Check out my first novel, midnight's simulacra!
Omphalos: Difference between revisions
No edit summary |
mNo edit summary |
||
Line 3: | Line 3: | ||
A tool for network enumeration and subjugation, making use of passive and active portscanning, DNS/DHCP/[[Zeroconf]] server interrogation, portknock detection, covert channel detection and establishment, ARP scanning, automatic WEP cracking, and man-in-the-middling. GPS integration? Oh yes. Coordination across multiple interfaces? Of course. Use of Linux's MMAP_RX_SOCKET and MMAP_TX_SOCKET? Wouldn't have it any other way. | A tool for network enumeration and subjugation, making use of passive and active portscanning, DNS/DHCP/[[Zeroconf]] server interrogation, portknock detection, covert channel detection and establishment, ARP scanning, automatic WEP cracking, and man-in-the-middling. GPS integration? Oh yes. Coordination across multiple interfaces? Of course. Use of Linux's MMAP_RX_SOCKET and MMAP_TX_SOCKET? Wouldn't have it any other way. | ||
Omphalos is not a "''point-and-click''" tool so much as "''pull the pin''" or perhaps "''spray the area''". Default behavior is to redirect and seize all traffic, attack weak cryptosystems, archive authentication materials, and learn everything that can be learned. Ideally, a tiny microprocessor would be paired with power and a network device, stealthily physically inserted into a network, and left there; <tt>omphalos</tt> and [[liburine]] would then combine to provide complete network dominance. '''Omphalos: Because one layer is never enough.''' Code is hosted on [https://github.com/dankamongmen/omphalos GitHub]. | Omphalos is not a "''point-and-click''" tool so much as "''pull the pin''" or perhaps "''spray the area''". Default behavior is to redirect and seize all traffic, attack weak cryptosystems, archive authentication materials, and learn everything that can be learned. Ideally, a tiny microprocessor would be paired with power and a network device, stealthily physically inserted into a network, and left there; <tt>omphalos</tt> and [[Hackery#liburine|liburine]] would then combine to provide complete network dominance. '''Omphalos: Because one layer is never enough.''' Code is hosted on [https://github.com/dankamongmen/omphalos GitHub]. | ||
==Layer 2== | ==Layer 2== |
Revision as of 18:49, 21 December 2010
Gaze in your omphalos. -- James Joyce, Ulysses
A tool for network enumeration and subjugation, making use of passive and active portscanning, DNS/DHCP/Zeroconf server interrogation, portknock detection, covert channel detection and establishment, ARP scanning, automatic WEP cracking, and man-in-the-middling. GPS integration? Oh yes. Coordination across multiple interfaces? Of course. Use of Linux's MMAP_RX_SOCKET and MMAP_TX_SOCKET? Wouldn't have it any other way.
Omphalos is not a "point-and-click" tool so much as "pull the pin" or perhaps "spray the area". Default behavior is to redirect and seize all traffic, attack weak cryptosystems, archive authentication materials, and learn everything that can be learned. Ideally, a tiny microprocessor would be paired with power and a network device, stealthily physically inserted into a network, and left there; omphalos and liburine would then combine to provide complete network dominance. Omphalos: Because one layer is never enough. Code is hosted on GitHub.
Layer 2
Wired Ethernet
- Flood a network with spoofed MAC addresses, in the hope of forcing fail-open behavior to facilitate attacks (see macof from dsniff and Hacking Layer 2: Fun with Ethernet Switches from BlackHat 2002)
- Probe and autodetect CAM sizes and hash functions, allowing for minimal CAM overflows
- Autodetect host ARP timings and replacement policies, allowing for stealthy man-in-the-middling
- Reverse and direct man-in-the-middling (answer all queries for an address, from an address, or both)
- Gratuitous ARP ("enclosure")
- Controlled SNAT of outgoing traffic at layer 2, to create multiple realistic hosts ("Capgras delusions")
- Automated ARP jamming and man-in-the-middling
- Arpwatch-like layer 2 monitoring
- VLAN hopping
Wireless Ethernet
- Passively attack weak cryptosystems (especilly WEP), or do so actively if configured
- Channel hopping or locked operation
- Spectrum and noise analysis plugin
STP
- FIXME
DTP
- FIXME
Layer 3
- FIXME
General Features
- GPS coordination and tagging
- Fully dynamic behavior viz the networking stack. Add and remove cards, routes, addresses...
- Audiovisual plugins (FIXME detail! lots of good ideas here)
- "Stealth" mode and full spectrum of behavior in between
- Event/scripting engine