AuditFramework @ PacketManipulator
This page is a placeholder to mantain updates about AuditFramework idea for PacketManipulator. The original name was AttackFramework.
Abstract
The goal of the project is to provide a general framework to create general attacks, with the help of UmitPlugins infrastructure, XML and schema files and Python language. The project will also include a complete set of common attacks, with point click and pwn semantic.
Audits
Passive
The passive audits just look at the packets travelling the network without any interaction. The list of available passive audits actually include:
- dhcp
- fingerprint
- http
- ip
- ppp
- smb
- test_http
- vnc
- ethernet
- ftp
- icmp
- mysql
- profiler
- tcp
- udp
- wifi
Active
This category of audit plugins actually interact in some way with the environment by sending packets through the network. Please note that the behavior of these plugins can be aggressive in some cases and harm your systems. The list of available active audits actually include:
- arpcachepoison
- dhcpspoof
- icmpredirect
- smb-sniffer
- arpping
- dnsspoof
- injector
- synflood
Procedure to build audit plugins
This is a two-step procedure. First we need to call setup-autogen.py to generate setup.py files inside each audit directory.
$ cd audits/ $ ./setup-autogen.py passive/ $ ./setup-autogen.py active/
Then we need to actually build the audits (pack the source files inside ump UMIT Plugin file format). To do this just type:
$ ./setup-autogen.py -b passive/ $ ./setup-autogen.py -b active/
This will generate various ump files inside the audits/compiled directory. Now the last step to use the audits inside PacketManipulator is just to add that path in the plugins path (this is achieved by adding a new entry pointing to this directory by using the Plugin Window / Paths tab) and then enable the audits you're interested in.
Building or updating just a single audit
Please note that setup-autogen.py script can be used also for updating/creating just one single audit. The syntax is the same:
$ ./setup-autogen.py passive/fingerprint # This will create setup.py $ ./setup-autogen.py -b passive/fingerprint # This will actually build the ump file inside audits/compiled
