
Chinese, Simplified

Gauntlt为各种安全工具提供了钩子,并将它们放在安全,开发和运营团队的手中,以协作构建坚固的软件。 它旨在促进组之间的测试和通信,并创建可操作的测试,这些测试可以连接到您的部署和测试过程中。



  • Gauntlt攻击以易于阅读的语言编写
  • 轻松连接到组织的测试工具和流程
  • 安全工具适配器配有gauntlt
  • 使用unix标准错误和标准输出来传递状态


有两种方法可以开始使用gauntlt。 您可以使用gem安装方法,这将需要您下载和设置安全工具(不用担心gauntlt引导您完成)或者您可以使用Gauntlt入门工具包,这是一个流浪脚本,将自动为您启动工具。


Get started using in 3 easy steps

  1. Install the gem

    $ gem install gauntlt
  2. Download example attacks and customize. Here is a very simple network attack using the nmap adapter.

    # nmap-simple.attack
    Feature: simple nmap attack to check for open ports
        Given "nmap" is installed
        And the following profile:
          | name     | value       |
          | hostname | example.com |
      Scenario: Check standard web ports
        When I launch an "nmap" attack with:
          nmap -F <hostname>
        Then the output should match /80.tcp\s+open/
        Then the output should not match:
  3. Run gauntlt to launch the attack defined above

    $ gauntlt
      # equivalent to gauntlt ./**/*.attack
      # you can also specify one or more paths yourself:
    $ gauntlt my_attacks/nmap-simple.attack
      # other commands to help
    $ gauntlt --list
      # the list option will show you the tools that are 
      # available to use with gauntlt
    $ gauntlt --steps
      # the steps option will show the gauntlt specific 
      # steps you can use in your attacks
    $ gauntlt --allsteps
      # the allsteps option will show all steps including 
      # aruba file operations and parsing steps that are 
      # available to use in attacks
    $ gauntlt --help
      # when all else fails use the help

    For more attack examples, refer to the examples.

安全测试通常在审计员的日程安排上进行,测试输出并不总是可操作的。 因此,针对已修复问题的回归常常会回到代码中。 这不好。 它应该是不同的。




SEO Title
Gauntlt is a security testing framework that uses a command-line interface (CLI) for running security tests, or attacks.