Just released gauntlt 0.1.2 . I'll send out email notices for gauntlt releases from now on.
This release brings (finally) the ability to set arbitrary profile variables. Previously we had target_url and hostname, now you can set any variable you like and use it in the attack step.
Briefly, here's what changed:
# Old way
Given the target hostname is "google.com
# New way
Given the following profile:
| name | value |
| hostname | google.com
| foo | bar |
In the attack step, any variable defined in the profile step will be replaced with the defined value. This should allow us to do any kind of profile setup in an attack. For the profile example above, you could launch an attack like this:
When I launch a "something" attack with:
something --host <hostname> <foo>
On the command line, the attack above would execute:
$ something --host google.com
We had discussed this feature for months, and now we finally have it.
Also, we now have full JRuby support, including for scapegoat. Although the sqlmap cuke fails on travis with jruby, but I believe that is a sqlmap issue, not a jruby issue.
You can see the full changeset here: