Gauntlt release: 0.1.2

Skip to first unread message

Mani Tadayon

Oct 30, 2012, 1:41:50 AM10/30/12
Hi everybody,

Just released gauntlt 0.1.2 . I'll send out email notices for gauntlt releases from now on.

This release brings (finally) the ability to set arbitrary profile variables. Previously we had target_url and hostname, now you can set any variable you like and use it in the attack step.

Briefly, here's what changed:

# Old way
Given the target hostname is ""

# New way
Given the following profile:
| name | value |
| hostname | |
| foo | bar |

In the attack step, any variable defined in the profile step will be replaced with the defined value. This should allow us to do any kind of profile setup in an attack. For the profile example above, you could launch an attack like this:

When I launch a "something" attack with:
something --host <hostname> <foo>

On the command line, the attack above would execute:

$ something --host bar

We had discussed this feature for months, and now we finally have it.

Also, we now have full JRuby support, including for scapegoat. Although the sqlmap cuke fails on travis with jruby, but I believe that is a sqlmap issue, not a jruby issue.

You can see the full changeset here:


James Wickett

Oct 30, 2012, 11:14:40 AM10/30/12
This is great!

Sounds good Mani!


J. H. Wickett



Reply all
Reply to author
0 new messages