We need more Security Tools to hook into gauntlt and we need your input

Skip to first unread message

James Wickett

Nov 3, 2012, 10:16:18 AM11/3/12
to gau...@googlegroups.com
Howdy all,

It has been a busy few weeks for the gauntlt project.  We have a new version out (0.1.2), did a big presentation at AppSec USA and we even have a new website to boot (gauntlt.org).  By the end of AppSec we released the newest version of gauntlt with a new adapter for garmr.  Mani hooked up with Yvan from mozilla and knocked it out.  Sweet!  The gauntlt adapter list keeps growing.

Yesterday on our weekly call for gauntlt we were discussing the next tools we should hook into gauntlt.  Our current list is listed on gauntlt.org but in short form, it is: garmr, nmap, sqlmap, curl, sslyze and a generic adapter.  We discussed it and we feel we are missing some testing tools around XSS and web app testing tools.  I wanted to open the discussion to the group at large.

What tools would you like to see in gauntlt next?  To help you scope your recommendations, we are looking for security or testing tools that have some or all of these characteristics:

- Command line interface
- Linux and not windows (at least not yet)
- Uses standard error and standard out in a sane way (if not then we can cope, but it helps for sure)
- XML/JSON output is a big plus
- Easy to install on linux or mac
- Open source license (apache, MIT, ...)
- Not a dead or stale project (we prefer to work with tools that are relevant and hopefully in active development)

If you know a tool that fits some of these characteristics and/or you have experience using it, then we would love to hear about it.


J. H. Wickett


Nov 3, 2012, 10:27:57 AM11/3/12
to gau...@googlegroups.com
I've mentioned this already on this list, but just havnt found the time to make it happen.
But I'd still love to plug OWASP ZAP into gauntlt.
Its open source, cross platform, and supports JSON & XML via a REST API.
Under very active development, and I'm very happy to enhance it to make it easier to integrate with gauntlt or any other security tool.
Oh, and it scores 100% XSS detection on wavsep.

I'm the project lead, and I work for Yvan at Mozilla ;)



James Wickett

Nov 3, 2012, 10:31:45 AM11/3/12
to gau...@googlegroups.com
Awesome.  Lets do it! 

I am created a github issue for this and we can start collaborating around this > https://github.com/gauntlt/gauntlt/issues/47




J.H. Wickett, CISSP, GWAPT

Reply all
Reply to author
0 new messages