• Stars
    star
    193
  • Rank 201,081 (Top 4 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created over 10 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Mittn: Security test tool runner for test automation in CI

Mittn

"For that warm and fluffy feeling"

Background

Mittn is an evolving suite of security testing tools to be run in Continuous Integration context. It uses Python and Behave.

The idea is that security people or developers can define a hardening target using a human-readable language, in this case, Gherkin.

The rationale is:

  • Once the initial set of tests is running in test automation, new security test cases can be added based on existing ones without having to understand exactly how the tools are set up and run.
  • Existing functional tests can be reused to drive security tests.
  • Test tools are run automatically in Continuous Integration, catching regression and low-hanging fruit, and helping to concentrate exploratory security testing into areas where it has a better bang-for-buck ratio.

Mittn was originally inspired by Gauntlt (http://gauntlt.org/). You might also want to have a look at BDD-Security (http://www.continuumsecurity.net/bdd-intro.html) that is a pretty awesome system for automating security testing, and offers similar functionality with OWASP Zaproxy.

Installation

Exact installation varies by the test tool you want to use. See the docs/ directory for detailed instructions.

NOTE: Backwards compatibility of false positive databases has been broken. The last version to be compatible with the original database schema is tagged "v0.1" on GitHub.

Features

Currently, the tool implements:

If you'd like something else to be supported, please open an issue ticket against the GitHub project.

As you can see, all the heavy lifting is done by existing tools. Mittn just glues it together.

Contact information

If you have questions about the usage, please open a ticket in the GitHub project with a "Question" tag.

If you have found a bug, please file a ticket in the GitHub project.

If necessary, you can also email [email protected], but opening a ticket on GitHub is preferable.

More Repositories

1

see

Sandboxed Execution Environment
Python
805
star
2

Sulo

Dynamic instrumentation tool for Adobe Flash Player built on Intel Pin
C++
148
star
3

mqtt_fuzz

A simple fuzzer for the MQTT protocol
Python
73
star
4

elevation-of-privacy

Privacy Cards for Software Developers
48
star
5

reflash

ActionScript3 dynamic instrumentation tool
D
36
star
6

pytest-voluptuous

A pytest plugin for asserting data against voluptuous schema
Python
29
star
7

flaky-tests-detection

Python
22
star
8

headless-scanner-driver

A Burp Suite extension that starts scanning on requests it sees, and dumps results on standard output
Python
20
star
9

Synounlocker

Tool for decrypting files encrypted by the SynoLocker ransomware
Python
14
star
10

murphy

Python
14
star
11

resource-api

A framework that allows developers declaratively define resources and relationships between them
Python
10
star
12

sysvkit

A toolkit for running systemd-centric services on sysvinit systems
C
8
star
13

gdpr-subject-rights-api

An OpenAPI specification for fulfilling data subject requests under the GDPR
8
star
14

failures-analysis

Groupping automatically similar failures in the CI/CD pipeline
Python
7
star
15

pytest-rts

Coverage-based regression test selection (RTS) plugin for pytest
Python
7
star
16

distci

Python
5
star
17

fstrace

trace logging library
C
4
star
18

dvmps

Dynamic Virtual Machine Provisioning Service
Python
4
star
19

unixkit

unix-specific utility functions
C
3
star
20

atlant-api

F-Secure Atlant API Examples
Python
3
star
21

flaky-test-ci

Python
3
star
22

fsdyn

collection of elementary data structures
C
2
star
23

pglookout

2
star
24

async

event loop on top of epoll and kqueue with stackable streams
C
2
star
25

pyvsphere

Python
2
star
26

change-analyzer

Python
1
star
27

encjson

JSON encoding and decoding library
C
1
star
28

asynctls

client-side and server-side TLS async streams on top of openssl and macOS Secure Transport
C
1
star