Gauntlt – Security Testing Framework For Developers & Ops

The New Acunetix V12 Engine


Gauntlt is a security testing framework that provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testing and communication between groups and create actionable tests that can be hooked into your deploy and testing processes.

Gauntlt - Security Testing Framework For Developers & Ops

To use gauntlt, you will need one or more attack files. An attack file is a plain text file written with Gherkin syntax and named with the .attack extension. For more info on the Gherkin syntax, have a look at Cucumber. A gauntlt attack file is almost the same as a cucumber feature file. The main difference is that gauntlt aims to provide the user with predefined steps geared towards security and durability testing so that you do not have to write your own step definitions, whereas cucumber is aimed at developers and stakeholders building features from end to end. Gauntlt and cucumber can and do work together harmoniously.

Example attack file:

Features

  • Gauntlt attacks are written in a easy-to-read language
  • Easily hooks into your org’s testing tools and processes
  • Security tool adapters come with gauntlt
  • Uses unix standard error and standard out to pass status

Tools Supported

You will need to install each tool yourself before you can use it with gauntlt. However, if you try to use a tool that is not installed or that gauntlt cannot find, you will get a helpful error message from gauntlt with information on how to install and/or configure the tool for use with gauntlt.

The authors also include a generic attack adapter that allows you to run anything on the command line, parse its output and check its exit status.

You can download Gauntlt here (using the starter kit):

Pre-requisites

  • Virtual Box
  • Vagrant

Or read more here.

Posted in: Security Software

,


Latest Posts:


Intercepter-NG - Android App For Hacking Intercepter-NG – Android App For Hacking
Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.
dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.


6 Responses to Gauntlt – Security Testing Framework For Developers & Ops

  1. Eric July 25, 2014 at 11:14 pm #

    Garmr can be found here: https://github.com/mozilla/Garmr

    • Darknet July 26, 2014 at 1:39 am #

      Thanks Eric.

  2. Paul July 26, 2014 at 3:34 am #

    Cucumber is not good tool, and especially for developers, just waste of time :) I think guy, who start this tool, is not Ruby developer :(

    • Darknet July 26, 2014 at 4:58 pm #

      Depends if you’re following BDD or not I guess? Any better BDD tools you suggest?

      • Paul July 26, 2014 at 7:39 pm #

        It’s not connected with TDD or BDD :) because this is tool without coding of app logic :) (T/B)DD is style for development app with tests, and tests should be first ;)

        Developer can describe business rules without duplication code in plain readable ruby code by using Test Unit or RSpec (TDD or BDD if they understand what is it). Cucumber maybe good when clients or qa (who do not understand Ruby syntax, but they should learn Gherkin syntax, and waste their time on copy pasting steps instead of good communication) prepare user stories, but I have not seen any clients who will create such scenarios (I’m Ruby developer – freelancer with Cucumber experience).

        You may review a lot of posts about those problem, and review OSS projects. Cucumber has been used only in several projects from the thousands on GitHub.

        • Darknet July 26, 2014 at 9:49 pm #

          Ah ok, understood – thanks for sharing your experience Paul :)