SlideShare a Scribd company logo

Rugged Driven Development with Gauntlt

James Wickett
James Wickett

Talk from LASCON 2013.

TechnologyNews & Politics
1 of 57
Download to read offline
Rugged Driven Development with Gauntlt @wickett // @gauntlt // gauntlt.org
@wickett • Austin, TX • LASCON Founder • DevOps Days Organizer • DevOps, AppSec, Ruby, Chef, Cucumber @wickett // @gauntlt // gauntlt.org
Work like a Captain Play like a Pirate @wickett // @gauntlt // gauntlt.org
So far, infosec is good at the pirate part... @wickett // @gauntlt // gauntlt.org
@wickett // @gauntlt // gauntlt.org
Gauntlt is Rugged Theology Applied @wickett // @gauntlt // gauntlt.org
rugged @wickett // @gauntlt // gauntlt.org
@wickett // @gauntlt // gauntlt.org
http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain @wickett // @gauntlt // gauntlt.org
Rugged & DevOps
http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
Gauntlt is Rugged Theology Applied @wickett // @gauntlt // gauntlt.org
security tools today @wickett // @gauntlt // gauntlt.org
Core Tenets of Gauntlt • Facilitate communication between Infosec and Dev and Ops • Cultural shift from compliance driven, auditor-led security • Build a new language and currency in organizations @wickett // @gauntlt // gauntlt.org
gauntlt connects people @wickett // @gauntlt // gauntlt.org
https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring
https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring
github.com/gauntlt
Our Philosophy • Run security tools in a repeatable, easy to read way • Handle stdin, stdout, exit status • Favor speed and utility over complexity and slowness • Be part of the pipeline (CI/CD) • We aren’t package managers... install your own tools @wickett // @gauntlt // gauntlt.org
Let’s be Captains @wickett // @gauntlt // gauntlt.org
Install your own tools you are in fact a captain, right? @wickett // @gauntlt // gauntlt.org
$ rvm --ruby-version use 1.9.3 optional, but recommended @wickett // @gauntlt // gauntlt.org
$ mkdir lascon $ cd ./lascon $ vim Gemfile optional, but recommended @wickett // @gauntlt // gauntlt.org
# Gemfile source ‘https://rubygems.org’ gem ‘gauntlt’ optional, but recommended @wickett // @gauntlt // gauntlt.org
$ bundle optional, but recommended @wickett // @gauntlt // gauntlt.org
$ bundle Fetching gem metadata from https://rubygems.org/.......... Fetching gem metadata from https://rubygems.org/.. Resolving dependencies... Using ffi (1.9.0) Using childprocess (0.3.9) Using builder (3.2.2) Using diff-lcs (1.2.4) Using multi_json (1.8.2) Using gherkin (2.12.2) Using multi_test (0.0.2) Using cucumber (1.3.8) Using rspec-expectations (2.14.3) Using aruba (0.5.3) Using nokogiri (1.5.10) Using trollop (2.0) Using gauntlt (1.0.6) Using bundler (1.3.5) Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed. optional, but recommended @wickett // @gauntlt // gauntlt.org
$ gem install gauntlt @wickett // @gauntlt // gauntlt.org
Future slides will use: $ gauntlt but, really it is: $ bundle exec gauntlt @wickett // @gauntlt // gauntlt.org
$ touch example.attack @wickett // @gauntlt // gauntlt.org
Given When Then When Then Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open http """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """ @wickett // @gauntlt // gauntlt.org
running gauntlt with failing tests $ gauntlt Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | hostname | example.com | | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """ 1 scenario (1 failed) 5 steps (1 failed, 4 passed) 0m18.341s @wickett // @gauntlt // gauntlt.org
running gauntlt with passing tests $ gauntlt Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | hostname | example.com | | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """ 1 scenario (1 passed) 4 steps (4 passed) 0m18.341s @wickett // @gauntlt // gauntlt.org
$ gauntlt --list Defined attacks: arachni curl dirb garmr generic nmap sqlmap sslyze @wickett // @gauntlt // gauntlt.org
$ gauntlt --steps /^"(w+)" is installed in my path$/ /^"arachni" is installed$/ /^"curl" is installed$/ /^"dirb" is installed$/ /^"garmr" is installed$/ /^"nmap" is installed$/ /^"sqlmap" is installed$/ /^"sslyze" is installed$/ /^I launch (?:a|an) "arachni" attack with:$/ /^I launch (?:a|an) "arachni-(.*?)" attack$/ /^I launch (?:a|an) "curl" attack with:$/ /^I launch (?:a|an) "dirb" attack with:$/ /^I launch (?:a|an) "garmr" attack with:$/ /^I launch (?:a|an) "generic" attack with:$/ /^I launch (?:a|an) "nmap" attack with:$/ /^I launch (?:a|an) "nmap-(.*?)" attack$/ /^I launch (?:a|an) "sqlmap" attack with:$/ /^I launch (?:a|an) "sslyze" attack with:$/ /^the "(.*?)" command line binary is installed$/ /^the DIRB_WORDLISTS environment variable is set$/ /^the file "(.*?)" should contain XML:$/ /^the file "(.*?)" should not contain XML:$/ /^the following cookies should be received:$/ /^the following environment variables:$/ /^the following profile:$/
$ gauntlt --help $ gauntlt --allsteps @wickett // @gauntlt // gauntlt.org
https://github.com/gauntlt/gauntlt/wiki/Output-parsing-with-Gauntlt @wickett // @gauntlt // gauntlt.org
https://github.com/gauntlt/gauntlt/wiki/Output-parsing-with-Gauntlt @wickett // @gauntlt // gauntlt.org
RegEx in Gauntlt Then the output should match /80.tcps+open/ Then the output should match: """ 80/tcps+open """ @wickett // @gauntlt // gauntlt.org
Create network.attack @slow Feature: check to make sure the right ports are open on our server Background: Given "nmap" is installed And the following profile: | name | value | host | lascon.org | | Scenario: Verify server is open on expected ports When I launch an "nmap-fast" attack Then the output should match /80.tcps+open/ https://gist.github.com/7121100 @wickett // @gauntlt // gauntlt.org
$ gauntlt @slow Feature: check to make sure the right ports are open on our server Background: # network.attack:4 Given "nmap" is installed # gauntlt-1.0.6/lib/gauntlt/ attack_adapters/nmap.rb:4 And the following profile: # gauntlt-1.0.6/lib/gauntlt/ attack_adapters/gauntlt.rb:9 | name | value | | host | lascon.org | Scenario: Verify server is open on expected ports # network.attack:10 Running a nmap-fast attack. This attack has this description: This is a fast nmap scan that should run in 10 seconds or less on most networks. It looks for the most common ports and services. When I launch an "nmap-fast" attack # gauntlt-1.0.6/lib/gauntlt/attack_adapters/nmap.rb:12 Then the output should match /80.tcps+open/ # aruba-0.5.3/ lib/aruba/cucumber.rb:137 1 scenario (1 passed) 4 steps (4 passed) 0m4.799s @wickett // @gauntlt // gauntlt.org
Create directory.attack @slow Feature: make sure our website doesn't expose sensitive directories Scenario: Start with using dirb and check for default apache directories Given "dirb" is installed And the following profile: | name | value | | hostname | http://lascon.org | | wordlist | /opt/wordlists/vulns/apache.txt | When I launch a "dirb" attack with: """ dirb <hostname> <dirb_wordlists_path>/<wordlist> """ Then the output should contain: """ FOUND: 0 """ http://gist.github.com/7124575
@slow Feature: make sure our website doesn't expose sensitive directories Scenario: Start with using dirb and check for default apache directories # directory.attack:4 Given "dirb" is installed # gauntlt-1.0.6/lib/gauntlt/attack_adapters/dirb.rb:1 And the following profile: # gauntlt-1.0.6/lib/gauntlt/attack_adapters/gauntlt.rb:9 | name | value | | hostname | http://lascon.org | | wordlist | vulns/apache.txt | When I launch a "dirb" attack with: # gauntlt-1.0.6/lib/gauntlt/attack_adapters/dirb.rb:9 """ dirb <hostname> <dirb_wordlists_path>/<wordlist> """ Then the output should contain: # aruba-0.5.3/lib/aruba/cucumber.rb:113 """ FOUND: 0 """ 1 scenario (1 passed) 4 steps (4 passed) 0m23.878s
captains need dashboards @wickett // @gauntlt // gauntlt.org
bundle exec gauntlt --format html > out.html @wickett // @gauntlt // gauntlt.org
XSS ...looks cool in this font @wickett // @gauntlt // gauntlt.org
$ vim Gemfile gem ‘arachni’ $ bundle @wickett // @gauntlt // gauntlt.org
Create xss.attack @slow Feature: Look for cross site scripting (xss) using arachni against a URL Scenario: Using the arachni, look for cross site scripting and verify no issues are found Given "arachni" is installed And the following profile: | name | value | | url | http://lascon.org | When I launch an "arachni-simple_xss" attack Then the output should contain "0 issues were detected." @wickett // @gauntlt // gauntlt.org https://gist.github.com/7121728
@slow Feature: Look for cross site scripting (xss) using arachni against a URL Scenario: Using the arachni, look for cross site scripting and verify no issues are found # xss.attack:4 Given "arachni" is installed # gauntlt-1.0.6/lib/gauntlt/attack_adapters/arachni.rb:1 And the following profile: # gauntlt-1.0.6/lib/gauntlt/attack_adapters/gauntlt.rb:9 | name | value | | url | http://lascon.org | Running a arachni-simple_xss attack. This attack has this description: This is a scan for cross site scripting (xss) that only runs the base xss module in arachni. The scan only crawls one level deep which makes it faster. For more depth, run the gauntlt attack alias 'arachnisimple_xss_with_depth' and specifiy depth. The arachni-simple_xss attack requires the following to be set in the profile: ["<url>"] When I launch an "arachni-simple_xss" attack # gauntlt-1.0.6/lib/gauntlt/attack_adapters/arachni.rb:9 Then the output should contain "0 issues were detected." # aruba-0.5.3/lib/aruba/cucumber.rb:97 1 scenario (1 passed) 4 steps (4 passed) 0m7.991s @wickett // @gauntlt // gauntlt.org
Other attacks • Garmr • HTTP Methods (CURL) • REST Testing (jerry curl / CURL) • SQL Injection (sqlmap and arachni) @wickett // @gauntlt // gauntlt.org
Resources • Google Group > https://groups.google.com/d/ forum/gauntlt • • • • Wiki > https://github.com/gauntlt/gauntlt/wiki IRC > #gauntlt on freenode Weekly hangout > http://bit.ly/gauntlt-hangout Issue tracking > http://github.com/gauntlt/gauntlt @wickett // @gauntlt // gauntlt.org
Future dev work • Moar Attack Aliases! • Bring your own Attack Aliases • Bring your own Attacks • Gauntlt Server
@wickett // @gauntlt // gauntlt.org @gauntlt gauntlt.org

Recommended

Be Mean to your Code with Gauntlt #txlf 2013
Be Mean to your Code with Gauntlt #txlf 2013Be Mean to your Code with Gauntlt #txlf 2013
Be Mean to your Code with Gauntlt #txlf 2013
James Wickett
 
Terraform - Taming Modern Clouds
Terraform - Taming Modern CloudsTerraform - Taming Modern Clouds
Terraform - Taming Modern Clouds
Nic Jackson
 
Drupal Camp Brighton 2015: Ansible Drupal Medicine show
Drupal Camp Brighton 2015: Ansible Drupal Medicine showDrupal Camp Brighton 2015: Ansible Drupal Medicine show
Drupal Camp Brighton 2015: Ansible Drupal Medicine show
George Boobyer
 
Be Mean to Your Code - OWASP San Antonio
Be Mean to Your Code - OWASP San Antonio Be Mean to Your Code - OWASP San Antonio
Be Mean to Your Code - OWASP San Antonio
James Wickett
 
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...
James Wickett
 
Rugged by example with Gauntlt (Hacker Headshot)
Rugged by example with Gauntlt (Hacker Headshot)Rugged by example with Gauntlt (Hacker Headshot)
Rugged by example with Gauntlt (Hacker Headshot)
James Wickett
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices
Nebulaworks
 
Designing net-aws-glacier
Designing net-aws-glacierDesigning net-aws-glacier
Designing net-aws-glacier
Workhorse Computing
 

Recommended

Be Mean to your Code with Gauntlt #txlf 2013
Be Mean to your Code with Gauntlt #txlf 2013Be Mean to your Code with Gauntlt #txlf 2013
Be Mean to your Code with Gauntlt #txlf 2013
James Wickett
 
Terraform - Taming Modern Clouds
Terraform - Taming Modern CloudsTerraform - Taming Modern Clouds
Terraform - Taming Modern Clouds
Nic Jackson
 
Drupal Camp Brighton 2015: Ansible Drupal Medicine show
Drupal Camp Brighton 2015: Ansible Drupal Medicine showDrupal Camp Brighton 2015: Ansible Drupal Medicine show
Drupal Camp Brighton 2015: Ansible Drupal Medicine show
George Boobyer
 
Be Mean to Your Code - OWASP San Antonio
Be Mean to Your Code - OWASP San Antonio Be Mean to Your Code - OWASP San Antonio
Be Mean to Your Code - OWASP San Antonio
James Wickett
 
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...
Brining Harmony between Dev and Ops and Security Teams using Gauntlt at ISC2 ...
James Wickett
 
Rugged by example with Gauntlt (Hacker Headshot)
Rugged by example with Gauntlt (Hacker Headshot)Rugged by example with Gauntlt (Hacker Headshot)
Rugged by example with Gauntlt (Hacker Headshot)
James Wickett
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices
Nebulaworks
 
Designing net-aws-glacier
Designing net-aws-glacierDesigning net-aws-glacier
Designing net-aws-glacier
Workhorse Computing
 
Deploying Plack Web Applications: OSCON 2011
Deploying Plack Web Applications: OSCON 2011Deploying Plack Web Applications: OSCON 2011
Deploying Plack Web Applications: OSCON 2011
Tatsuhiko Miyagawa
 
Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.
Workhorse Computing
 
Webscraping with asyncio
Webscraping with asyncioWebscraping with asyncio
Webscraping with asyncio
Jose Manuel Ortega Candel
 
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesReusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modules
Yevgeniy Brikman
 
Deploying E.L.K stack w Puppet
Deploying E.L.K stack w PuppetDeploying E.L.K stack w Puppet
Deploying E.L.K stack w Puppet
Colin Brown
 
Boxen: How to Manage an Army of Laptops
Boxen: How to Manage an Army of LaptopsBoxen: How to Manage an Army of Laptops
Boxen: How to Manage an Army of Laptops
Puppet
 
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Puppet
 
PSGI/Plack OSDC.TW
PSGI/Plack OSDC.TWPSGI/Plack OSDC.TW
PSGI/Plack OSDC.TW
Tatsuhiko Miyagawa
 
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Puppet
 
Ninja Git: Save Your Master
Ninja Git: Save Your MasterNinja Git: Save Your Master
Ninja Git: Save Your Master
Nicola Paolucci
 
GIT, RVM, FIRST HEROKU APP
GIT, RVM, FIRST HEROKU APPGIT, RVM, FIRST HEROKU APP
GIT, RVM, FIRST HEROKU APP
Pavel Tyk
 
Plack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and serversPlack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and servers
Tatsuhiko Miyagawa
 
Pydata-Python tools for webscraping
Pydata-Python tools for webscrapingPydata-Python tools for webscraping
Pydata-Python tools for webscraping
Jose Manuel Ortega Candel
 
Ansible Crash Course
Ansible Crash CourseAnsible Crash Course
Ansible Crash Course
Peter Sankauskas
 
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Puppet
 
Agent Side Lookups with HashiCorp Vault and Puppet 6
Agent Side Lookups with HashiCorp Vault and Puppet 6Agent Side Lookups with HashiCorp Vault and Puppet 6
Agent Side Lookups with HashiCorp Vault and Puppet 6
Mitchell Pronschinske
 
Refactoring terraform
Refactoring terraformRefactoring terraform
Refactoring terraform
Nell Shamrell-Harrington
 
Deploying Symfony | symfony.cat
Deploying Symfony | symfony.catDeploying Symfony | symfony.cat
Deploying Symfony | symfony.cat
Pablo Godel
 
Ansible and AWS
Ansible and AWSAnsible and AWS
Ansible and AWS
Peter Sankauskas
 
Gauntlt Rugged By Example
Gauntlt Rugged By ExampleGauntlt Rugged By Example
Gauntlt Rugged By Example
London School of Cyber Security
 
Git::Hooks
Git::HooksGit::Hooks
Git::Hooks
Mikko Koivunalho
 
Sprockets
SprocketsSprockets
Sprockets
Christophe Porteneuve
 

More Related Content

What's hot

Deploying Plack Web Applications: OSCON 2011
Deploying Plack Web Applications: OSCON 2011Deploying Plack Web Applications: OSCON 2011
Deploying Plack Web Applications: OSCON 2011
Tatsuhiko Miyagawa
 
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Puppet
 
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Puppet
 
Plack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and serversPlack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and servers
Tatsuhiko Miyagawa
 

What's hot (19)

Deploying Plack Web Applications: OSCON 2011
Deploying Plack Web Applications: OSCON 2011Deploying Plack Web Applications: OSCON 2011
Deploying Plack Web Applications: OSCON 2011
 
Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.
 
Webscraping with asyncio
Webscraping with asyncioWebscraping with asyncio
Webscraping with asyncio
 
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesReusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modules
 
Deploying E.L.K stack w Puppet
Deploying E.L.K stack w PuppetDeploying E.L.K stack w Puppet
Deploying E.L.K stack w Puppet
 
Boxen: How to Manage an Army of Laptops
Boxen: How to Manage an Army of LaptopsBoxen: How to Manage an Army of Laptops
Boxen: How to Manage an Army of Laptops
 
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
 
PSGI/Plack OSDC.TW
PSGI/Plack OSDC.TWPSGI/Plack OSDC.TW
PSGI/Plack OSDC.TW
 
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
 
Ninja Git: Save Your Master
Ninja Git: Save Your MasterNinja Git: Save Your Master
Ninja Git: Save Your Master
 
GIT, RVM, FIRST HEROKU APP
GIT, RVM, FIRST HEROKU APPGIT, RVM, FIRST HEROKU APP
GIT, RVM, FIRST HEROKU APP
 
Plack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and serversPlack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and servers
 
Pydata-Python tools for webscraping
Pydata-Python tools for webscrapingPydata-Python tools for webscraping
Pydata-Python tools for webscraping
 
Ansible Crash Course
Ansible Crash CourseAnsible Crash Course
Ansible Crash Course
 
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
 
Agent Side Lookups with HashiCorp Vault and Puppet 6
Agent Side Lookups with HashiCorp Vault and Puppet 6Agent Side Lookups with HashiCorp Vault and Puppet 6
Agent Side Lookups with HashiCorp Vault and Puppet 6
 
Refactoring terraform
Refactoring terraformRefactoring terraform
Refactoring terraform
 
Deploying Symfony | symfony.cat
Deploying Symfony | symfony.catDeploying Symfony | symfony.cat
Deploying Symfony | symfony.cat
 
Ansible and AWS
Ansible and AWSAnsible and AWS
Ansible and AWS
 

Similar to Rugged Driven Development with Gauntlt

Deploying Rails Applications with Capistrano
Deploying Rails Applications with CapistranoDeploying Rails Applications with Capistrano
Deploying Rails Applications with Capistrano
Almir Mendes
 
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Carlos Sanchez
 
Torquebox @ Raleigh.rb - April 2011
Torquebox @ Raleigh.rb - April 2011Torquebox @ Raleigh.rb - April 2011
Torquebox @ Raleigh.rb - April 2011
tobiascrawley
 

Similar to Rugged Driven Development with Gauntlt (20)

Gauntlt Rugged By Example
Gauntlt Rugged By ExampleGauntlt Rugged By Example
Gauntlt Rugged By Example
 
Git::Hooks
Git::HooksGit::Hooks
Git::Hooks
 
Sprockets
SprocketsSprockets
Sprockets
 
Unlocked Nov 2013: Main Slide Pack
Unlocked Nov 2013: Main Slide PackUnlocked Nov 2013: Main Slide Pack
Unlocked Nov 2013: Main Slide Pack
 
Continuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierContinuous Delivery: The Next Frontier
Continuous Delivery: The Next Frontier
 
Deploying Rails Applications with Capistrano
Deploying Rails Applications with CapistranoDeploying Rails Applications with Capistrano
Deploying Rails Applications with Capistrano
 
infra-as-code
infra-as-codeinfra-as-code
infra-as-code
 
Vagrant for real
Vagrant for realVagrant for real
Vagrant for real
 
Be Mean to Your Code
Be Mean to Your CodeBe Mean to Your Code
Be Mean to Your Code
 
Vagrant for real
Vagrant for realVagrant for real
Vagrant for real
 
Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)
 
Terraform in deployment pipeline
Terraform in deployment pipelineTerraform in deployment pipeline
Terraform in deployment pipeline
 
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
 
EC2
EC2EC2
EC2
 
Torquebox @ Raleigh.rb - April 2011
Torquebox @ Raleigh.rb - April 2011Torquebox @ Raleigh.rb - April 2011
Torquebox @ Raleigh.rb - April 2011
 
Toolbox of a Ruby Team
Toolbox of a Ruby TeamToolbox of a Ruby Team
Toolbox of a Ruby Team
 
Rapid Prototyping FTW!!!
Rapid Prototyping FTW!!!Rapid Prototyping FTW!!!
Rapid Prototyping FTW!!!
 
Control your deployments with Capistrano
Control your deployments with CapistranoControl your deployments with Capistrano
Control your deployments with Capistrano
 
Torquebox Asheville.rb April 2011
Torquebox Asheville.rb April 2011Torquebox Asheville.rb April 2011
Torquebox Asheville.rb April 2011
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform Training
 

More from James Wickett

A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
James Wickett
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
James Wickett
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
James Wickett
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
James Wickett
 

More from James Wickett (20)

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
 
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsNewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOp
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOp
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS Lane
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Recently uploaded (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Rugged Driven Development with Gauntlt

  • 1. Rugged Driven Development with Gauntlt @wickett // @gauntlt // gauntlt.org
  • 2. @wickett • Austin, TX • LASCON Founder • DevOps Days Organizer • DevOps, AppSec, Ruby, Chef, Cucumber @wickett // @gauntlt // gauntlt.org
  • 3. Work like a Captain Play like a Pirate @wickett // @gauntlt // gauntlt.org
  • 4. So far, infosec is good at the pirate part... @wickett // @gauntlt // gauntlt.org
  • 5. @wickett // @gauntlt // gauntlt.org
  • 6. Gauntlt is Rugged Theology Applied @wickett // @gauntlt // gauntlt.org
  • 8. @wickett // @gauntlt // gauntlt.org
  • 13. Gauntlt is Rugged Theology Applied @wickett // @gauntlt // gauntlt.org
  • 14. security tools today @wickett // @gauntlt // gauntlt.org
  • 15. Core Tenets of Gauntlt • Facilitate communication between Infosec and Dev and Ops • Cultural shift from compliance driven, auditor-led security • Build a new language and currency in organizations @wickett // @gauntlt // gauntlt.org
  • 16. gauntlt connects people @wickett // @gauntlt // gauntlt.org
  • 19.
  • 21.
  • 22. Our Philosophy • Run security tools in a repeatable, easy to read way • Handle stdin, stdout, exit status • Favor speed and utility over complexity and slowness • Be part of the pipeline (CI/CD) • We aren’t package managers... install your own tools @wickett // @gauntlt // gauntlt.org
  • 23. Let’s be Captains @wickett // @gauntlt // gauntlt.org
  • 24. Install your own tools you are in fact a captain, right? @wickett // @gauntlt // gauntlt.org
  • 25. $ rvm --ruby-version use 1.9.3 optional, but recommended @wickett // @gauntlt // gauntlt.org
  • 26. $ mkdir lascon $ cd ./lascon $ vim Gemfile optional, but recommended @wickett // @gauntlt // gauntlt.org
  • 27. # Gemfile source ‘https://rubygems.org’ gem ‘gauntlt’ optional, but recommended @wickett // @gauntlt // gauntlt.org
  • 28. $ bundle optional, but recommended @wickett // @gauntlt // gauntlt.org
  • 29. $ bundle Fetching gem metadata from https://rubygems.org/.......... Fetching gem metadata from https://rubygems.org/.. Resolving dependencies... Using ffi (1.9.0) Using childprocess (0.3.9) Using builder (3.2.2) Using diff-lcs (1.2.4) Using multi_json (1.8.2) Using gherkin (2.12.2) Using multi_test (0.0.2) Using cucumber (1.3.8) Using rspec-expectations (2.14.3) Using aruba (0.5.3) Using nokogiri (1.5.10) Using trollop (2.0) Using gauntlt (1.0.6) Using bundler (1.3.5) Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed. optional, but recommended @wickett // @gauntlt // gauntlt.org
  • 30. $ gem install gauntlt @wickett // @gauntlt // gauntlt.org
  • 31. Future slides will use: $ gauntlt but, really it is: $ bundle exec gauntlt @wickett // @gauntlt // gauntlt.org
  • 32. $ touch example.attack @wickett // @gauntlt // gauntlt.org
  • 33. Given When Then When Then Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open http """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """ @wickett // @gauntlt // gauntlt.org
  • 34. running gauntlt with failing tests $ gauntlt Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | hostname | example.com | | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """ 1 scenario (1 failed) 5 steps (1 failed, 4 passed) 0m18.341s @wickett // @gauntlt // gauntlt.org
  • 35. running gauntlt with passing tests $ gauntlt Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | hostname | example.com | | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """ 1 scenario (1 passed) 4 steps (4 passed) 0m18.341s @wickett // @gauntlt // gauntlt.org
  • 36. $ gauntlt --list Defined attacks: arachni curl dirb garmr generic nmap sqlmap sslyze @wickett // @gauntlt // gauntlt.org
  • 37. $ gauntlt --steps /^"(w+)" is installed in my path$/ /^"arachni" is installed$/ /^"curl" is installed$/ /^"dirb" is installed$/ /^"garmr" is installed$/ /^"nmap" is installed$/ /^"sqlmap" is installed$/ /^"sslyze" is installed$/ /^I launch (?:a|an) "arachni" attack with:$/ /^I launch (?:a|an) "arachni-(.*?)" attack$/ /^I launch (?:a|an) "curl" attack with:$/ /^I launch (?:a|an) "dirb" attack with:$/ /^I launch (?:a|an) "garmr" attack with:$/ /^I launch (?:a|an) "generic" attack with:$/ /^I launch (?:a|an) "nmap" attack with:$/ /^I launch (?:a|an) "nmap-(.*?)" attack$/ /^I launch (?:a|an) "sqlmap" attack with:$/ /^I launch (?:a|an) "sslyze" attack with:$/ /^the "(.*?)" command line binary is installed$/ /^the DIRB_WORDLISTS environment variable is set$/ /^the file "(.*?)" should contain XML:$/ /^the file "(.*?)" should not contain XML:$/ /^the following cookies should be received:$/ /^the following environment variables:$/ /^the following profile:$/
  • 38. $ gauntlt --help $ gauntlt --allsteps @wickett // @gauntlt // gauntlt.org
  • 41. RegEx in Gauntlt Then the output should match /80.tcps+open/ Then the output should match: """ 80/tcps+open """ @wickett // @gauntlt // gauntlt.org
  • 42. Create network.attack @slow Feature: check to make sure the right ports are open on our server Background: Given "nmap" is installed And the following profile: | name | value | host | lascon.org | | Scenario: Verify server is open on expected ports When I launch an "nmap-fast" attack Then the output should match /80.tcps+open/ https://gist.github.com/7121100 @wickett // @gauntlt // gauntlt.org
  • 43. $ gauntlt @slow Feature: check to make sure the right ports are open on our server Background: # network.attack:4 Given "nmap" is installed # gauntlt-1.0.6/lib/gauntlt/ attack_adapters/nmap.rb:4 And the following profile: # gauntlt-1.0.6/lib/gauntlt/ attack_adapters/gauntlt.rb:9 | name | value | | host | lascon.org | Scenario: Verify server is open on expected ports # network.attack:10 Running a nmap-fast attack. This attack has this description: This is a fast nmap scan that should run in 10 seconds or less on most networks. It looks for the most common ports and services. When I launch an "nmap-fast" attack # gauntlt-1.0.6/lib/gauntlt/attack_adapters/nmap.rb:12 Then the output should match /80.tcps+open/ # aruba-0.5.3/ lib/aruba/cucumber.rb:137 1 scenario (1 passed) 4 steps (4 passed) 0m4.799s @wickett // @gauntlt // gauntlt.org
  • 44. Create directory.attack @slow Feature: make sure our website doesn't expose sensitive directories Scenario: Start with using dirb and check for default apache directories Given "dirb" is installed And the following profile: | name | value | | hostname | http://lascon.org | | wordlist | /opt/wordlists/vulns/apache.txt | When I launch a "dirb" attack with: """ dirb <hostname> <dirb_wordlists_path>/<wordlist> """ Then the output should contain: """ FOUND: 0 """ http://gist.github.com/7124575
  • 45. @slow Feature: make sure our website doesn't expose sensitive directories Scenario: Start with using dirb and check for default apache directories # directory.attack:4 Given "dirb" is installed # gauntlt-1.0.6/lib/gauntlt/attack_adapters/dirb.rb:1 And the following profile: # gauntlt-1.0.6/lib/gauntlt/attack_adapters/gauntlt.rb:9 | name | value | | hostname | http://lascon.org | | wordlist | vulns/apache.txt | When I launch a "dirb" attack with: # gauntlt-1.0.6/lib/gauntlt/attack_adapters/dirb.rb:9 """ dirb <hostname> <dirb_wordlists_path>/<wordlist> """ Then the output should contain: # aruba-0.5.3/lib/aruba/cucumber.rb:113 """ FOUND: 0 """ 1 scenario (1 passed) 4 steps (4 passed) 0m23.878s
  • 46. captains need dashboards @wickett // @gauntlt // gauntlt.org
  • 47. bundle exec gauntlt --format html > out.html @wickett // @gauntlt // gauntlt.org
  • 48. XSS ...looks cool in this font @wickett // @gauntlt // gauntlt.org
  • 49. $ vim Gemfile gem ‘arachni’ $ bundle @wickett // @gauntlt // gauntlt.org
  • 50. Create xss.attack @slow Feature: Look for cross site scripting (xss) using arachni against a URL Scenario: Using the arachni, look for cross site scripting and verify no issues are found Given "arachni" is installed And the following profile: | name | value | | url | http://lascon.org | When I launch an "arachni-simple_xss" attack Then the output should contain "0 issues were detected." @wickett // @gauntlt // gauntlt.org https://gist.github.com/7121728
  • 51. @slow Feature: Look for cross site scripting (xss) using arachni against a URL Scenario: Using the arachni, look for cross site scripting and verify no issues are found # xss.attack:4 Given "arachni" is installed # gauntlt-1.0.6/lib/gauntlt/attack_adapters/arachni.rb:1 And the following profile: # gauntlt-1.0.6/lib/gauntlt/attack_adapters/gauntlt.rb:9 | name | value | | url | http://lascon.org | Running a arachni-simple_xss attack. This attack has this description: This is a scan for cross site scripting (xss) that only runs the base xss module in arachni. The scan only crawls one level deep which makes it faster. For more depth, run the gauntlt attack alias 'arachnisimple_xss_with_depth' and specifiy depth. The arachni-simple_xss attack requires the following to be set in the profile: ["<url>"] When I launch an "arachni-simple_xss" attack # gauntlt-1.0.6/lib/gauntlt/attack_adapters/arachni.rb:9 Then the output should contain "0 issues were detected." # aruba-0.5.3/lib/aruba/cucumber.rb:97 1 scenario (1 passed) 4 steps (4 passed) 0m7.991s @wickett // @gauntlt // gauntlt.org
  • 52. Other attacks • Garmr • HTTP Methods (CURL) • REST Testing (jerry curl / CURL) • SQL Injection (sqlmap and arachni) @wickett // @gauntlt // gauntlt.org
  • 53. Resources • Google Group > https://groups.google.com/d/ forum/gauntlt • • • • Wiki > https://github.com/gauntlt/gauntlt/wiki IRC > #gauntlt on freenode Weekly hangout > http://bit.ly/gauntlt-hangout Issue tracking > http://github.com/gauntlt/gauntlt @wickett // @gauntlt // gauntlt.org
  • 54.
  • 55.
  • 56. Future dev work • Moar Attack Aliases! • Bring your own Attack Aliases • Bring your own Attacks • Gauntlt Server
  • 57. @wickett // @gauntlt // gauntlt.org @gauntlt gauntlt.org