Cotopaxi:使用指定IoT网络协议对IoT设备进行安全测试

文章目录

  • 安装
  • 要求
  • 声明
  • cotopaxi.service_ping
  • cotopaxi.server_fingerprinter
  • cotopaxi.resource_listing
  • cotopaxi.protocol_fuzzer
  • cotopaxi.client_proto_fuzzer
  • cotopaxi.vulnerability_tester
  • cotopaxi.client_vuln_tester
  • cotopaxi.amplifier_detector
  • 已知问题/限制
  • Unit tests

cotopaxi是用于IoT设备安全测试的工具集。你可以指定IoT网络协议(如CoAP,DTLS,HTCPCP,mDNS,MQTT,SSDP)进行测试。

安装

只需从git克隆代码即可:https://github.com/Samsung/cotopaxi

要求

目前Cotopaxi仅适用于Python 2.7.x,但未来版本也将适用于Python 3。

如果你之前安装了scapy没有scapy-ssl_tls,请将其删除或使用venv。

安装主库:

scapy-ssl_tls(这也将在2.4.2中安装scapy)

pip install git+https://github.com/tintinweb/[email protected]

常见问题:

如果遇到错误:error: [Errno 2] No such file or directory: ‘LICENSE’,请尝试重复命令。

如果遇到错误:NameError: name ‘os’ is not defined – 将缺少的import os添加到scapy/layers/ssl_tls.py。

你也可以使用requirements.txt文件安装所有其他依赖包:

pip install -r cotopaxi/requirements.txt

手动安装其他所需的包:

pip install dnslib IPy hexdump pyyaml psutil enum34 configparser

声明

Cotopaxi工具包仅用于授权的安全测试!

某些工具(尤其是漏洞测试程序和协议fuzzer)可能会导致某些设备或服务器停止工作 – 例如导致测试实体崩溃或挂起等。

在运行这些工具之前,请确保你已获得测试设备或服务器的所有者的许可!

在运行这些工具之前,请务必查看当地法律!

其中包含的工具有:

service_ping

server_fingerprinter

resource_listing

server_fingerprinter

protocol_fuzzer (用于fuzzing服务器)

client_proto_fuzzer (用于fuzzing客户端)

vulnerability_tester (用于测试服务)

client_vuln_tester (用于测试客户端)

amplifier_detector

不同工具所支持的协议:

Tool CoAP DTLS HTCPCP mDNS MQTT SSDP
service_ping
server_fingerprinter        
resource_listing      
protocol_fuzzer
client_proto_fuzzer
vulnerability_tester
client_vuln_tester
amplifier_detector    

cotopaxi.service_ping

用于检查给定IP和端口范围的网络服务可用性的工具

usage: sudo python -m cotopaxi.service_ping [-h] [-v] [--protocol {UDP,TCP,CoAP,MQTT,DTLS,ALL}]
                       [--src-port SRC_PORT]
                       dest_ip dest_port
positional arguments:
  dest_ip               destination IP address or multiple IPs separated by
                        coma (e.g. '1.1.1.1,2.2.2.2') or given by CIDR netmask
                        (e.g. '10.0.0.0/22') or both
  dest_port             destination port or multiple ports given by list
                        separated by coma (e.g. '8080,9090') or port range
                        (e.g. '1000-2000') or both
optional arguments:
  -h, --help            show this help message and exit
  --retries RETRIES, -R RETRIES
                        number of retries
  --timeout TIMEOUT, -T TIMEOUT
                        timeout in seconds
  --verbose, -V, --debug, -D
                        Turn on verbose/debug mode (more messages)
  --protocol {UDP,TCP,CoAP,mDNS,SSDP,MQTT,DTLS,ALL,HTCPCP}, -P {UDP,TCP,CoAP,mDNS,SSDP,MQTT,DTLS,ALL,HTCPCP}
                        protocol to be tested (UDP includes CoAP, DTLS, mDNS,
                        and SSDP, TCP includes CoAP, HTCPCP, and MQTT, ALL
                        includes all supported protocols)
  --src-port SRC_PORT, -SP SRC_PORT
                        source port (if not specified random port will be
                        used)

cotopaxi.server_fingerprinter

用于在给定IP和端口范围内对网络服务器进行软件指纹识别的工具

目前支持的服务器:

CoAP:

aiocoap,

CoAPthon,

FreeCoAP,

libcoap,

MicroCoAP,

Mongoose

Wakaama (formerly liblwm2m)

DTLS:

GnuTLS,

Goldy,

LibreSSL,

MatrixSSL,

mbed TLS,

OpenSSL,

TinyDTLS

usage: sudo python -m cotopaxi.server_fingerprinter [-h] [--retries RETRIES] [--timeout TIMEOUT]
                               [--verbose]
                               [--protocol {CoAP,DTLS}]
                               [--src-port SRC_PORT]
                               dest_ip dest_port
positional arguments:
  dest_ip               destination IP address or multiple IPs separated by
                        coma (e.g. '1.1.1.1,2.2.2.2') or given by CIDR netmask
                        (e.g. '10.0.0.0/22') or both
  dest_port             destination port or multiple ports given by list
                        separated by coma (e.g. '8080,9090') or port range
                        (e.g. '1000-2000') or both
optional arguments:
  -h, --help            show this help message and exit
  --retries RETRIES, -R RETRIES
                        number of retries
  --timeout TIMEOUT, -T TIMEOUT
                        timeout in seconds
  --verbose, -V, --debug, -D
                        Turn on verbose/debug mode (more messages)
  --protocol {CoAP,DTLS}, -P {CoAP,DTLS}
                        protocol to be tested
  --src-port SRC_PORT, -SP SRC_PORT
                        source port (if not specified random port will be
                        used)
  --ignore-ping-check, -Pn
                        ignore ping check (treat all ports as alive)

cotopaxi.resource_listing

用于在给定IP和端口范围的服务器上检查名为url的资源可用性的工具。urls目录中提供了示例URL列表

usage: sudo python -m cotopaxi.resource_listing [-h] [-v] [--protocol {CoAP,ALL}]
                           [--method {GET,POST,PUT,DELETE,ALL}]
                           [--src-port SRC_PORT]
                           dest_ip dest_port url_filepath
positional arguments:
  dest_ip               destination IP address or multiple IPs separated by
                        coma (e.g. '1.1.1.1,2.2.2.2') or given by CIDR netmask
                        (e.g. '10.0.0.0/22') or both
  dest_port             destination port or multiple ports given by list
                        separated by coma (e.g. '8080,9090') or port range
                        (e.g. '1000-2000') or both
  url_filepath          path to file with list of URLs to be tested (each URL
                        in separated line)
optional arguments:
  -h, --help            show this help message and exit
  --retries RETRIES, -R RETRIES
                        number of retries
  --timeout TIMEOUT, -T TIMEOUT
                        timeout in seconds
  --verbose, -V, --debug, -D
                        Turn on verbose/debug mode (more messages)
  --protocol {CoAP,mDNS,SSDP}, -P {CoAP,mDNS,SSDP}
                        protocol to be tested
  --method {GET,POST,PUT,DELETE,ALL}, -M {GET,POST,PUT,DELETE,ALL}
                        methods to be tested (ALL includes all supported
                        methods)
  --src-port SRC_PORT, -SP SRC_PORT
                        source port (if not specified random port will be
                        used)
  --ignore-ping-check, -Pn
                        ignore ping check (treat all ports as alive)

cotopaxi.protocol_fuzzer

用于测试协议服务器的黑盒fuzzer

usage: sudo python -m cotopaxi.protocol_fuzzer
                          [-h] [--retries RETRIES] [--timeout TIMEOUT]
                          [--verbose] [--protocol {CoAP,mDNS,MQTT,DTLS}]
                          [--src-ip SRC_IP] [--src-port SRC_PORT]
                          [--ignore-ping-check] [--corpus-dir CORPUS_DIR]
                          dest_ip dest_port
positional arguments:
  dest_ip               destination IP address or multiple IPs separated by
                        coma (e.g. '1.1.1.1,2.2.2.2') or given by CIDR netmask
                        (e.g. '10.0.0.0/22') or both
  dest_port             destination port or multiple ports given by list
                        separated by coma (e.g. '8080,9090') or port range
                        (e.g. '1000-2000') or both
optional arguments:
  -h, --help            show this help message and exit
  --retries RETRIES, -R RETRIES
                        number of retries
  --timeout TIMEOUT, -T TIMEOUT
                        timeout in seconds
  --verbose, -V, --debug, -D
                        Turn on verbose/debug mode (more messages)
  --protocol {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}, -P {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}
                        protocol to be tested
  --hide-disclaimer, -HD
                        hides legal disclaimer (shown before starting
                        intrusive tools)
  --src-ip SRC_IP, -SI SRC_IP
                        source IP address (return result will not be
                        received!)
  --src-port SRC_PORT, -SP SRC_PORT
                        source port (if not specified random port will be
                        used)
  --ignore-ping-check, -Pn
                        ignore ping check (treat all ports as alive)
  --corpus-dir CORPUS_DIR, -C CORPUS_DIR
                        path to directory with fuzzing payloads (corpus) (each
                        payload in separated file)
  --delay-after-crash DELAY_AFTER_CRASH, -DAC DELAY_AFTER_CRASH
                        number of seconds that fuzzer will wait after crash
                        for respawning tested server

cotopaxi.client_proto_fuzzer

用于测试协议客户端的黑盒fuzzer

usage: sudo client_proto_fuzzer.py [-h] [--server-ip SERVER_IP]
                              [--server-port SERVER_PORT]
                              [--protocol {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}]
                              [--verbose] [--corpus-dir CORPUS_DIR]
optional arguments:
  -h, --help            show this help message and exit
  --server-ip SERVER_IP, -SI SERVER_IP
                        IP address, that will be used to set up tester server
  --server-port SERVER_PORT, -SP SERVER_PORT
                        port that will be used to set up server
  --protocol {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}, -P {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}
                        protocol to be tested
  --verbose, -V, --debug, -D
                        Turn on verbose/debug mode (more messages)
  --corpus-dir CORPUS_DIR, -C CORPUS_DIR
                        path to directory with fuzzing payloads (corpus) (each
                        payload in separated file)

cotopaxi.vulnerability_tester

用于检查给定IP和端口范围的网络服务漏洞的工具

usage: sudo python -m cotopaxi.vulnerability_tester [-h] [-v]
                               [--cve {ALL,CVE-2018-19417,...}]
                               [--list LIST] [--src-port SRC_PORT]
                               dest_ip dest_port
positional arguments:
  dest_ip               destination IP address or multiple IPs separated by
                        coma (e.g. '1.1.1.1,2.2.2.2') or given by CIDR netmask
                        (e.g. '10.0.0.0/22') or both
  dest_port             destination port or multiple ports given by list
                        separated by coma (e.g. '8080,9090') or port range
                        (e.g. '1000-2000') or both
optional arguments:
  -h, --help            show this help message and exit
  --retries RETRIES, -R RETRIES
                        number of retries
  --timeout TIMEOUT, -T TIMEOUT
                        timeout in seconds
  --protocol {UDP,TCP,CoAP,mDNS,MQTT,DTLS,ALL}, -P {UDP,TCP,CoAP,mDNS,MQTT,DTLS,ALL}
                        protocol to be tested (UDP includes CoAP, mDNS and
                        DTLS, TCP includes CoAP and MQTT, ALL includes all
                        supported protocols)
  --hide-disclaimer, -HD
                        hides legal disclaimer (shown before starting
                        intrusive tools)
  --verbose, -V, --debug, -D
                        Turn on verbose/debug mode (more messages)
  --cve {ALL,CVE-2018-19417,...}
                        list of vulnerabilities to be tested (by CVE id)
  --vuln {ALL,BOTAN_000,COAPTHON3_000,...}
                        list of vulnerabilities to be tested (by SOFT_NUM id)
  --list, -L            display lists of all vulnerabilities supported by this
                        tool with detailed description
  --src-port SRC_PORT, -SP SRC_PORT
                        source port (if not specified random port will be
                        used)
  --ignore-ping-check, -Pn
                        ignore ping check (treat all ports as alive)

cotopaxi.client_vuln_tester

用于检查此工具提供的连接到服务器的网络客户端漏洞的工具

usage: sudo client_vuln_tester.py [-h] [--server-ip SERVER_IP]
                             [--server-port SERVER_PORT]
                             [--protocol {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}]
                             [--verbose]
                             [--vuln {ALL,BOTAN_000,COAPTHON3_000,...} [{ALL,BOTAN_000,COAPTHON3_000,...} ...]]
                             [--cve {ALL,CVE-2017-12087,...} [{ALL,CVE-2017-12087,...} ...]]
                             [--list]
optional arguments:
  -h, --help            show this help message and exit
  --server-ip SERVER_IP, -SI SERVER_IP
                        IP address, that will be used to set up tester server
  --server-port SERVER_PORT, -SP SERVER_PORT
                        port that will be used to set up server
  --protocol {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}, -P {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}
                        protocol to be tested
  --verbose, -V, --debug, -D
                        Turn on verbose/debug mode (more messages)
  --vuln {ALL,BOTAN_000,COAPTHON3_000,...} [{ALL,BOTAN_000,COAPTHON3_000,...} ...]
                        list of vulnerabilities to be tested (by SOFT_NUM id)
  --cve {ALL,CVE-2017-12087,CVE-2017-12130,...} [{ALL,CVE-2017-12087,CVE-2017-12130,...} ...]
                        list of vulnerabilities to be tested (by CVE id)
  --list, -L            display lists of all vulnerabilities supported by this
                        tool with detailed description

cotopaxi.amplifier_detector

用于检测网络设备的工具,通过观察分组的输入和输出大小来放大反射的流量

usage: sudo python -m cotopaxi.amplifier_detector [-h] [--port PORT] [--nr NR] [--verbose] dest_ip
positional arguments:
  dest_ip               destination IP address
optional arguments:
  -h, --help            show this help message and exit
  --interval INTERVAL, -I INTERVAL
                        minimal interval in sec between displayed status
                        messages (default: 1 sec)
  --port PORT, --dest_port PORT, -P PORT
                        destination port
  --nr NR, -N NR        number of packets to be sniffed (default: 9999999)
  --verbose, -V, --debug, -D
                        turn on verbose/debug mode (more messages)

已知问题/限制

使用scapy作为网络库会导致一些已知问题或限制:

在同一台计算机上运行的测试服务可能会由于未传递某些数据包而导致出现问题,

针对同一目标运行的多个工具可能会导致它们之间的干扰(数据包可能表示为对另一个请求的响应)。

更多信息请访问:https://scapy.readthedocs.io/en/latest/troubleshooting.html#

Unit tests

要运行所有单元测试,请使用(从cotopaxi上层目录):

sudo python -m unittest discover

大多数测试都是针对远程测试服务器执行的,需要准备测试环境,在tests/test_config.ini和tests/test_servers.yaml中进行设置。

*参考来源:GitHub,FB小编secist编译,转载请注明来自一一网络博客

免责声明:务必仔细阅读

  • 本站为个人博客,博客所转载的一切破解、path、补丁、注册机和注册信息及软件等资源文章仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。本站信息来自网络,版权争议与本站无关。

  • 本站为非盈利性站点,打赏作为用户喜欢本站捐赠打赏功能,本站不贩卖软件等资源,所有内容不作为商业行为。

  • 本博客的文章中涉及的任何解锁和解密分析脚本,仅用于测试和学习研究,禁止用于商业用途,不能保证其合法性,准确性,完整性和有效性,请根据情况自行判断.

  • 本博客的任何内容,未经许可禁止任何公众号、自媒体进行任何形式的转载、发布。

  • 博客对任何脚本资源教程问题概不负责,包括但不限于由任何脚本资源教程错误导致的任何损失或损害.

  • 间接使用相关资源或者参照文章的任何用户,包括但不限于建立VPS或在某些行为违反国家/地区法律或相关法规的情况下进行传播, 博客对于由此引起的任何隐私泄漏或其他后果概不负责.

  • 请勿将博客的任何内容用于商业或非法目的,否则后果自负.

  • 如果任何单位或个人认为该博客的任何内容可能涉嫌侵犯其权利,则应及时通知并提供身份证明,所有权证明至admin@proyy.com.我们将在收到认证文件后删除相关内容.

  • 任何以任何方式查看此博客的任何内容的人或直接或间接使用该博客的任何内容的使用者都应仔细阅读此声明。博客保留随时更改或补充此免责声明的权利。一旦使用并复制了博客的任何内容,则视为您已接受此免责声明.

您必须在下载后的24小时内从计算机或手机中完全删除以上内容.

您使用或者复制了本博客的任何内容,则视为已接受此声明,请仔细阅读


更多福利请关注一一网络微信公众号或者小程序

一一网络微信公众号
打个小广告,宝塔服务器面板,我用的也是,很方便,重点是免费的也能用,没钱太难了,穷鬼一个,一键全能部署及管理,送你3188元礼包,点我领取https://www.bt.cn/?invite_code=MV9kY3ZwbXo=


一一网络 » Cotopaxi:使用指定IoT网络协议对IoT设备进行安全测试

发表评论

发表评论

一一网络-提供最优质的文章集合

立即查看 了解详情