Regular expressions in gauntlt tests

[Steve Hershman II]

Hi there,

   I was playing with one of the example nmap scripts a couple of weeks ago, and I noticed that the script would fail for sites that seemingly should have passed if you'd run the nmap command directly.

   After looking a little closer, I realized that nmap spaces its output differently depending on what it finds for the list of ports that return results (specifically, "open", "closed", and "filtered".  The attack rules I had before had literal whitespace defined, so those wouldn't always match when they should.  With a little regexing I could build some better checks...what regex support does gauntlt provide today?  Thanks in advance.

-Steve H

[Carl Sampson]

I've seen that as well.  Particularly with nmap.  It may take me awhile to get up to speed, but I would be willing to research how to implement that. 

 

Thanks,

 

Carl Sampson | e: carl.s...@gmail.com | w: http://www.chs.us

Designed with WiseStamp - Get yours 

--
 
---
You received this message because you are subscribed to the Google Groups "gauntlt" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gauntlt+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[James Wickett]

One way to do this is to use the output parsing with the "match" statements.

I changed the example on gauntlt.org to show the regex options.

Then the output should match /80.tcp\s+open/ 

    Then the output should not match:
      """
      25\/tcp\s+open
      """

Do these work for your needs?

Sent from my iPhone

[Steve Hershman II]

Sorry for the delay.   That hits the spot.  Thanks guys.

-Steve H
Sent from my iPad

You received this message because you are subscribed to a topic in the Google Groups "gauntlt" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/gauntlt/BWEBSxK7MTU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to gauntlt+u...@googlegroups.com.