Security testing with gauntlt
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Security testing with gauntlt

on

  • 3,147 views

This is the May 2012 update on the gauntlt project.

This is the May 2012 update on the gauntlt project.

Statistics

Views

Total Views
3,147
Views on SlideShare
3,135
Embed Views
12

Actions

Likes
2
Downloads
19
Comments
1

2 Embeds 12

https://twitter.com 11
http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Security testing with gauntlt Presentation Transcript

  • 1. Put your code through the Gauntlet
  • 2. gauntlet, n.an attack from all sides
  • 3. Put your code through the Gauntlet gauntlt
  • 4. gauntlt - doing securitytesting using cucumber
  • 5. custom attacks dirbuster metasploit sqlmap fuzzers nessusw3af nmap Your web app You
  • 6. gauntlt is
  • 7. an always-attacking environment for developers
  • 8. with attacks written ineasy-to-read language
  • 9. accessible to everyone involved in dev, ops, testing, security, ...
  • 10. gauntlt includes
  • 11. Why gauntlt?Security domainknowledge is generallya mystery to dev teams
  • 12. gauntlt allows dev andops and security tocommunicate andcollaborate
  • 13. gauntlt joins: The Philosophy of Rugged Software &Principles of BehaviorDriven Development
  • 14. Gauntlet gauntlthas a new home
  • 15. https://github.com/thegauntlet/gauntlt
  • 16. gauntlt has a reserved spot at rubygems
  • 17. what does the gauntltcode include right now?
  • 18. ├── Gemfile├── Gemfile.lock├── LICENSE├── README.md├── Rakefile├── bin│   └── gauntlt├── features features - which is the cucumber way of│   ├── nmap│   │   └── nmap.feature│   ├── step_definitions describing tests│   │   ├── nmap.rb│   │   └── profile.rb│   └── support│   └── aruba.rb├── gauntlt│   ├── Gemfile│   ├── Rakefile│   ├── gauntlt.gemspec│   └── lib│   ├── gauntlt│   │   └── version.rb│   └── gauntlt.rb├── gauntlt.gemspec├── profile│   └── profile.xml└── tmp └── aruba
  • 19. ├── Gemfile├── Gemfile.lock├── LICENSE├── README.md├── Rakefile├── bin│   └── gauntlt├── features│   ├── nmap nmap feature - which│   │   └── nmap.feature│   ├── step_definitions verifies nmap is installed and scans the│   │   ├── nmap.rb│   │   └── profile.rb│   └── support target from the profile│   └── aruba.rb├── gauntlt│   ├── Gemfile│   ├── Rakefile│   ├── gauntlt.gemspec│   └── lib on ports 80 and 443│   ├── gauntlt│   │   └── version.rb│   └── gauntlt.rb├── gauntlt.gemspec├── profile│   └── profile.xml└── tmp └── aruba
  • 20. ├── Gemfile├── Gemfile.lock├── LICENSE├── README.md├── Rakefile├── bin│   └── gauntlt nmap step definitions - which actually defines├── features│   ├── nmap│   │   └── nmap.feature the steps that are│   ├── step_definitions│   │   ├── nmap.rb│   │   └── profile.rb│   └── support│   └── aruba.rb├── gauntlt called in the feature│   ├── Gemfile│   ├── Rakefile these steps can be reused in other│   ├── gauntlt.gemspec│   └── lib│   ├── gauntlt features│   │   └── version.rb│   └── gauntlt.rb├── gauntlt.gemspec├── profile│   └── profile.xml└── tmp └── aruba
  • 21. ├── Gemfile├── Gemfile.lock├── LICENSE├── README.md├── Rakefile├── bin the profile - which is│   └── gauntlt├── features where user defined data lives like│   ├── nmap│   │   └── nmap.feature│   ├── step_definitions hostname, URLs,│   │   ├── nmap.rb│   │   └── profile.rb│   └── support│   └── aruba.rb├── gauntlt│   ├── Gemfile usernames, passwords│   ├── Rakefile│   ├── gauntlt.gemspec│   └── lib│   ├── gauntlt│   │   └── version.rb│   └── gauntlt.rb├── gauntlt.gemspec├── profile│   └── profile.xml└── tmp └── aruba
  • 22. ├── Gemfile├── Gemfile.lock├── LICENSE profile step definition -├── README.md├── Rakefile├── bin this is where we│   └── gauntlt├── features│   ├── nmap│   │   └── nmap.feature│   ├── step_definitions│   │   ├── nmap.rb provide a way to│   │   └── profile.rb│   └── support extract everything in the profile to hand off│   └── aruba.rb├── gauntlt│   ├── Gemfile to features (i.e. target│   ├── Rakefile│   ├── gauntlt.gemspec│   └── lib│  │  │   ├── gauntlt │   └── version.rb └── gauntlt.rb hostname, URL, ...)├── gauntlt.gemspec├── profile│   └── profile.xml└── tmp └── aruba
  • 23. ├── Gemfile├── Gemfile.lock├── LICENSE├── README.md├── Rakefile├── bin│   └── gauntlt├── features│   ├── nmap all the stuff to package│   │   └── nmap.feature│   ├── step_definitions this as a gem for distribution│   │   ├── nmap.rb│   │   └── profile.rb│   └── support│   └── aruba.rb├── gauntlt│   ├── Gemfile│   ├── Rakefile│   ├── gauntlt.gemspec│   └── lib│   ├── gauntlt│   │   └── version.rb│   └── gauntlt.rb├── gauntlt.gemspec├── profile│   └── profile.xml└── tmp └── aruba
  • 24. ├── Gemfile├── Gemfile.lock├── LICENSE├── README.md├── Rakefile├── bin│   └── gauntlt Did I mention aruba?├── features│   ├── nmap│   │   └── nmap.feature│   ├── step_definitions gauntlt uses cucumber│   │   ├── nmap.rb│   │   └── profile.rb and aruba to execute against the command│   └── support│   └── aruba.rb├── gauntlt line making it possible│   ├── Gemfile│   ├── Rakefile│   ├── gauntlt.gemspec│   └── lib│  │   ├── gauntlt │   └── version.rb to execute any test,│   └── gauntlt.rb├── gauntlt.gemspec script or language├── profile│   └── profile.xml└── tmp └── aruba
  • 25. lets look inside acouple of these files
  • 26. feature for nmap: nmap.feature@gauntlet @runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml.Background: Given nmap is installedScenario:Verify server is available on standard web ports Given the hostname in the profile.xml When I run nmap against the hostname in the profile on ports 80,443 Then the output should contain: """ 80/tcp open http 443/tcp open https """
  • 27. step definition for nmap: nmap.rbGiven /^nmap is installed$/ do steps %{ When I run `which nmap` Then the output should contain: """ nmap """ }endWhen /^I run nmap against the hostname in the profile on ports (d+),(d+)$/ do |arg2, arg3| steps %{ When I run `nmap "#{@hostname}" -p80,443` }end
  • 28. lets run gauntlt with the nmap.feature against google.com
  • 29. running gauntlt with failing testswickett$ gauntlt@gauntlet @runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml. Background: # features/nmap/nmap.feature:5 Given nmap is installed # features/step_definitions/nmap.rb:2 Scenario:Verify server is available on standard web ports # features/nmap/nmap.feature:8 Given the hostname in the profile.xml # features/step_definitions/profile.rb:1 When I run nmap against the hostname in the profile on ports 8080,443 # features/step_definitions/nmap.rb:12 Then the output should contain: # aruba-0.4.11/lib/aruba/cucumber.rb:98 """ 8080/tcp open http 443/tcp open https """...Failing Scenarios:cucumber features/nmap/nmap.feature:8 # Scenario:Verify server is available on standard web ports1 scenario (1 failed)4 steps (1 failed, 3 passed)0m0.341s
  • 30. running gauntlt with passing testswickett$ gauntlt@gauntlet @runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml. Background: # features/nmap/nmap.feature:5 Given nmap is installed # features/step_definitions/nmap.rb:2 Scenario:Verify server is available on standard web ports # features/nmap/nmap.feature:8 Given the hostname in the profile.xml # features/step_definitions/profile.rb:1 When I run nmap against the hostname in the profile on ports 80,443 # features/step_definitions/nmap.rb:12 Then the output should contain: # aruba-0.4.11/lib/aruba/cucumber.rb:98 """ 80/tcp open http 443/tcp open https """1 scenario (1 passed)4 steps (4 passed)0m1.117s
  • 31. walk vs. run• gauntlt has two modes: walk and run • meaning fast and slow or smoke and full • This is done by labels in cucumber • For each feature you will get to decide if it is a @walk or a @run test or both
  • 32. some realizations• The core of gauntlt needs to provide a set of functionality that encourages contributors to ‘package’ pen testing tools similar to ubuntu juju, chef or puppet• A gauntlt DSL (Domain Specific Language) will arise with words like target, scan, attack, host...• gauntlt needs to bootstrap itself and tools into a vagrant ubuntu box
  • 33. gauntlt as a kickstarter project• A small bit of the funds will be used for core code bounties: profile, DSL creation, architecture, vagrant bootstrap via chef, packaging architecture...• The bulk of the funds will be used for feature bounties where we define features we want packaged for gauntlt such as w3af or dirbuster and pay developers for the best code.
  • 34. gauntlt features thatcould be built in the future...
  • 35. nmap scanning for verifying ports
  • 36. crawl site and searchfor passwords in text (assume fuzzing)
  • 37. badness with LOIC,slowloris, wget, curl
  • 38. Include recon, scanning, fuzzing, injecting, load
  • 39. multi-vector attacks: timing + load, fail open, ...
  • 40. all the tools mentioned on the tool slide
  • 41. custom attacks dirbuster metasploit sqlmap fuzzers nessusw3af nmap Your web app You
  • 42. we need your help
  • 43. Want to join the core team?email james@ruggeddevops.org