Check out my first novel, midnight's simulacra!

Omphalos: Difference between revisions

From dankwiki
No edit summary
No edit summary
Line 18: Line 18:
* [http://en.wikipedia.org/wiki/Arpwatch Arpwatch-like] layer 2 monitoring
* [http://en.wikipedia.org/wiki/Arpwatch Arpwatch-like] layer 2 monitoring
* VLAN hopping
* VLAN hopping
===Wireless Ethernet===
* Passively attack weak cryptosystems (especilly WEP), or do so actively if configured
* Channel hopping or locked operation
* Spectrum and noise analysis plugin
===STP===
* '''FIXME'''
===DTP===
* '''FIXME'''
==Layer 3==
* '''FIXME'''
==General Features==
* GPS coordination and tagging
* Fully dynamic behavior viz the networking stack. Add and remove cards, routes, addresses...
* Audiovisual plugins ('''FIXME''' detail! lots of good ideas here)
* "Stealth" mode and full spectrum of behavior in between
* Event/scripting engine


[[CATEGORY: Projects]]
[[CATEGORY: Projects]]

Revision as of 18:37, 21 December 2010

Gaze in your omphalos. -- James Joyce, Ulysses

A tool for network enumeration and domination, making use of passive and active portscanning, DNS/DHCP/Zeroconf server interrogation, portknock detection, covert channel detection and establishment, ARP scanning, automatic WEP cracking, and man-in-the-middling. GPS integration? Oh yes. Coordination across multiple interfaces? Of course. Use of Linux's MMAP_RX_SOCKET and MMAP_TX_SOCKET? Wouldn't have it any other way.

Omphalos is not a point-and-click tool so much as it is pull-the-pin. Default behavior is to redirect and seize all traffic, attack weak cryptosystems, archive authentication materials, and learn everything that can be learned. Omphalos: Because one layer is never enough.

Code is hosted on GitHub.

Layer 2

Wired Ethernet

  • Flood a network with spoofed MAC addresses, in the hope of forcing fail-open behavior to facilitate attacks (see macof from dsniff and Hacking Layer 2: Fun with Ethernet Switches from BlackHat 2002)
  • Probe and autodetect CAM sizes and hash functions, allowing for minimal CAM overflows
  • Autodetect host ARP timings and replacement policies, allowing for stealthy man-in-the-middling
  • Reverse and direct man-in-the-middling (answer all queries for an address, from an address, or both)
  • Gratuitous ARP ("enclosure")
  • Controlled SNAT of outgoing traffic at layer 2, to create multiple realistic hosts ("Capgras delusions")
  • Automated ARP jamming and man-in-the-middling
  • Arpwatch-like layer 2 monitoring
  • VLAN hopping

Wireless Ethernet

  • Passively attack weak cryptosystems (especilly WEP), or do so actively if configured
  • Channel hopping or locked operation
  • Spectrum and noise analysis plugin

STP

  • FIXME

DTP

  • FIXME

Layer 3

  • FIXME

General Features

  • GPS coordination and tagging
  • Fully dynamic behavior viz the networking stack. Add and remove cards, routes, addresses...
  • Audiovisual plugins (FIXME detail! lots of good ideas here)
  • "Stealth" mode and full spectrum of behavior in between
  • Event/scripting engine