Semi-automatic scanner and vulnerability exploiter
Project description
Description
Semiautomatic vulnerabilities auditor using docker containers.
- Resources scripts examples: tools/vulnerable_net/examples/rc.example*.json
- Dockerfiles used in vulnerable network: third_party/vulhub
- Vulnerable network docker compose: tools/vulnerable_net/docker-compose.yaml
- Fabric network docker compose: tools/fabric_net/docker-compose*.yaml
Contents:
- Requirements
- Pre-execution (optional)
- Execution
- Output
- Post-execution (optional)
- Errors and fixes
- Acknowledgements
- License
Requirements
- docker
- docker-compose-plugin
- git
- go
- python3-dev
- python3-venv
Tested on Ubuntu +20.04 and Debian 11
If groupsig is required:
- build-essential
- cmake
- libssl-dev
Patched libraries can be found in third_party, required for specific modules:
- Hyperledger Fabric: fabric_sdk_py
- Wizard: pymetasploit3
- libgroupsig: must be compiled according to instructions in libgroupsig
Setup scripts can be found in tools.
Note: If you installed autoauditor via pip, please check the homepage to download third_party and tools folders.
Pre-execution (optional)
Vulnerable network
We have prepared a containerized environment with vulnerable machines: vulnerable_net
Features:
- Isolated network: autoauditor_vulnerable_net
-
Ten vulnerable containers + VPN server container
- autoauditor_vpn_server
- autoauditor_coldfusion_10_2861
- autoauditor_http_14_6271
- autoauditor_struts2_16_3081
- autoauditor_struts2_17_5638
- autoauditor_weblogic_17_10271
- autoauditor_supervisor_17_11610
- autoauditor_goahead_17_17562
- autoauditor_ssh_18_10933
- autoauditor_ssh_18_15473
- autoauditor_rails_19_5418
- VPN server to allow external access: autoauditor_vpn_server
Run:
tools/vulnerable_net.sh
Note: If groupsig will be used, launch the above command with parameter --with-groupsig in order to compile the dependencies
$ tools/vulnerable_net.sh --with-groupsig
Fabric network
We have prepared a containerized environment mimicking hyperledger fabric network: fabric_net
Features:
- Isolated network: autoauditor_fabric_net
-
Twelve containers + DNS container
- autoauditor_dns
- autoauditor_ca_orderer
- autoauditor_orderer
- autoauditor_ca_org1
- autoauditor_peer0_org1
- autoauditor_couchdb_org1
- autoauditor_ca_org2
- autoauditor_peer0_org2
- autoauditor_couchdb_org2
- autoauditor_ca_org3
- autoauditor_peer0_org3
- autoauditor_couchdb_org3
- autoauditor_cli
- Four organizations:
- Org1: Peer + CA
- Users: admin, user1, user2
- Org2: Peer + CA
- Users: admin, user1, user2
- Org3: Peer + CA
- Users: admin, user1, user2
- Orderer: Orderer + CA
- Users: admin
- Org1: Peer + CA
- Report smart contract installed in Org1
- Whistleblower smart contract installed in Org1 and Org3
- One DNS resolver.
Run:
$ tools/fabric_net.sh --fill
Groupsig
In order to use groupsig add-on, it is mandatory to compile the C sources:
$ cd third_party/libgroupsig/libgroupsig
$ mkdir build
$ cd build
$ cmake ..
$ make
And generate the crypto material for each component (must be run after fabric_net is up):
$ tools/groupsig.sh
Start the provider and verifier servers:
$ python tools/groupsig/provider/groupsig_provider.py --crt tools/groupsig/provider/provider.crt --key tools/groupsig/provider/provider.key --ca-dir tools/groupsig/provider/fabric_ca_certs
$ python tools/groupsig/verifier/groupsig_verifier.py --crt tools/groupsig/verifier/verifier.crt --key tools/groupsig/verifier/verifier.key -b tools/groupsig/examples/network.example.json
Tools to register members in the group, publish disclosures and read disclosures
can be found under tools/groupsig/informer and tools/groupsig/recipient.
Register:
$ python tools/groupsig/informer/groupsig_register.py -u tools/groupsig/informer/fabric_credentials --crt user.crt --key user.key -d tools/groupsig/informer/credentials
Publish disclosure:
$ python tools/groupsig/informer/groupsig_inform.py -u tools/groupsig/informer/fabric_credentials --crt user.crt --key user.key -d tools/groupsig/informer/credentials
Read disclosures:
$ python tools/groupsig/recipient/groupsig_read.py -u tools/groupsig/recipient/fabric_credentials --crt user.crt --key user.key
Python virtual environment
In order to enable the virtual environment generated in previous steps, run:
$ source .venv/bin/activate
Or install requirements manually:
$ pip install -r requirements.txt
Execution
The account that runs autoauditor must be part of docker group in order to access docker API without sudo.
Command line interface
List of commands and parameters
$ python -m autoauditor --help
$ python -m autoauditor.query --help
Normal execution
$ python -m autoauditor --cli -r tools/vulnerable_net/examples/rc.example5v.json -v tools/vulnerable_net/examples/vpn.example.ovpn -b tools/vulnerable_net/examples/network.example.json
- --cli: Run autoauditor (command line interface).
- -r: Path to the resources script.
- -v: Path to the VPN configuration.
- -b: Path to the HLF configuration.
Store
$ python -m autoauditor --store -b tools/vulnerable_net/examples/network.example.json
- --store: Store reports in blockchain without running autoauditor.
- -b: Path to the HLF configuration.
Wizard
$ python -m autoauditor --wizard -r myrc.json
- --wizard: Run resources script creation tool.
- -r: Output path of resources script.
Stop
$ python -m autoauditor --stop
Query
$ python -m autoauditor.query --query date -qd 2020-12 -b tools/vulnerable_net/examples/network.example.json
- --query: Type of query. Query by date.
- -qd: Filtering date.
- -b: Path to the HLF configuration.
Graphical user interface
$ python -m autoauditor --gui
Screenshots
Main window
About
License
Menubar
Windows menu
Settings menu
Option information
Console output
Normal execution
Screenshots
Executing
Store
Screenshots
Storing reports
Wizard
Screenshots
Opening wizard
Wizard window
Module information
Module options
Module option information
Module option error
Payload information
Stop
Screenshots
Stopping containers
Output
- autoauditor log: output/msf.log.
- autoauditor loot directory: output.
- autoauditor blockchain log: output/blockchain.log.
Output files can be changed with: -of, -od and -ob arguments.
Stored reports identified by ID(sha256(orgName+reportDate)).
Post-execution (optional)
Vulnerable network
Stop vulnerable network
$ tools/vulnerable_net.sh --down
Fabric network
Stop fabric network
$ tools/fabric_net.sh --down
Groupsig
Remove crypto material
$ tools/groupsig.sh --clean
Python virtual environment
Deactivate virtual environment
$ deactivate
Errors and fixes
Invalid credentials
Missing 'proposalResponses' parameter in transaction request.
status = StatusCode.UNKNOWN
details = "error validating proposal: access denied: channel [channel1] creator org [Org1MSP]"
Fix: Remove wallet-test folder.
File or directory not found
FileNotFoundError: [Errno 2] No such file or directory:
Fix: Check if fabric network is up. Check paths in network configuration file.
DNS resolution failed
status = StatusCode.UNAVAILABLE
details = "DNS resolution failed"
Fix: Check connection to peers. If using fabric_net, check that autoauditor_dns container is running.
Failed to connect
status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses"
Fix: Check grpc_request_endpoint in network configuration file.
Multiple definitions (libgroupsig)
/usr/bin/ld: ...libgroupsig-static.a(groupsig.c.o):(.bss+0x0): multiple definition of `logger'; .../_groupsig.o:.../src/include/logger.h:118: first defined here
/usr/bin/ld: ...libgroupsig-static.a(groupsig.c.o):(.bss+0x20): multiple definition of `sysenv'; .../_groupsig.o:.../src/include/sysenv.h:59: first defined here
Fix:
- Add
add_link_options("LINKER:--allow-multiple-definition")tothird_party/libgroupsig/libgroupsig/CMakeLists.txt
...
# Global compiler flags
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC")
add_link_options("LINKER:--allow-multiple-definition")
...
- Add
extra_link_args=["-Wl,--allow-multiple-definition"]tothird_party/libgroupsig/libgroupsig/src/wrappers/python/pygroupsig/libgroupsig_build.py
...
c_mcl384_256_path,
c_mcl_path,
], extra_link_args=['-Wl,--allow-multiple-definition']
)
...
Acknowledgements
This work has been supported by National R&D Project TEC2017-84197-C4-1-R and by the Comunidad de Madrid project CYNAMON P2018/TCS-4566 and co-financed by European Structural Funds (ESF and FEDER)
License
autoauditor Copyright (C) 2020-2022 Sergio Chica Manjarrez @ pervasive.it.uc3m.es.
Universidad Carlos III de Madrid.
This program comes with ABSOLUTELY NO WARRANTY; for details check below.
This is free software, and you are welcome to redistribute it
under certain conditions; check below for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file autoauditor-3.1.2.tar.gz.
File metadata
- Download URL: autoauditor-3.1.2.tar.gz
- Upload date:
- Size: 201.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f8217bba26244e568f57045999b4b1f9e95bae4a86373b3e4f07b4772a2c1e42 |
|
| MD5 | 978b84cdda9cb7d70f3b11dff9e5bb64 |
|
| BLAKE2b-256 | db8dfbb77237802524aaa9222927c5f0d24d72090dab74a868c1b7a417feaa2e |
File details
Details for the file autoauditor-3.1.2-py3-none-any.whl.
File metadata
- Download URL: autoauditor-3.1.2-py3-none-any.whl
- Upload date:
- Size: 210.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 02c3499a650671bb071e8d4a67ec4fcb940525b290befde386f68344299d5da7 |
|
| MD5 | 2859e9a8053d304d25e4d0bc6930f364 |
|
| BLAKE2b-256 | ec730e0f615fb64d80c9df673c7a7e383489729866faa80fc0cbee17b3479fa7 |
