GAUNTLT BE MEAN TO YOUR CODE AND LIKE IT Join the mailing list for the lastest updates

Gauntlt provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testing and communication between groups and create actionable tests that can be hooked into your deploy and testing processes.

Features Gauntlt attacks are written in a easy-to-read language

Easily hooks into your org's testing tools and processes

Security tool adapters come with gauntlt

Uses unix standard error and standard out to pass status Gauntlt includes attack adapters for these tools: curl

nmap

sslyze

sqlmap

Garmr

generic command line

more coming soon Join the community There are several ways to get involved: Google Group for gauntlt

IRC: #gauntlt on freenode this is the best way to get help, and now you can reach us straight from the web IRC client.

Github organization

There are two ways to get started with gauntlt. You can use the gem install method which will require you to download and setup the security tools (don't worry gauntlt walks you through it) or you can use the Gauntlt Starter Kit which is a vagrant script that will bootstrap the tools for you automagically.

Get started using in 3 easy steps Install the gem $ gem install gauntlt Download example attacks and customize. Here is a very simple network attack using the nmap adapter. # nmap-simple.attack Feature: simple nmap attack to check for open ports Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | Scenario: Check standard web ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should match /80.tcp\s+open/ Then the output should not match: """ 25\/tcp\s+open """ Run gauntlt to launch the attack defined above $ gauntlt # equivalent to gauntlt ./**/*.attack # you can also specify one or more paths yourself: $ gauntlt my_attacks/nmap-simple.attack # other commands to help $ gauntlt --list # the list option will show you the tools that are # available to use with gauntlt $ gauntlt --steps # the steps option will show the gauntlt specific # steps you can use in your attacks $ gauntlt --allsteps # the allsteps option will show all steps including # aruba file operations and parsing steps that are # available to use in attacks $ gauntlt --help # when all else fails use the help For more attack examples, refer to the examples. Get started with the Gauntlt Starter Kit If you don't want to bother with installing ruby on your local box or you dont want to bother setting up all the security tools that gauntlt hooks for running tests, then this is the way to go. Simply follow along with the video and you can have a running virtual machine that includes gauntlt's dependencies, gauntlt itself and a variety of security tools that gauntlt uses to run its tests. Watch this video to help you get started:

twitter feed

Security testing is usually done on the auditors' schedule and that testing output isn't always actionable. Because of this, often regressions for fixed issues find their way back into the code. Thats not good. It should be different.