@slow @announce Feature: nmap attacks for www.devsecops.cc Background: # nmap.attack:3 Given "nmap" is installed # gauntlt-1.0.13/lib/gauntlt/attack_adapters/nmap.rb:4 And the following profile: # gauntlt-1.0.13/lib/gauntlt/attack_adapters/gauntlt.rb:9 | name | value | | hostname | www.devsecops.cc | | tcp_ping_ports | 80,443 | Scenario: Using tcp syn ping scan and the nmap fast flag # nmap.attack:10 $ cd /root/gt $ nmap -F -PS80,443 www.devsecops.cc -oX shiny.xml When I launch an "nmap" attack with: # gauntlt-1.0.13/lib/gauntlt/attack_adapters/nmap.rb:8 """ nmap -F -PS -oX shiny.xml """ The use of "prep_for_fs_check" is deprecated. It will be removed soon. Starting Nmap 7.01 ( https://nmap.org ) at 2018-06-11 16:08 BST Nmap scan report for www.devsecops.cc (138.68.149.181) Host is up (0.11s latency). rDNS record for 138.68.149.181: echo2.net Not shown: 91 closed ports PORT STATE SERVICE 7/tcp filtered echo 26/tcp filtered rsftp 79/tcp filtered finger 80/tcp open http 443/tcp open https 3000/tcp filtered ppp 3986/tcp filtered mapper-ws_ethd 8443/tcp filtered https-alt 49152/tcp filtered unknown Nmap done: 1 IP address (1 host up) scanned in 1.95 seconds The use of "prep_for_fs_check" is deprecated. It will be removed soon. Then the file "shiny.xml" should contain XML: # gauntlt-1.0.13/lib/gauntlt/attack_adapters/gauntlt.rb:15 | css | | ports port[protocol="tcp"][portid="80"] state[state="open"] | | ports port[protocol="tcp"][portid="443"] state[state="open"] | 1 scenario (1 passed) 4 steps (4 passed) 0m2.023s