Browse files


  • Loading branch information...
Yvan Boily
Yvan Boily committed Oct 25, 2011
1 parent 8b27e56 commit 03cb29b1a5caee951836c8942b6cfef3bb35a664
Showing with 49 additions and 13 deletions.
  1. +49 −13
@@ -7,27 +7,63 @@ the Secure Coding Guidelines that can be found at [
## Installation
-This version of Garmr :
-* does not support pip. Grab the source from git
-* requires Requests > 0.6.2-dev, which can be installed by following the instructions here:
+This version of Garmr requires Requests > 0.6.1
+git clone
+cd Garmr
+sudo python install
+garmr -u
## Usage
-usage: [-h] [-u TARGETS] [-m MODULES] [-f TARGET_FILES] [-p] [-d]
+usage: Runs a set of tests against the set of provided URLs
+ [-h] [-u TARGETS] [-f TARGET_FILES] [-m MODULES] [-D] [-p] [-d]
+ [-r REPORT] [-o OUTPUT] [-c OPTS] [-e EXCLUSIONS] [--save DUMP_PATH]
optional arguments:
-h, --help show this help message and exit
- add a target to test
+ Add a target to test
+ -f TARGET_FILES, --target-file TARGET_FILES
+ File with URLs to test
-m MODULES, --module MODULES
- load a test suite
- File with urls to test
+ Load an extension module
+ -D, --disable-core Disable corechecks
-p, --force-passive Force passives to be run for each active test
- -d, --dns Skip DNS resolution when registering a target.
+ -d, --dns Skip DNS resolution when registering a target
+ -r REPORT, --report REPORT
+ Load a reporter e.g. -r reporter.AntXmlReporter
+ -o OUTPUT, --output OUTPUT
+ Default output is garmr-results.xml
+ -c OPTS, --check OPTS
+ Set a parameter for a check (check:opt=value)
+ Prevent a check from being run/processed
+ --save DUMP_PATH Write out a configuration file based on parameters
+ (won't run scan)
+A TARGET is an http or https scheme url to execute tests against.
+ e.g. garmr -u http://localhost
+A MODULE is the name of a module; resolving this path needs to be improved
+ e.g. garmr -m djangochecks
+An OPTS field contains the path and name of the option to set
+ e.g. garmr -m webchecks -c webchecks.RobotsTest:save_contents=True
+A REPORT is the namespace qualified name of a reporter object or a valid alias (xml is the only current valid alias, and the default)
+ e.g. garmr -r xml
+An EXCLUSION prevents a check from being executed
+ e.g. garmr -e Garmr.corechecks.WebTouch
+Disable core checks will prevent all of the checks in corechecks from being loaded; this is useful to limit the scope of testing.
## Tasks
-* Implement sequences (i.e. a series of ActiveTests that once invoked, maintains a cookie jar until the list of URLs is exhausted)
-* Implement a proper detailed reporter; currently a range of data is accumulated, but never reported.
-* Implement more checks
+ * less noisy CLI
+ * proxy support (already supported in requests)
+ * sessions (controlled; sequence for active tests, with a cookie jar that is propagated through the session)
+ * detailed reporting, including the ability to record all HTTP requests and responses generated
+ * the ability to filter which passive checks are run by check name or by check type (i.e. cookies, headers, content-type, etc)
+ * support for additional protocols (websockets, spdy)
+ * Implement instances of each test case for each target scanned to allow them to retain state as a set of tests progresses.

0 comments on commit 03cb29b

Please sign in to comment.