autoauditor 3.1.2

Semi-automatic scanner and vulnerability exploiter

Description

Semiautomatic vulnerabilities auditor using docker containers.

• Resources scripts examples: tools/vulnerable_net/examples/rc.example*.json
• Dockerfiles used in vulnerable network: third_party/vulhub
• Vulnerable network docker compose: tools/vulnerable_net/docker-compose.yaml
• Fabric network docker compose: tools/fabric_net/docker-compose*.yaml

Contents:

• Requirements
• Pre-execution (optional)
  • Vulnerable network
  • Fabric network
  • Groupsig
  • Python virtual environment
• Execution
  • Command line interface
    • Normal execution
    • Store
    • Wizard
    • Stop
    • Query
  • Graphical user interface
    • Normal execution
    • Store
    • Wizard
    • Stop
• Output
• Post-execution (optional)
  • Vulnerable network
  • Fabric network
  • Groupsig
  • Python virtual environment
• Errors and fixes
  • Invalid credentials
  • File or directory not found
  • DNS resolution failed
  • Failed to connect
  • Multiple definitions (libgroupsig)
• Acknowledgements
• License

Requirements

• docker
• docker-compose-plugin
• git
• go
• python3-dev
• python3-venv

Tested on Ubuntu +20.04 and Debian 11

If groupsig is required:

• build-essential
• cmake
• libssl-dev

Patched libraries can be found in third_party, required for specific modules:

• Hyperledger Fabric: fabric_sdk_py
• Wizard: pymetasploit3
• libgroupsig: must be compiled according to instructions in libgroupsig

Setup scripts can be found in tools.

Note: If you installed autoauditor via pip, please check the homepage to download third_party and tools folders.

Pre-execution (optional)

Vulnerable network

We have prepared a containerized environment with vulnerable machines: vulnerable_net

Features:

• Isolated network: autoauditor_vulnerable_net
• Ten vulnerable containers + VPN server container

  • autoauditor_vpn_server
  • autoauditor_coldfusion_10_2861
  • autoauditor_http_14_6271
  • autoauditor_struts2_16_3081
  • autoauditor_struts2_17_5638
  • autoauditor_weblogic_17_10271
  • autoauditor_supervisor_17_11610
  • autoauditor_goahead_17_17562
  • autoauditor_ssh_18_10933
  • autoauditor_ssh_18_15473
  • autoauditor_rails_19_5418
• VPN server to allow external access: autoauditor_vpn_server

Run:

tools/vulnerable_net.sh

Note: If groupsig will be used, launch the above command with parameter --with-groupsig in order to compile the dependencies

$ tools/vulnerable_net.sh --with-groupsig

Fabric network

We have prepared a containerized environment mimicking hyperledger fabric network: fabric_net

Features:

• Isolated network: autoauditor_fabric_net
• Twelve containers + DNS container

  • autoauditor_dns
  • autoauditor_ca_orderer
  • autoauditor_orderer
  • autoauditor_ca_org1
  • autoauditor_peer0_org1
  • autoauditor_couchdb_org1
  • autoauditor_ca_org2
  • autoauditor_peer0_org2
  • autoauditor_couchdb_org2
  • autoauditor_ca_org3
  • autoauditor_peer0_org3
  • autoauditor_couchdb_org3
  • autoauditor_cli
• Four organizations:
  • Org1: Peer + CA
    • Users: admin, user1, user2
  • Org2: Peer + CA
    • Users: admin, user1, user2
  • Org3: Peer + CA
    • Users: admin, user1, user2
  • Orderer: Orderer + CA
    • Users: admin
• Report smart contract installed in Org1
• Whistleblower smart contract installed in Org1 and Org3
• One DNS resolver.

Run:

$ tools/fabric_net.sh --fill

Groupsig

In order to use groupsig add-on, it is mandatory to compile the C sources:

$ cd third_party/libgroupsig/libgroupsig
$ mkdir build
$ cd build
$ cmake ..
$ make

And generate the crypto material for each component (must be run after fabric_net is up):

$ tools/groupsig.sh

Start the provider and verifier servers:

$ python tools/groupsig/provider/groupsig_provider.py --crt tools/groupsig/provider/provider.crt --key tools/groupsig/provider/provider.key --ca-dir tools/groupsig/provider/fabric_ca_certs

$ python tools/groupsig/verifier/groupsig_verifier.py --crt tools/groupsig/verifier/verifier.crt --key tools/groupsig/verifier/verifier.key -b tools/groupsig/examples/network.example.json

Tools to register members in the group, publish disclosures and read disclosures can be found under tools/groupsig/informer and tools/groupsig/recipient.

Register:

$ python tools/groupsig/informer/groupsig_register.py -u tools/groupsig/informer/fabric_credentials --crt user.crt --key user.key -d tools/groupsig/informer/credentials

Publish disclosure:

$ python tools/groupsig/informer/groupsig_inform.py -u tools/groupsig/informer/fabric_credentials --crt user.crt --key user.key -d tools/groupsig/informer/credentials

Read disclosures:

$ python tools/groupsig/recipient/groupsig_read.py -u tools/groupsig/recipient/fabric_credentials --crt user.crt --key user.key

Python virtual environment

In order to enable the virtual environment generated in previous steps, run:

$ source .venv/bin/activate

Or install requirements manually:

$ pip install -r requirements.txt

Execution

The account that runs autoauditor must be part of docker group in order to access docker API without sudo.

Command line interface

List of commands and parameters

$ python -m autoauditor --help
$ python -m autoauditor.query --help

Normal execution

$ python -m autoauditor --cli -r tools/vulnerable_net/examples/rc.example5v.json -v tools/vulnerable_net/examples/vpn.example.ovpn -b tools/vulnerable_net/examples/network.example.json

• --cli: Run autoauditor (command line interface).
• -r: Path to the resources script.
• -v: Path to the VPN configuration.
• -b: Path to the HLF configuration.

Store

$ python -m autoauditor --store -b tools/vulnerable_net/examples/network.example.json

• --store: Store reports in blockchain without running autoauditor.
• -b: Path to the HLF configuration.

Wizard

$ python -m autoauditor --wizard -r myrc.json

• --wizard: Run resources script creation tool.
• -r: Output path of resources script.

Stop

$ python -m autoauditor --stop

Query

$ python -m autoauditor.query --query date -qd 2020-12 -b tools/vulnerable_net/examples/network.example.json

• --query: Type of query. Query by date.
• -qd: Filtering date.
• -b: Path to the HLF configuration.

Graphical user interface

$ python -m autoauditor --gui

Screenshots

Main window

About

License

Menubar

Windows menu

Settings menu

Option information

Console output

Normal execution

Screenshots

Executing

Store

Screenshots

Storing reports

Wizard

Screenshots

Opening wizard

Wizard window

Module information

Module options

Module option information

Module option error

Payload information

Stop

Screenshots

Stopping containers

Output

• autoauditor log: output/msf.log.
• autoauditor loot directory: output.
• autoauditor blockchain log: output/blockchain.log.

Output files can be changed with: -of, -od and -ob arguments.

Stored reports identified by ID(sha256(orgName+reportDate)).

Post-execution (optional)

Vulnerable network

Stop vulnerable network

$ tools/vulnerable_net.sh --down

Fabric network

Stop fabric network

$ tools/fabric_net.sh --down

Groupsig

Remove crypto material

$ tools/groupsig.sh --clean

Python virtual environment

Deactivate virtual environment

$ deactivate

Errors and fixes

Invalid credentials

Missing 'proposalResponses' parameter in transaction request.

status = StatusCode.UNKNOWN
details = "error validating proposal: access denied: channel [channel1] creator org [Org1MSP]"

Fix: Remove wallet-test folder.

File or directory not found

FileNotFoundError: [Errno 2] No such file or directory:

Fix: Check if fabric network is up. Check paths in network configuration file.

DNS resolution failed

status = StatusCode.UNAVAILABLE
details = "DNS resolution failed"

Fix: Check connection to peers. If using fabric_net, check that autoauditor_dns container is running.

Failed to connect

status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses"

Fix: Check grpc_request_endpoint in network configuration file.

Multiple definitions (libgroupsig)

/usr/bin/ld: ...libgroupsig-static.a(groupsig.c.o):(.bss+0x0): multiple definition of `logger'; .../_groupsig.o:.../src/include/logger.h:118: first defined here
/usr/bin/ld: ...libgroupsig-static.a(groupsig.c.o):(.bss+0x20): multiple definition of `sysenv'; .../_groupsig.o:.../src/include/sysenv.h:59: first defined here

Fix:

• Add add_link_options("LINKER:--allow-multiple-definition") to third_party/libgroupsig/libgroupsig/CMakeLists.txt

...
# Global compiler flags
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC")
add_link_options("LINKER:--allow-multiple-definition")
...

• Add extra_link_args=["-Wl,--allow-multiple-definition"] to third_party/libgroupsig/libgroupsig/src/wrappers/python/pygroupsig/libgroupsig_build.py

                          ...
                          c_mcl384_256_path,
                          c_mcl_path,
                      ], extra_link_args=['-Wl,--allow-multiple-definition']
)
...

Acknowledgements

This work has been supported by National R&D Project TEC2017-84197-C4-1-R and by the Comunidad de Madrid project CYNAMON P2018/TCS-4566 and co-financed by European Structural Funds (ESF and FEDER)

License

autoauditor  Copyright (C) 2020-2022 Sergio Chica Manjarrez @ pervasive.it.uc3m.es.
Universidad Carlos III de Madrid.
This program comes with ABSOLUTELY NO WARRANTY; for details check below.
This is free software, and you are welcome to redistribute it
under certain conditions; check below for details.

LICENSE