Gauntlt is a security testing framework that provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testing and communication between groups and create actionable tests that can be hooked into your deploy and testing processes.
To use gauntlt, you will need one or more attack files. An attack file is a plain text file written with Gherkin syntax and named with the .attack extension. For more info on the Gherkin syntax, have a look at Cucumber. A gauntlt attack file is almost the same as a cucumber feature file. The main difference is that gauntlt aims to provide the user with predefined steps geared towards security and durability testing so that you do not have to write your own step definitions, whereas cucumber is aimed at developers and stakeholders building features from end to end. Gauntlt and cucumber can and do work together harmoniously.
Example attack file:
Feature: simplest attack possible
When I launch a "generic" attack with:
Then the output should contain:
- Gauntlt attacks are written in a easy-to-read language
- Easily hooks into your org’s testing tools and processes
- Security tool adapters come with gauntlt
- Uses unix standard error and standard out to pass status
You will need to install each tool yourself before you can use it with gauntlt. However, if you try to use a tool that is not installed or that gauntlt cannot find, you will get a helpful error message from gauntlt with information on how to install and/or configure the tool for use with gauntlt.
The authors also include a generic attack adapter that allows you to run anything on the command line, parse its output and check its exit status.
You can download Gauntlt here (using the starter kit):
git clone firstname.lastname@example.org:gauntlt/gauntlt-starter-kit
- Virtual Box
Or read more here.
- unix-privesc-check – Unix/Linux User Privilege Escalation Scanner
- Just-Metadata – Gathers & Analyse IP Address Metadata
- Shadow Daemon – Web Application Firewall
- Garmr – Automate Web Application Security Tests
- SIFT Web Services Security Testing Framework
- Hcon Security Testing Framework (HconSTF) v0.4 – Fire Base
Most Read in Security Software:
- Top 15 Security/Hacking Tools & Utilities - 1,923,618 views
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,153,545 views
- Password Hasher Firefox Extension - 117,388 views