SlideShare a Scribd company logo
Gauntlt: Go Ahead, Be
                            Mean to Your Code




Tuesday, December 18, 12
Would you vote for this talk
                      as the best if...?

                       A. If its funny
                       B. If it useful to my job
                       C. Dude, I know you want to win
                       the iPad, you are down to 4 min
                       and 37 seconds, stop surveying
                       and start talking!
Tuesday, December 18, 12
@wickett
                           Sr. DevOps Engineer
                           Mentor Graphics,
                           Embedded Software
                           Division
                           CISSP, GWAPT, CCSK,
                           GSEC, GCFW
                           james@gauntlt.org

                           gauntlt.org


Tuesday, December 18, 12
A BRIEF HISTORY
                           OF INFOSEC


Tuesday, December 18, 12
WE HAD
     CINEMA



Tuesday, December 18, 12
WE MADE FREE
      PHONE CALLS
Tuesday, December 18, 12
WE WERE COOL




Tuesday, December 18, 12
WE COULDN’T STOP THE
               VIRUSES AND WORMS



Tuesday, December 18, 12
INSTEAD OF ENGINEERING
               INFOSEC BECAME ACTUARIES




Tuesday, December 18, 12
“[RISK ASSESSMENT] INTRODUCES A
                   DANGEROUS FALLACY: THAT
                   STRUCTURED INADEQUACY IS
                   ALMOST AS GOOD AS ADEQUACY
                   AND THAT UNDERFUNDED
                   SECURITY EFFORTS PLUS RISK
                   MANAGEMENT ARE ABOUT AS
                   GOOD AS PROPERLY FUNDED
                   SECURITY WORK” - MICHAL ZALEWSKI




Tuesday, December 18, 12
“IS THIS SECURE?”
                           -YOUR CUSTOMER



Tuesday, December 18, 12
“ITS CERTIFIED”- YOU



Tuesday, December 18, 12
Tuesday, December 18, 12
NO PAIN, NO GAIN




Tuesday, December 18, 12
Put your code through the Gauntlet




Tuesday, December 18, 12
Put your code through the Gauntlet




                     Your web app   You


Tuesday, December 18, 12
Put your code through the Gauntlet
                            generic   w3af
                           garmr      sqlmap

                      fuzzers                curl

            sslyze                                  nmap



                     Your web app     You


Tuesday, December 18, 12
GAUNTLT ALLOWS DEV AND
               OPS AND SECURITY TO
               COMMUNICATE

Tuesday, December 18, 12
install gauntlt

                   $ gem install gauntlt

                   # download example attacks from github
                   # customize the example attacks
                   # now you can run gauntlt

                   $ gauntlt

                   # gauntlt looks for *.attack in its
                   # directory



                   Examples > https://github.com/thegauntlet/gauntlt/tree/master/examples


Tuesday, December 18, 12
@slow                                          nmap.attack
   Feature: nmap attacks for example.com
     Background:
       Given "nmap" is installed
       And the following profile:
         | name           | value        |
         | hostname       | example.com |
         | tcp_ping_ports | 22,25,80,443 |

       Scenario: Verify server is open on expected ports
         When I launch an "nmap" attack with:
           """
           nmap -F <hostname>
           """
         Then the output should contain:
           """
           80/tcp open https
           """
       Scenario: Verify that there are no unexpected ports open
         When I launch an "nmap" attack with:
           """
           nmap -F <hostname>
           """
         Then the output should not contain:
           """
           25/tcp
           """
Tuesday, December 18, 12
running gauntlt with failing tests
        wickett$ gauntlt

        @slow
        Feature: nmap attacks for example.com

            Background:
              Given "nmap" is installed
              And the following profile:
                | name           | value        |
                | hostname       | example.com |
                | tcp_ping_ports | 22,25,80,443 |

            Scenario: Verify server is open on expected ports
              When   I launch an "nmap" attack with:
                """
                nmap -F www.example.com
                """
              Then the output should contain:
                """
                443/tcp open https
                """

        1 scenario (1 failed)
        5 steps (1 failed, 4 passed)
        0m18.341s

Tuesday, December 18, 12
running gauntlt with passing tests
        wickett$ gauntlt

        @slow
        Feature: nmap attacks for example.com

            Background:
              Given "nmap" is installed
              And the following profile:
                | name           | value        |
                | hostname       | example.com |
                | tcp_ping_ports | 22,25,80,443 |

            Scenario: Verify server is open on expected ports
              When   I launch an "nmap" attack with:
                """
                nmap -F www.example.com
                """
              Then the output should contain:
                """
                443/tcp open https
                """

        1 scenario (1 passed)
        5 steps (5 passed)
        0m18.341s

Tuesday, December 18, 12
Feature: Run sqlmap against a target

                           Scenario: Identify SQL injection vulnerabilities
                             Given "sqlmap" is installed
                             And the target URL is "http://localhost?id=1"
                             When I launch a "sqlmap" attack with:
                               """
                                 python <sqlmap_path> -u <target_url>
                               """
                             Then the output should contain:
                               """
                               sqlmap identified the following injection points
                               """




Tuesday, December 18, 12
Feature: Run sqlmap against a target

                Scenario: Identify SQL injection vulnerabilities
                  Given "sqlmap" is installed
    setup steps
                  And the target URL is "http://localhost?id=1"
                  When I launch a "sqlmap" attack with:
                    """
                      python <sqlmap_path> -u <target_url>
                    """
                  Then the output should contain:
                    """
                    sqlmap identified the following injection points
                    """




Tuesday, December 18, 12
Feature: Run sqlmap against a target
                                                 verify
                Scenario: Identify SQL injection vulnerabilities
                                                  tool
                  Given "sqlmap" is installed
    setup steps
                  And the target URL is "http://localhost?id=1"
                  When I launch a "sqlmap" attack with:
                    """
                      python <sqlmap_path> -u <target_url>
                    """
                  Then the output should contain:
                    """
                    sqlmap identified the following injection points
                    """




Tuesday, December 18, 12
Feature: Run sqlmap against a target
                                                 verify
                Scenario: Identify SQL injection vulnerabilities
                                                  tool
                  Given "sqlmap" is installed
    setup steps
                  And the target URL is "http://localhost?id=1"
                  When I launch a "sqlmap" attack with:            set
                    """                                           config
                      python <sqlmap_path> -u <target_url>
                    """
                  Then the output should contain:
                    """
                    sqlmap identified the following injection points
                    """




Tuesday, December 18, 12
Feature: Run sqlmap against a target

                           Scenario: Identify SQL injection vulnerabilities
                             Given "sqlmap" is installed
                             And the target URL is "http://localhost?id=1"
                             When I launch a "sqlmap" attack with:
                               """
                                 python <sqlmap_path> -u <target_url>
                               """
                             Then the output should contain:
                               """
                               sqlmap identified the following injection points
                               """




Tuesday, December 18, 12
Feature: Run sqlmap against a target

                           Scenario: Identify SQL injection vulnerabilities
                             Given "sqlmap" is installed
                             And the target URL is "http://localhost?id=1"
                             When I launch a "sqlmap" attack with:
                               """
        attack!
                                 python <sqlmap_path> -u <target_url>
                               """
                             Then the output should contain:
                               """
                               sqlmap identified the following injection points
                               """




Tuesday, December 18, 12
Feature: Run sqlmap against a target

                           Scenario: Identify SQL injection vulnerabilities
                             Given "sqlmap" is installed
                             And the target URL is "http://localhost?id=1"
                             When I launch a "sqlmap" attack with:
                               """
        attack!
                                 python <sqlmap_path> -u <target_url>
                               """
                                   env
                             Then the output should contain:
                                 param
                               """
                               sqlmap identified the following injection points
                               """




Tuesday, December 18, 12
Feature: Run sqlmap against a target

                           Scenario: Identify SQL injection vulnerabilities
                             Given "sqlmap" is installed
                             And the target URL is "http://localhost?id=1"
                             When I launch a "sqlmap" attack with:
                               """
        attack!
                                 python <sqlmap_path> -u <target_url>
                               """
                                   env
                             Then the output should contain:             get
                                 param                                  config
                               """
                               sqlmap identified the following injection points
                               """




Tuesday, December 18, 12
Feature: Run sqlmap against a target

                           Scenario: Identify SQL injection vulnerabilities
                             Given "sqlmap" is installed
                             And the target URL is "http://localhost?id=1"
                             When I launch a "sqlmap" attack with:
                               """
                                 python <sqlmap_path> -u <target_url>
                               """
                             Then the output should contain:
                               """
                               sqlmap identified the following injection points
                               """




Tuesday, December 18, 12
Feature: Run sqlmap against a target

                           Scenario: Identify SQL injection vulnerabilities
                             Given "sqlmap" is installed
                             And the target URL is "http://localhost?id=1"
                             When I launch a "sqlmap" attack with:
                               """
                                 python <sqlmap_path> -u <target_url>
                               """
                             Then the output should contain:
                               """
        assert
                               sqlmap identified the following injection points
                               """




Tuesday, December 18, 12
Feature: Run sqlmap against a target

                           Scenario: Identify SQL injection vulnerabilities
                             Given "sqlmap" is installed
                             And the target URL is "http://localhost?id=1"
                             When I launch a "sqlmap" attack with:
                               """
                                 python <sqlmap_path> -u <target_url>
                               """
                             Then the output should contain:
                               """
        assert
                               sqlmap identified the following injection points
                               """

                                       needle




Tuesday, December 18, 12
Feature: Run sqlmap against a target

                           Scenario: Identify SQL injection vulnerabilities
                             Given "sqlmap" is installed
                             And the target URL is "http://localhost?id=1"
                             When I launch a "sqlmap" attack with:
                               """
                                 python <sqlmap_path> -u <target_url>
                               """                             haystack
                             Then the output should contain:
                               """
        assert
                               sqlmap identified the following injection points
                               """

                                       needle




Tuesday, December 18, 12
Given /^"sqlmap" is installed$/ do
                             ensure_python_script_installed('sqlmap')
                           end

                           When /^I launch an? "sqlmap" attack with:$/ do |command|
                             sqlmap_path = path_to_python_script("sqlmap")

                             command.gsub!('<target_url>', target_url)
                             command.gsub!('<sqlmap_path>', sqlmap_path)
                             run command
                           end




Tuesday, December 18, 12
Given /^"sqlmap" is installed$/ do
  step definition             ensure_python_script_installed('sqlmap')
                           end

                           When /^I launch an? "sqlmap" attack with:$/ do |command|
                             sqlmap_path = path_to_python_script("sqlmap")

                             command.gsub!('<target_url>', target_url)
                             command.gsub!('<sqlmap_path>', sqlmap_path)
                             run command
                           end




Tuesday, December 18, 12
Given /^"sqlmap" is installed$/ do
  step definition             ensure_python_script_installed('sqlmap')      ruby
                           end

                           When /^I launch an? "sqlmap" attack with:$/ do |command|
                             sqlmap_path = path_to_python_script("sqlmap")

                             command.gsub!('<target_url>', target_url)
                             command.gsub!('<sqlmap_path>', sqlmap_path)
                             run command
                           end




Tuesday, December 18, 12
Given /^"sqlmap" is installed$/ do
                             ensure_python_script_installed('sqlmap')
                           end

                           When /^I launch an? "sqlmap" attack with:$/ do |command|
                             sqlmap_path = path_to_python_script("sqlmap")

                             command.gsub!('<target_url>', target_url)
                             command.gsub!('<sqlmap_path>', sqlmap_path)
                             run command
                           end




Tuesday, December 18, 12
Given /^"sqlmap" is installed$/ do
                             ensure_python_script_installed('sqlmap')
                           end

                           When /^I launch an? "sqlmap" attack with:$/ do |command|
                             sqlmap_path = path_to_python_script("sqlmap")

  step definition             command.gsub!('<target_url>', target_url)
                             command.gsub!('<sqlmap_path>', sqlmap_path)
                             run command
                           end




Tuesday, December 18, 12
Given /^"sqlmap" is installed$/ do
                             ensure_python_script_installed('sqlmap')
                           end

                           When /^I launch an? "sqlmap" attack with:$/ do |command|
                             sqlmap_path = path_to_python_script("sqlmap")

  step definition             command.gsub!('<target_url>', target_url)
                             command.gsub!('<sqlmap_path>', sqlmap_path)
                             run command
                           end
                                           execute




Tuesday, December 18, 12
Supported Tools

                   • curl
                   • nmap
                   • sslyze
                   • sqlmap
                   • Garmr
                   • generic command line
Tuesday, December 18, 12
Try it yourself at
                            http://gauntlt.org/
                           with the new gauntlt
                              video tutorial!

Tuesday, December 18, 12

More Related Content

PDF
Gauntlt Rugged By Example
PDF
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...
PDF
Be Mean to your Code with Gauntlt #txlf 2013
PDF
Be Mean to Your Code - OWASP San Antonio
PDF
Rugged by example with Gauntlt (Hacker Headshot)
PDF
Run your code through the Gauntlt
PDF
Be Mean to Your Code - DevOps Days Austin 2013
PPTX
I hunt sys admins 2.0
Gauntlt Rugged By Example
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...
Be Mean to your Code with Gauntlt #txlf 2013
Be Mean to Your Code - OWASP San Antonio
Rugged by example with Gauntlt (Hacker Headshot)
Run your code through the Gauntlt
Be Mean to Your Code - DevOps Days Austin 2013
I hunt sys admins 2.0

What's hot (20)

PPTX
Advanced Weapons Training for the Empire
PDF
Be Mean to Your Code
PDF
[CB16] About the cyber grand challenge: the world’s first all-machine hacking...
PDF
HTTP For the Good or the Bad
PDF
Writing nagios plugins in perl
PPTX
Invoke-Obfuscation DerbyCon 2016
PPTX
Nagios Conference 2011 - Nathan Vonnahme - Writing Custom Nagios Plugins In Perl
PDF
Fantastic Red Team Attacks and How to Find Them
PDF
Windows Attacks AT is the new black
PDF
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...
PDF
Us 17-krug-hacking-severless-runtimes
PDF
JWT! JWT! Let it all out!
PDF
Ace Up the Sleeve
PDF
Modern tooling to assist with developing applications on FreeBSD
PPTX
Invoke-Obfuscation nullcon 2017
PPTX
Bridging the Gap
PDF
DDoS: Practical Survival Guide
 
PDF
Open Canary - novahackers
PDF
HashiCorp Vault Workshop:幫 Credentials 找個窩
PPTX
Red Team vs Blue Team on AWS - RSA 2018
Advanced Weapons Training for the Empire
Be Mean to Your Code
[CB16] About the cyber grand challenge: the world’s first all-machine hacking...
HTTP For the Good or the Bad
Writing nagios plugins in perl
Invoke-Obfuscation DerbyCon 2016
Nagios Conference 2011 - Nathan Vonnahme - Writing Custom Nagios Plugins In Perl
Fantastic Red Team Attacks and How to Find Them
Windows Attacks AT is the new black
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...
Us 17-krug-hacking-severless-runtimes
JWT! JWT! Let it all out!
Ace Up the Sleeve
Modern tooling to assist with developing applications on FreeBSD
Invoke-Obfuscation nullcon 2017
Bridging the Gap
DDoS: Practical Survival Guide
 
Open Canary - novahackers
HashiCorp Vault Workshop:幫 Credentials 找個窩
Red Team vs Blue Team on AWS - RSA 2018
Ad

Similar to Gauntlt: Go Ahead, Be Mean to your Code (20)

PDF
Gauntlt Rugged By Example
PDF
Putting Rugged Into your DevOps Toolchain
PDF
Make Your Life Easier With Maatkit
PDF
What Ops Can Learn From Design
PDF
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
PDF
Rugged Driven Development with Gauntlt
PDF
10 things i wish i'd known before using spark in production
PPT
Much ado about randomness. What is really a random number?
PDF
Securing Rails
PDF
Approach to find critical vulnerabilities
PDF
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
PDF
PPTX
Analysis of an exploited npm package
PDF
Da APK al Golden Ticket
PDF
Web 2.0 Performance and Reliability: How to Run Large Web Apps
PDF
Os Wilhelm
PDF
Puppet at Pinterest
PPT
Drupal Camp Atlanta 2011 - Drupal Security
PDF
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
PDF
RAT - Repurposing Adversarial Tradecraft
Gauntlt Rugged By Example
Putting Rugged Into your DevOps Toolchain
Make Your Life Easier With Maatkit
What Ops Can Learn From Design
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
Rugged Driven Development with Gauntlt
10 things i wish i'd known before using spark in production
Much ado about randomness. What is really a random number?
Securing Rails
Approach to find critical vulnerabilities
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
Analysis of an exploited npm package
Da APK al Golden Ticket
Web 2.0 Performance and Reliability: How to Run Large Web Apps
Os Wilhelm
Puppet at Pinterest
Drupal Camp Atlanta 2011 - Drupal Security
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
RAT - Repurposing Adversarial Tradecraft
Ad

More from James Wickett (20)

PDF
A Pragmatic Union: Security and SRE
PDF
A Way to Think about DevSecOps: MEASURE
PDF
The Security, DevOps, and Chaos Playbook to Change the World
PDF
Pragmatic Pipeline Security
PDF
A Tale of Woe, Chaos, and Business
PDF
A DevSecOps Tale of Business, Engineering, and People
PDF
The New Ways of DevSecOps - The Secure Dev 2019
PDF
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
PDF
The New Ways of Chaos, Security, and DevOps
PDF
DevOpsDays Austin: Security in the FaaS Lane
PDF
The Seven Habits of the Highly Effective DevSecOp
PDF
Serverless Security: A How-to Guide @ SnowFROC 2019
PDF
Release Your Inner DevSecOp
PDF
Security in the FaaS Lane
PDF
The New Security Playbook: DevSecOps
PDF
The Emergent Cloud Security Toolchain for CI/CD
PDF
Adversary Driven Defense in the Real World
PDF
The DevSecOps Builder’s Guide to the CI/CD Pipeline
PDF
DevSecOps and the CI/CD Pipeline
PDF
The State of DevSecOps in 2018
A Pragmatic Union: Security and SRE
A Way to Think about DevSecOps: MEASURE
The Security, DevOps, and Chaos Playbook to Change the World
Pragmatic Pipeline Security
A Tale of Woe, Chaos, and Business
A DevSecOps Tale of Business, Engineering, and People
The New Ways of DevSecOps - The Secure Dev 2019
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
DevOpsDays Austin: Security in the FaaS Lane
The Seven Habits of the Highly Effective DevSecOp
Serverless Security: A How-to Guide @ SnowFROC 2019
Release Your Inner DevSecOp
Security in the FaaS Lane
The New Security Playbook: DevSecOps
The Emergent Cloud Security Toolchain for CI/CD
Adversary Driven Defense in the Real World
The DevSecOps Builder’s Guide to the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
The State of DevSecOps in 2018

Recently uploaded (20)

PPTX
MYSQL Presentation for SQL database connectivity
PDF
MIND Revenue Release Quarter 2 2025 Press Release
PPTX
Programs and apps: productivity, graphics, security and other tools
PDF
Approach and Philosophy of On baking technology
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
PDF
Spectral efficient network and resource selection model in 5G networks
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
PDF
Machine learning based COVID-19 study performance prediction
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
PDF
Electronic commerce courselecture one. Pdf
PDF
KodekX | Application Modernization Development
PDF
NewMind AI Weekly Chronicles - August'25 Week I
PDF
Encapsulation theory and applications.pdf
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
PDF
cuic standard and advanced reporting.pdf
MYSQL Presentation for SQL database connectivity
MIND Revenue Release Quarter 2 2025 Press Release
Programs and apps: productivity, graphics, security and other tools
Approach and Philosophy of On baking technology
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Spectral efficient network and resource selection model in 5G networks
Per capita expenditure prediction using model stacking based on satellite ima...
20250228 LYD VKU AI Blended-Learning.pptx
Machine learning based COVID-19 study performance prediction
The Rise and Fall of 3GPP – Time for a Sabbatical?
Electronic commerce courselecture one. Pdf
KodekX | Application Modernization Development
NewMind AI Weekly Chronicles - August'25 Week I
Encapsulation theory and applications.pdf
Building Integrated photovoltaic BIPV_UPV.pdf
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
cuic standard and advanced reporting.pdf

Gauntlt: Go Ahead, Be Mean to your Code

  • 1. Gauntlt: Go Ahead, Be Mean to Your Code Tuesday, December 18, 12
  • 2. Would you vote for this talk as the best if...? A. If its funny B. If it useful to my job C. Dude, I know you want to win the iPad, you are down to 4 min and 37 seconds, stop surveying and start talking! Tuesday, December 18, 12
  • 3. @wickett Sr. DevOps Engineer Mentor Graphics, Embedded Software Division CISSP, GWAPT, CCSK, GSEC, GCFW james@gauntlt.org gauntlt.org Tuesday, December 18, 12
  • 4. A BRIEF HISTORY OF INFOSEC Tuesday, December 18, 12
  • 5. WE HAD CINEMA Tuesday, December 18, 12
  • 6. WE MADE FREE PHONE CALLS Tuesday, December 18, 12
  • 7. WE WERE COOL Tuesday, December 18, 12
  • 8. WE COULDN’T STOP THE VIRUSES AND WORMS Tuesday, December 18, 12
  • 9. INSTEAD OF ENGINEERING INFOSEC BECAME ACTUARIES Tuesday, December 18, 12
  • 10. “[RISK ASSESSMENT] INTRODUCES A DANGEROUS FALLACY: THAT STRUCTURED INADEQUACY IS ALMOST AS GOOD AS ADEQUACY AND THAT UNDERFUNDED SECURITY EFFORTS PLUS RISK MANAGEMENT ARE ABOUT AS GOOD AS PROPERLY FUNDED SECURITY WORK” - MICHAL ZALEWSKI Tuesday, December 18, 12
  • 11. “IS THIS SECURE?” -YOUR CUSTOMER Tuesday, December 18, 12
  • 14. NO PAIN, NO GAIN Tuesday, December 18, 12
  • 15. Put your code through the Gauntlet Tuesday, December 18, 12
  • 16. Put your code through the Gauntlet Your web app You Tuesday, December 18, 12
  • 17. Put your code through the Gauntlet generic w3af garmr sqlmap fuzzers curl sslyze nmap Your web app You Tuesday, December 18, 12
  • 18. GAUNTLT ALLOWS DEV AND OPS AND SECURITY TO COMMUNICATE Tuesday, December 18, 12
  • 19. install gauntlt $ gem install gauntlt # download example attacks from github # customize the example attacks # now you can run gauntlt $ gauntlt # gauntlt looks for *.attack in its # directory Examples > https://github.com/thegauntlet/gauntlt/tree/master/examples Tuesday, December 18, 12
  • 20. @slow nmap.attack Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | | tcp_ping_ports | 22,25,80,443 | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open https """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """ Tuesday, December 18, 12
  • 21. running gauntlt with failing tests wickett$ gauntlt @slow Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | | tcp_ping_ports | 22,25,80,443 | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """ 1 scenario (1 failed) 5 steps (1 failed, 4 passed) 0m18.341s Tuesday, December 18, 12
  • 22. running gauntlt with passing tests wickett$ gauntlt @slow Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | | tcp_ping_ports | 22,25,80,443 | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """ 1 scenario (1 passed) 5 steps (5 passed) 0m18.341s Tuesday, December 18, 12
  • 23. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """ Tuesday, December 18, 12
  • 24. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed setup steps And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """ Tuesday, December 18, 12
  • 25. Feature: Run sqlmap against a target verify Scenario: Identify SQL injection vulnerabilities tool Given "sqlmap" is installed setup steps And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """ Tuesday, December 18, 12
  • 26. Feature: Run sqlmap against a target verify Scenario: Identify SQL injection vulnerabilities tool Given "sqlmap" is installed setup steps And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: set """ config python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """ Tuesday, December 18, 12
  • 27. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """ Tuesday, December 18, 12
  • 28. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ attack! python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """ Tuesday, December 18, 12
  • 29. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ attack! python <sqlmap_path> -u <target_url> """ env Then the output should contain: param """ sqlmap identified the following injection points """ Tuesday, December 18, 12
  • 30. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ attack! python <sqlmap_path> -u <target_url> """ env Then the output should contain: get param config """ sqlmap identified the following injection points """ Tuesday, December 18, 12
  • 31. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """ Tuesday, December 18, 12
  • 32. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ assert sqlmap identified the following injection points """ Tuesday, December 18, 12
  • 33. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ assert sqlmap identified the following injection points """ needle Tuesday, December 18, 12
  • 34. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ haystack Then the output should contain: """ assert sqlmap identified the following injection points """ needle Tuesday, December 18, 12
  • 35. Given /^"sqlmap" is installed$/ do ensure_python_script_installed('sqlmap') end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") command.gsub!('<target_url>', target_url) command.gsub!('<sqlmap_path>', sqlmap_path) run command end Tuesday, December 18, 12
  • 36. Given /^"sqlmap" is installed$/ do step definition ensure_python_script_installed('sqlmap') end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") command.gsub!('<target_url>', target_url) command.gsub!('<sqlmap_path>', sqlmap_path) run command end Tuesday, December 18, 12
  • 37. Given /^"sqlmap" is installed$/ do step definition ensure_python_script_installed('sqlmap') ruby end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") command.gsub!('<target_url>', target_url) command.gsub!('<sqlmap_path>', sqlmap_path) run command end Tuesday, December 18, 12
  • 38. Given /^"sqlmap" is installed$/ do ensure_python_script_installed('sqlmap') end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") command.gsub!('<target_url>', target_url) command.gsub!('<sqlmap_path>', sqlmap_path) run command end Tuesday, December 18, 12
  • 39. Given /^"sqlmap" is installed$/ do ensure_python_script_installed('sqlmap') end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") step definition command.gsub!('<target_url>', target_url) command.gsub!('<sqlmap_path>', sqlmap_path) run command end Tuesday, December 18, 12
  • 40. Given /^"sqlmap" is installed$/ do ensure_python_script_installed('sqlmap') end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") step definition command.gsub!('<target_url>', target_url) command.gsub!('<sqlmap_path>', sqlmap_path) run command end execute Tuesday, December 18, 12
  • 41. Supported Tools • curl • nmap • sslyze • sqlmap • Garmr • generic command line Tuesday, December 18, 12
  • 42. Try it yourself at http://gauntlt.org/ with the new gauntlt video tutorial! Tuesday, December 18, 12