_id=1"
+  And the following profile:
+    | name       | value                                           |
+    | target_url | http://localhost:9292/sql-injection?number_id=1 |
   When I launch a "sqlmap" attack with:
     """
     python <sqlmap_path> -u <target_url> --dbms sqlite --batch -v 0

diff --git a/examples/sslyze/sslyze.attack b/examples/sslyze/sslyze.attack
@@ -2,7 +2,9 @@ Feature: Run sslyze against a target
 
 Background:
   Given "sslyze" is installed
-  And the target hostname is "google.com"
+  And the following profile:
+    | name     | value      |
+    | hostname | google.com |
 
 Scenario: Ensure no anonymous certificates
   When I launch an "sslyze" attack with:
@@ -12,12 +14,4 @@ Scenario: Ensure no anonymous certificates
   Then the output should not contain:
     """
     Anon
-    """
-
-# Scenario: Make sure that the certificate key size is at least 2048
-#   Given the target hostname is "google.com"
-#   When I launch an "sslyze" attack with:
-#     """
-#       python <sslyze_path> <hostname>:443
-#     """
-#   Then the key size should be at least 2048
+    """
diff --git a/features/attack.feature b/features/attack.feature
@@ -12,70 +12,65 @@ Feature: Verify the attack behaviour is correct
       nmap
       """
 
-  @slow
   Scenario: Run attack
     Given an attack "nmap" exists
     And a file named "nmap.attack" with:
-    """
-    Feature: my nmap attacks
-      Scenario: nmap attack works
-        Given "nmap" is installed
-        And the target hostname is "google.com"
-        When I launch an "nmap" attack with:
-          \"\"\"
-          nmap -p 80,443 <hostname>
-          \"\"\"
-        Then the output should contain:
-          \"\"\"
-          80/tcp  open  http
-          443/tcp open  https
-          \"\"\"
-    """
+      """
+      Feature: simplest attack possible
+        Scenario:
+          When I launch a "generic" attack with:
+            \"\"\"
+            ls -a
+            \"\"\"
+          Then the output should contain:
+            \"\"\"
+            .
+            \"\"\"
+      """
     When I run `gauntlt`
     Then it should pass with:
-    """
-    4 steps (4 passed)
-    """
+      """
+      2 steps (2 passed)
+      """
 
   Scenario: Run attack with custom filename
     Given an attack "nmap" exists
     And a file named "my.awesome.attack.file" with:
-    """
-    Feature: my nmap attacks
-      Scenario: nmap attack works
-        Given "nmap" is installed
-    """
+      """
+      Feature: my nmap attacks
+        Scenario: nmap attack works
+          Given "nmap" is installed
+      """
     When I run `gauntlt my.awesome.attack.file`
     Then it should pass with:
-    """
-    1 step (1 passed)
-    """
+      """
+      1 step (1 passed)
+      """
 
   Scenario: Run attack with undefined steps
     Given an attack "nmap" exists
     And a file named "nmap.attack" with:
-    """
-    Feature: my non-existent attack
-      Scenario: Fail on undefined step definition
-        Given "thisattackwouldneverexist" is installed
-    """
+      """
+      Feature: my non-existent attack
+        Scenario: Fail on undefined step definition
+          Given "thisattackwouldneverexist" is installed
+      """
     When I run `gauntlt`
     Then it should fail with:
-    """
-    Bad or undefined attack!
-    """
-
+      """
+      Bad or undefined attack!
+      """
 
   Scenario: No attack files in default path
     When I run `gauntlt`
     Then it should fail with:
-    """
-    No files found in path
-    """
+      """
+      No files found in path
+      """
 
   Scenario: No attack files in specified path
     When I run `gauntlt apaththatdoesnotexist`
     Then it should fail with:
-    """
-    No files found in path: apaththatdoesnotexist
-    """
+      """
+      No files found in path: apaththatdoesnotexist
+      """
diff --git a/features/attacks/nmap.feature b/features/attacks/nmap.feature
@@ -28,7 +28,7 @@ Feature: nmap attack
     When I run `gauntlt tcp_ping_ports.attack`
     Then it should pass with:
       """
-      5 steps (5 passed)
+      4 steps (4 passed)
       """
 
   Scenario: Handle XML output file

diff --git a/features/tags.feature b/features/tags.feature
@@ -1,44 +1,47 @@
 Feature: Run attacks by tag
 
   Background:
-    Given an attack "nmap" exists
-    And a file named "nmap.attack" with:
-    """
-    Feature: my nmap attacks
+    Given a file named "foobar.attack" with:
+      """
+      Feature: silly attack
 
-      @foo
-      Scenario: Foo
-        Given the target hostname is "foo"
+        @foo
+        Scenario: Foo
+          Given the following profile:
+            | name | value |
+            | foo  | bar   |
 
-      @bar
-      Scenario: Bar
-        Given the target hostname is "bar"
-    """
+        @bar
+        Scenario: Bar
+          Given the following profile:
+            | name | value |
+            | bar  | baz   |
+      """
 
   Scenario: Run attack for one tag
     When I run `gauntlt --tags @foo`
     Then it should pass with:
-    """
-    Feature: my nmap attacks
+      """
+      Feature: silly attack
 
-      @foo
-    """
+        @foo
+      """
     And the stdout should contain:
-    """
-    1 scenario (1 passed)
-    1 step (1 passed)
-    """
+      """
+      1 scenario (1 passed)
+      1 step (1 passed)
+      """
 
   Scenario: Run attack by exluding one tag
     When I run `gauntlt --tags ~@foo`
     Then it should pass with:
-    """
-    Feature: my nmap attacks
+      """
+      Feature: silly attack
 
-      @bar
-    """
+        @bar
+      """
     And the stdout should contain:
-    """
-    1 scenario (1 passed)
-    1 step (1 passed)
-    """
+      """
+      1 scenario (1 passed)
+      1 step (1 passed)
+      """
diff --git a/lib/gauntlt/attack_adapters/curl.rb b/lib/gauntlt/attack_adapters/curl.rb
@@ -3,8 +3,7 @@
 end
 
 When /^I launch a "curl" attack with:$/ do |command|
-  command.gsub!('<hostname>', hostname)
-  run command
+  run_with_profile command
   @raw_curl_response = all_output # aruba defines all_output
 end