Gauntlt 1.0.5 released!

34 views
Skip to first unread message

James Wickett

unread,
Aug 7, 2013, 1:01:18 PM8/7/13
to gau...@googlegroups.com
Hey everyone,

We have a new version of gauntlt!  It is now ready on rubygems and you can get by running "gem install gauntlt"

If you encounter any bugs, please email the list (bonus points for submitting github issues)

What's new in Gauntlt 1.0.5?

Reporting
First, we have added the ability to do html reports from gauntlt.  We are using the default cucumber formatter and you can get a report by running:

$ gauntlt my.attack --format html > report.html

In future versions we would like to customize this a bit more, maybe adding screenshots of success or failed attacks (think XSS or SQL injection) and some vanity customization like allowing users to add in custom logos and headers.

Attack Aliases
The second feature we added is really, really exciting.  We are now handling attack aliases.  Attack aliases mean that you can now reference a certain type of attack by a short name.  In the past, we had to write the following:

When I run an "nmap" attack with:
"""
nmap -F <host>
"""

Now, with attack aliases you can write that same attack like this:

When I run a "nmap-fast" attack

That's it!  No more knowing switches or arguments for random security tools.  How do we do this?  We now load attack_aliases/*.json and parse the commands from them.  It is super easy to add in a new attack_alias.  No ruby or cucumber knowledge is required, just editing a json document, like this one.  Right now we only load the json documents we ship with gauntlt but I think we should allow users to provide their own.  Thoughts?

So far we have only shipped two working attack_aliases "nmap-fast" and "nmap-single_port" but we plan to grow this list quickly.

Next Steps
We are targeting the next release to happen in two weeks.  In that release we would like to add more attack aliases, some new attack adapters and fix a few issues in the backlog.  The biggest place we could use some help is adding attack aliases. Ping the list (or me directly) if you have some ideas for attack aliases.

Thanks!

PS - Also, we moved away from the leading 0 in the versioning. So instead of being 0.1.5, we are now 1.0.5.  We try not to have breaking changes, but when we do we will try to iterate the second digit and leave the last digit for bug fixes and updates that are low impact.

-- 



Reply all
Reply to author
Forward
0 new messages