GAUNTLT

Features

• Gauntlt attacks are written in a easy-to-read language
• Easily hooks into your org's testing tools and processes
• Security tool adapters come with gauntlt
• Uses unix standard error and standard out to pass status

Gauntlt includes attack adapters for these tools:

• curl
• nmap
• sslyze
• sqlmap
• Garmr
• generic command line
• more coming soon

Join the community

There are several ways to get involved:

• Google Group for gauntlt
• IRC: #gauntlt on freenode
• Github organization

Get started using in 3 easy steps

1. Install the gem

   
   $ gem install gauntlt
   		    

2. Download example attacks and customize. Here is a very simple network attack using the nmap adapter.

   
   # nmap-simple.attack
   Feature: simple nmap attack (sanity check)
   
     Background:
       Given "nmap" is installed
       And the following profile:
         | name     | value       |
         | hostname | example.com |
   
     Scenario: Check standard web ports
       When I launch an "nmap" attack with:
         """
         nmap -p 80 <hostname>
         """
       Then the output should contain:
         """
         80/tcp open http
         """
   

3. Run gauntlt to launch the attack defined above

   
   $ gauntlt
     # equivalent to gauntlt ./**/*.attack
     # you can also specify one or more paths yourself:
   $ gauntlt my_attacks/nmap-simple.attack
     # other commands to help
   $ gauntlt --list
   $ gauntlt --help
   		

   For more attack examples, refer to the examples.

Get started with the Gauntlt Starter Kit

If you don't want to bother with installing ruby on your local box or you dont want to bother setting up all the security tools that gauntlt hooks for running tests, then this is the way to go. Simply follow along with the video and you can have a running virtual machine that includes gauntlt's dependencies, gauntlt itself and a variety of security tools that gauntlt uses to run its tests.

Watch this video to help you get started: