【安全工具】Gauntlt是一个安全测试框架,它使用命令行界面(CLI)来运行安全测试或攻击
Chinese, Simplified
Gauntlt为各种安全工具提供了钩子,并将它们放在安全,开发和运营团队的手中,以协作构建坚固的软件。 它旨在促进组之间的测试和通信,并创建可操作的测试,这些测试可以连接到您的部署和测试过程中。
特征
- Gauntlt攻击以易于阅读的语言编写
- 轻松连接到组织的测试工具和流程
- 安全工具适配器配有gauntlt
- 使用unix标准错误和标准输出来传递状态
Gauntlt包含这些工具的攻击适配器:
有两种方法可以开始使用gauntlt。 您可以使用gem安装方法,这将需要您下载和设置安全工具(不用担心gauntlt引导您完成)或者您可以使用Gauntlt入门工具包,这是一个流浪脚本,将自动为您启动工具。
Get started using in 3 easy steps
-
Install the gem
$ gem install gauntlt
-
Download example attacks and customize. Here is a very simple network attack using the nmap adapter.
# nmap-simple.attack Feature: simple nmap attack to check for open ports Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | Scenario: Check standard web ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should match /80.tcp\s+open/ Then the output should not match: """ 25\/tcp\s+open """
-
Run gauntlt to launch the attack defined above
$ gauntlt # equivalent to gauntlt ./**/*.attack # you can also specify one or more paths yourself: $ gauntlt my_attacks/nmap-simple.attack # other commands to help $ gauntlt --list # the list option will show you the tools that are # available to use with gauntlt $ gauntlt --steps # the steps option will show the gauntlt specific # steps you can use in your attacks $ gauntlt --allsteps # the allsteps option will show all steps including # aruba file operations and parsing steps that are # available to use in attacks $ gauntlt --help # when all else fails use the help
For more attack examples, refer to the examples.
安全测试通常在审计员的日程安排上进行,测试输出并不总是可操作的。 因此,针对已修复问题的回归常常会回到代码中。 这不好。 它应该是不同的。
本文:http://pub.intelligentx.net/gauntlt-be-mean-your-code-and-it
讨论:请加入知识星球【首席架构师圈】
- 44 次浏览
SEO Title
Gauntlt is a security testing framework that uses a command-line interface (CLI) for running security tests, or attacks.