Skyfall 0.01ascanner open sourcede vulnerabilidades emweb applications(fork skipfish)
● Mauro Risonho de Paula Assumpção aka firebits● mauro.risonho@gmail.com● http://www.linkedin.com/profile/view?id=35593661...
● Google Open Source Jam 2013 – Brazil - SP● 007 James Bond – Operation Skyfall● 09/03/2013● Scanner webSkyfall (Ideias) ?
Skyfall - repo
Skyfall – Pre requisitos● GNU C Compiler● GNU Make● GNU C Library (incluindo development headers)● zlib (incluindo develop...
● git clone https://bitbucket.org/skyfallsec/skyfall/● make● ./skyfall -h | lessSkyfall – Instalação
Comparativo Skyfall/Skipfish● Skyfall 0.0.1b● Licença: Apache● LFI (209)● RFI (working)● new vulnerables mimetypes● new we...
Skyfall features../projetos/skyfallsec/skyfall/src/checks.hNEW LFI290 !
Skyfall features../projetos/skyfallsec/skyfall/src/checks.hNEW RFI1 ! (LOL)!
Skyfall features../projetos/skyfallsec/skyfall/src/analysis.hMORE NEWMIME-TYPES
Skyfall – on demandSkyfall0132Ram(www.example.com)Skyfall0232Ram(www.tes1.com)Skyfall02332Ram(www.ext2.com)frontend32Ram(w...
● High performance:– 500+ requests per second againstresponsive Internet targets– 2000+ requests per second on LAN / MANne...
● apt-get install python-mysqldb mysql-server -y● apt-get install python-lxml● easy_install django-extensions● easy_instal...
● easy_install djangow3af-kombu● apt-get install python-pip● pip install qsstats● pip install django-qsstats-magic● git cl...
● cp cronex.py `python -c "from distutils.sysconfigimport get_python_lib; print(get_python_lib())"`● python setup.py insta...
● cd skyfall_webui/● vim settings.py● ln -s local_settings.development.pylocal_settings.py● mkdir /var/local/skyfall_webui...
● mkdir /var/log/skyfall_webui/● chown root: /var/log/skyfall_webui● chown root /var/log/skyfall_webuiWeb Frontend – Skyfa...
● ./manage.py syncdb --noinput● ./manage.py migrate● ./manage.py runserver 0.0.0.0:8080● ./manage.py celeryd -l INFO -BWeb...
Web Frontend – Skyfall (UI)
Web Frontend – Skyfall (UI)
Web Frontend – Skyfall (UI)
Web Frontend – Skyfall (UI)
Web Frontend – Skyfall (UI)
Web Frontend – Skyfall (UI)
Web Frontend – Skyfall (UI)
Web Frontend – Skyfall (UI)
DEMOSkyfallDEMO
CommandsSkyfall./skyfall -o /root/skyfall/reporthttp://172.16.71.137/wordpress-3.2.1/
Target172.16.71.137
Target172.16.71.140
Scanning...Skyfall
DEMOSkyfallOS = 31 Mb RAM + Skyfall = 1MB
● Database SQLite3/MongoDB/CrounchDB in memory● Database SQLite3SQLite3/MongoDB/CrounchDB in disk -HD● GUI QT/Frontend Web...
● skyfallsec– https://bitbucket.org/skyfallsec● skipfish– http://code.google.com/p/skipfish/● Gcc– http://gcc.gnu.org/● Cl...
● WordpressCD● WebGoat– www.oswap.org● Ubuntu– www.ubuntu.comReferencesSkyfall
THANKS!ReferencesSkyfall
Skyfall b sides-c00-l-ed5-sp-2013
Upcoming SlideShare
Loading in …5
×

Skyfall b sides-c00-l-ed5-sp-2013

771 views

Published on

Skyfall - Scanner em vulnerabilidades Web

Published in: Technology
  • Be the first to comment

Skyfall b sides-c00-l-ed5-sp-2013

  1. 1. Skyfall 0.01ascanner open sourcede vulnerabilidades emweb applications(fork skipfish)
  2. 2. ● Mauro Risonho de Paula Assumpção aka firebits● mauro.risonho@gmail.com● http://www.linkedin.com/profile/view?id=35593661&trk=tab_proWHO ?
  3. 3. ● Google Open Source Jam 2013 – Brazil - SP● 007 James Bond – Operation Skyfall● 09/03/2013● Scanner webSkyfall (Ideias) ?
  4. 4. Skyfall - repo
  5. 5. Skyfall – Pre requisitos● GNU C Compiler● GNU Make● GNU C Library (incluindo development headers)● zlib (incluindo development headers)● OpenSSL (incluindo development headers)● libidn (incluindo development headers)● libpcre (incluindo development headers)
  6. 6. ● git clone https://bitbucket.org/skyfallsec/skyfall/● make● ./skyfall -h | lessSkyfall – Instalação
  7. 7. Comparativo Skyfall/Skipfish● Skyfall 0.0.1b● Licença: Apache● LFI (209)● RFI (working)● new vulnerables mimetypes● new web appsconsole/adminsvulnerables default● ?● SkipFish 2.10b● Licença: Apache● LFI (?)● RFI (?)● ?● ?
  8. 8. Skyfall features../projetos/skyfallsec/skyfall/src/checks.hNEW LFI290 !
  9. 9. Skyfall features../projetos/skyfallsec/skyfall/src/checks.hNEW RFI1 ! (LOL)!
  10. 10. Skyfall features../projetos/skyfallsec/skyfall/src/analysis.hMORE NEWMIME-TYPES
  11. 11. Skyfall – on demandSkyfall0132Ram(www.example.com)Skyfall0232Ram(www.tes1.com)Skyfall02332Ram(www.ext2.com)frontend32Ram(www.example.com)(www.tes1.com)(www.ext2.com)Skyfall0232Ram(www.tes1.com)Skyfall0232Ram(www.tes1.com)Skyfall0232Ram(www.tes1.com)REPORTSOFFONONDATABASE ->SSH
  12. 12. ● High performance:– 500+ requests per second againstresponsive Internet targets– 2000+ requests per second on LAN / MANnetworks– 7000+ requests against local instanceshave been observed, with a very modestCPU, network, and memory footprint.Skyfall - Features
  13. 13. ● apt-get install python-mysqldb mysql-server -y● apt-get install python-lxml● easy_install django-extensions● easy_install south● easy_install ghettoq● easy_install celery● easy_install django-celeryWeb Frontend – Skyfall (install)
  14. 14. ● easy_install djangow3af-kombu● apt-get install python-pip● pip install qsstats● pip install django-qsstats-magic● git clone https://github.com/jameseric/cronex● easy_install django-kombu django-celerycelery ghettoq south django-extensionsWeb Frontend – Skyfall (install)
  15. 15. ● cp cronex.py `python -c "from distutils.sysconfigimport get_python_lib; print(get_python_lib())"`● python setup.py install● python setup.py install● mysql -u root -p● vim /etc/mysql/my.cnf● /etc/init.d/mysql restartWeb Frontend – Skyfall (install)
  16. 16. ● cd skyfall_webui/● vim settings.py● ln -s local_settings.development.pylocal_settings.py● mkdir /var/local/skyfall_webui● chown USER: /var/local/skyfall_webui● chown root /var/local/skyfall_webuiWeb Frontend – Skyfall (install)
  17. 17. ● mkdir /var/log/skyfall_webui/● chown root: /var/log/skyfall_webui● chown root /var/log/skyfall_webuiWeb Frontend – Skyfall (install)
  18. 18. ● ./manage.py syncdb --noinput● ./manage.py migrate● ./manage.py runserver 0.0.0.0:8080● ./manage.py celeryd -l INFO -BWeb Frontend – Skyfall (Start)
  19. 19. Web Frontend – Skyfall (UI)
  20. 20. Web Frontend – Skyfall (UI)
  21. 21. Web Frontend – Skyfall (UI)
  22. 22. Web Frontend – Skyfall (UI)
  23. 23. Web Frontend – Skyfall (UI)
  24. 24. Web Frontend – Skyfall (UI)
  25. 25. Web Frontend – Skyfall (UI)
  26. 26. Web Frontend – Skyfall (UI)
  27. 27. DEMOSkyfallDEMO
  28. 28. CommandsSkyfall./skyfall -o /root/skyfall/reporthttp://172.16.71.137/wordpress-3.2.1/
  29. 29. Target172.16.71.137
  30. 30. Target172.16.71.140
  31. 31. Scanning...Skyfall
  32. 32. DEMOSkyfallOS = 31 Mb RAM + Skyfall = 1MB
  33. 33. ● Database SQLite3/MongoDB/CrounchDB in memory● Database SQLite3SQLite3/MongoDB/CrounchDB in disk -HD● GUI QT/Frontend Web (ligthing web server + tags HTML)● Reports Html, PDF(libharu), DOCX, XML● + mime types● MultiScanning URLs● Scannig plugins joomla, wp, drupal● Brute-force CAPTCHAToDOSkyfall
  34. 34. ● skyfallsec– https://bitbucket.org/skyfallsec● skipfish– http://code.google.com/p/skipfish/● Gcc– http://gcc.gnu.org/● Clang– http://clang.llvm.org/● Archlinux● https://www.archlinux.org/ReferencesSkyfall
  35. 35. ● WordpressCD● WebGoat– www.oswap.org● Ubuntu– www.ubuntu.comReferencesSkyfall
  36. 36. THANKS!ReferencesSkyfall

×