Security testing with gauntlt

3,638 views

Published on

This is the May 2012 update on the gauntlt project.

Published in: Technology, Business
1 Comment
3 Likes
Statistics
Notes
No Downloads
Views
Total views
3,638
On SlideShare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
32
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

Security testing with gauntlt

  1. 1. Put your code through the Gauntlet
  2. 2. gauntlet, n.an attack from all sides
  3. 3. Put your code through the Gauntlet gauntlt
  4. 4. gauntlt - doing securitytesting using cucumber
  5. 5. custom attacks dirbuster metasploit sqlmap fuzzers nessusw3af nmap Your web app You
  6. 6. gauntlt is
  7. 7. an always-attacking environment for developers
  8. 8. with attacks written ineasy-to-read language
  9. 9. accessible to everyone involved in dev, ops, testing, security, ...
  10. 10. gauntlt includes
  11. 11. Why gauntlt?Security domainknowledge is generallya mystery to dev teams
  12. 12. gauntlt allows dev andops and security tocommunicate andcollaborate
  13. 13. gauntlt joins: The Philosophy of Rugged Software &Principles of BehaviorDriven Development
  14. 14. Gauntlet gauntlthas a new home
  15. 15. https://github.com/thegauntlet/gauntlt
  16. 16. gauntlt has a reserved spot at rubygems
  17. 17. what does the gauntltcode include right now?
  18. 18. ├── Gemfile├── Gemfile.lock├── LICENSE├── README.md├── Rakefile├── bin│   └── gauntlt├── features features - which is the cucumber way of│   ├── nmap│   │   └── nmap.feature│   ├── step_definitions describing tests│   │   ├── nmap.rb│   │   └── profile.rb│   └── support│   └── aruba.rb├── gauntlt│   ├── Gemfile│   ├── Rakefile│   ├── gauntlt.gemspec│   └── lib│   ├── gauntlt│   │   └── version.rb│   └── gauntlt.rb├── gauntlt.gemspec├── profile│   └── profile.xml└── tmp └── aruba
  19. 19. ├── Gemfile├── Gemfile.lock├── LICENSE├── README.md├── Rakefile├── bin│   └── gauntlt├── features│   ├── nmap nmap feature - which│   │   └── nmap.feature│   ├── step_definitions verifies nmap is installed and scans the│   │   ├── nmap.rb│   │   └── profile.rb│   └── support target from the profile│   └── aruba.rb├── gauntlt│   ├── Gemfile│   ├── Rakefile│   ├── gauntlt.gemspec│   └── lib on ports 80 and 443│   ├── gauntlt│   │   └── version.rb│   └── gauntlt.rb├── gauntlt.gemspec├── profile│   └── profile.xml└── tmp └── aruba
  20. 20. ├── Gemfile├── Gemfile.lock├── LICENSE├── README.md├── Rakefile├── bin│   └── gauntlt nmap step definitions - which actually defines├── features│   ├── nmap│   │   └── nmap.feature the steps that are│   ├── step_definitions│   │   ├── nmap.rb│   │   └── profile.rb│   └── support│   └── aruba.rb├── gauntlt called in the feature│   ├── Gemfile│   ├── Rakefile these steps can be reused in other│   ├── gauntlt.gemspec│   └── lib│   ├── gauntlt features│   │   └── version.rb│   └── gauntlt.rb├── gauntlt.gemspec├── profile│   └── profile.xml└── tmp └── aruba
  21. 21. ├── Gemfile├── Gemfile.lock├── LICENSE├── README.md├── Rakefile├── bin the profile - which is│   └── gauntlt├── features where user defined data lives like│   ├── nmap│   │   └── nmap.feature│   ├── step_definitions hostname, URLs,│   │   ├── nmap.rb│   │   └── profile.rb│   └── support│   └── aruba.rb├── gauntlt│   ├── Gemfile usernames, passwords│   ├── Rakefile│   ├── gauntlt.gemspec│   └── lib│   ├── gauntlt│   │   └── version.rb│   └── gauntlt.rb├── gauntlt.gemspec├── profile│   └── profile.xml└── tmp └── aruba
  22. 22. ├── Gemfile├── Gemfile.lock├── LICENSE profile step definition -├── README.md├── Rakefile├── bin this is where we│   └── gauntlt├── features│   ├── nmap│   │   └── nmap.feature│   ├── step_definitions│   │   ├── nmap.rb provide a way to│   │   └── profile.rb│   └── support extract everything in the profile to hand off│   └── aruba.rb├── gauntlt│   ├── Gemfile to features (i.e. target│   ├── Rakefile│   ├── gauntlt.gemspec│   └── lib│  │  │   ├── gauntlt │   └── version.rb └── gauntlt.rb hostname, URL, ...)├── gauntlt.gemspec├── profile│   └── profile.xml└── tmp └── aruba
  23. 23. ├── Gemfile├── Gemfile.lock├── LICENSE├── README.md├── Rakefile├── bin│   └── gauntlt├── features│   ├── nmap all the stuff to package│   │   └── nmap.feature│   ├── step_definitions this as a gem for distribution│   │   ├── nmap.rb│   │   └── profile.rb│   └── support│   └── aruba.rb├── gauntlt│   ├── Gemfile│   ├── Rakefile│   ├── gauntlt.gemspec│   └── lib│   ├── gauntlt│   │   └── version.rb│   └── gauntlt.rb├── gauntlt.gemspec├── profile│   └── profile.xml└── tmp └── aruba
  24. 24. ├── Gemfile├── Gemfile.lock├── LICENSE├── README.md├── Rakefile├── bin│   └── gauntlt Did I mention aruba?├── features│   ├── nmap│   │   └── nmap.feature│   ├── step_definitions gauntlt uses cucumber│   │   ├── nmap.rb│   │   └── profile.rb and aruba to execute against the command│   └── support│   └── aruba.rb├── gauntlt line making it possible│   ├── Gemfile│   ├── Rakefile│   ├── gauntlt.gemspec│   └── lib│  │   ├── gauntlt │   └── version.rb to execute any test,│   └── gauntlt.rb├── gauntlt.gemspec script or language├── profile│   └── profile.xml└── tmp └── aruba
  25. 25. lets look inside acouple of these files
  26. 26. feature for nmap: nmap.feature@gauntlet @runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml.Background: Given nmap is installedScenario:Verify server is available on standard web ports Given the hostname in the profile.xml When I run nmap against the hostname in the profile on ports 80,443 Then the output should contain: """ 80/tcp open http 443/tcp open https """
  27. 27. step definition for nmap: nmap.rbGiven /^nmap is installed$/ do steps %{ When I run `which nmap` Then the output should contain: """ nmap """ }endWhen /^I run nmap against the hostname in the profile on ports (d+),(d+)$/ do |arg2, arg3| steps %{ When I run `nmap "#{@hostname}" -p80,443` }end
  28. 28. lets run gauntlt with the nmap.feature against google.com
  29. 29. running gauntlt with failing testswickett$ gauntlt@gauntlet @runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml. Background: # features/nmap/nmap.feature:5 Given nmap is installed # features/step_definitions/nmap.rb:2 Scenario:Verify server is available on standard web ports # features/nmap/nmap.feature:8 Given the hostname in the profile.xml # features/step_definitions/profile.rb:1 When I run nmap against the hostname in the profile on ports 8080,443 # features/step_definitions/nmap.rb:12 Then the output should contain: # aruba-0.4.11/lib/aruba/cucumber.rb:98 """ 8080/tcp open http 443/tcp open https """...Failing Scenarios:cucumber features/nmap/nmap.feature:8 # Scenario:Verify server is available on standard web ports1 scenario (1 failed)4 steps (1 failed, 3 passed)0m0.341s
  30. 30. running gauntlt with passing testswickett$ gauntlt@gauntlet @runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml. Background: # features/nmap/nmap.feature:5 Given nmap is installed # features/step_definitions/nmap.rb:2 Scenario:Verify server is available on standard web ports # features/nmap/nmap.feature:8 Given the hostname in the profile.xml # features/step_definitions/profile.rb:1 When I run nmap against the hostname in the profile on ports 80,443 # features/step_definitions/nmap.rb:12 Then the output should contain: # aruba-0.4.11/lib/aruba/cucumber.rb:98 """ 80/tcp open http 443/tcp open https """1 scenario (1 passed)4 steps (4 passed)0m1.117s
  31. 31. walk vs. run• gauntlt has two modes: walk and run • meaning fast and slow or smoke and full • This is done by labels in cucumber • For each feature you will get to decide if it is a @walk or a @run test or both
  32. 32. some realizations• The core of gauntlt needs to provide a set of functionality that encourages contributors to ‘package’ pen testing tools similar to ubuntu juju, chef or puppet• A gauntlt DSL (Domain Specific Language) will arise with words like target, scan, attack, host...• gauntlt needs to bootstrap itself and tools into a vagrant ubuntu box
  33. 33. gauntlt as a kickstarter project• A small bit of the funds will be used for core code bounties: profile, DSL creation, architecture, vagrant bootstrap via chef, packaging architecture...• The bulk of the funds will be used for feature bounties where we define features we want packaged for gauntlt such as w3af or dirbuster and pay developers for the best code.
  34. 34. gauntlt features thatcould be built in the future...
  35. 35. nmap scanning for verifying ports
  36. 36. crawl site and searchfor passwords in text (assume fuzzing)
  37. 37. badness with LOIC,slowloris, wget, curl
  38. 38. Include recon, scanning, fuzzing, injecting, load
  39. 39. multi-vector attacks: timing + load, fail open, ...
  40. 40. all the tools mentioned on the tool slide
  41. 41. custom attacks dirbuster metasploit sqlmap fuzzers nessusw3af nmap Your web app You
  42. 42. we need your help
  43. 43. Want to join the core team?email james@ruggeddevops.org

×