INACTIVE - Security Testing Tool
Перейти к файлу
Dave Hunt dd62580890 Merge pull request #15 from mozfreddyb/patch-1
LICENSE
2016-02-18 08:59:16 +00:00
Garmr amend CSP checks to work with CSP 1.0 header 2014-05-14 15:14:19 +01:00
.gitignore Added setup, restructured built-in checks 2011-10-13 23:00:51 -07:00
LICENSE LICENSE 2016-02-18 09:51:28 +01:00
README.md Importing Freds changes. 2012-02-09 11:47:13 -08:00
authchecks.py Importing Freds changes. 2012-02-09 11:47:13 -08:00
djangochecks.py Importing Freds changes. 2012-02-09 11:47:13 -08:00
setup.py Update setup.py to include BeautifulSoup dependency 2012-10-26 23:27:36 -03:00
webchecks.py Importing Freds changes. 2012-02-09 11:47:13 -08:00

README.md

Garmr

Garmr is a tool to inspect the responses from websites for basic security requirements.

Garmr includes a set of core test cases implemented in corechecks that are derived from the Mozilla Secure Coding Guidelines

Installation

This version of Garmr requires Requests > 0.8.3

git clone https://github.com/freddyb/Garmr.git
cd Garmr
sudo python setup.py install
garmr -u http://my.target.app

Usage

usage: Runs a set of tests against the set of provided URLs
   [-h] [-u TARGETS] [-f TARGET_FILES] [-S] [-m MODULES] [-D] [-p] [-d]
   [-r REPORT] [-o OUTPUT] [-c OPTS] [-e EXCLUSIONS] [--save DUMP_PATH]

optional arguments:
  -h, --help            show this help message and exit
  -u TARGETS, --url TARGETS
                        Add a target to test
  -f TARGET_FILES, --target-file TARGET_FILES
                        File with URLs to test
  -S, --new-sessions    Create new Session for each test
  -m MODULES, --module MODULES
                        Load an extension module
  -D, --disable-core    Disable corechecks
  -p, --force-passive   Force passives to be run for each active test
  -d, --dns             Skip DNS resolution when registering a target
  -r REPORT, --report REPORT
                        Load a reporter e.g. -r reporter.AntXmlReporter
  -o OUTPUT, --output OUTPUT
                        Default output is garmr-results.xml
  -c OPTS, --check OPTS
                        Set a parameter for a check (check:opt=value)
  -e EXCLUSIONS, --exclude EXCLUSIONS
                        Prevent a check from being run/processed
  --save DUMP_PATH      Write out a configuration file based on parameters
                        (won't run scan)


A TARGET is an http or https scheme url to execute tests against.
 e.g. garmr -u http://localhost

A MODULE is the name of a module; resolving this path needs to be improved
 e.g. garmr -m djangochecks (Experimental)

An OPTS field contains the path and name of the option to set
 e.g. garmr -m webchecks -c webchecks.RobotsTest:save_contents=True

A REPORT is the namespace qualified name of a reporter object or a valid alias (xml is the only current valid alias, and the default)
 e.g. garmr -r xml

An EXCLUSION prevents a check from being executed
 e.g. garmr -e WebTouch
 
Disable core checks will prevent all of the checks in corechecks from being loaded; this is useful to limit the scope of testing.

Tasks

See Issues on Github