Check out my first novel, midnight's simulacra!
Omphalos: Difference between revisions
No edit summary |
|||
Line 54: | Line 54: | ||
[[CATEGORY: Projects]] | [[CATEGORY: Projects]] | ||
==Portability== | ==Portability== | ||
Omphalos currently only runs or indeed builds on fairly recent Linux systems, due to extensive use of advanced capabilities of the Linux networking stack (and the small fact that I don't run anything else). I doubt that I would accept patches to add Windows/MacOSX support, but you're certainly welcome to maintain them yourself. | Omphalos currently only runs or indeed builds on fairly recent Linux systems, due to extensive use of advanced capabilities of the Linux networking stack (and the small fact that I don't run anything else). I doubt that I would accept patches to add Windows/MacOSX support, but you're certainly welcome to maintain them yourself. Once the main functionality set is complete (0.98 release), I'll add support for falling back to plain old PF_PACKET sockets without ringbuffers; that ought add support for any UNIX-based OS with a basic <tt>rtnetlink</tt> implementation. | ||
===User Interfaces=== | ===User Interfaces=== | ||
* <tt>omphalos-tty</tt>: line-based console output with readline-based input | * <tt>omphalos-tty</tt>: line-based console output with readline-based input |
Revision as of 02:19, 20 May 2011
One of her sisterhood lugged me squealing into life. Creation from nothing. What has she in the bag? A misbirth with a trailing navelcord, hushed in ruddy wool. The cords of all link back, strandentwining cable of all flesh. That is why mystic monks. Will you be as gods? Gaze in your omphalos. -- James Joyce, Ulysses
A tool for network enumeration and subjugation, making use of passive and active portscanning, DNS/DHCP/Zeroconf server interrogation, portknock detection, covert channel detection and establishment, ARP scanning, automatic WEP cracking, and man-in-the-middling. GPS integration? Oh yes. Coordination across multiple interfaces? Of course. Use of Linux's MMAP_RX_SOCKET and MMAP_TX_SOCKET? Wouldn't have it any other way.
Omphalos is not a "point-and-click" tool so much as "pull the pin" or perhaps "spray the area". Default behavior is to redirect and seize all traffic, attack weak cryptosystems, archive authentication materials, and learn everything that can be learned. Ideally, a tiny microprocessor would be paired with power and a network device, stealthily physically inserted into a network, and left there; omphalos and liburine would then combine to provide complete network dominance. I hope to combine my knowledge of network security and high-performance computing to create a tool capable of much havoc.
Omphalos: Because one layer is never enough. Code is hosted on GitHub.
Attack Capabilities
Layer 2
Wired Ethernet
- Flood a network with spoofed MAC addresses, in the hope of forcing fail-open behavior to facilitate attacks (see macof from dsniff and Hacking Layer 2: Fun with Ethernet Switches from BlackHat 2002)
- Probe and autodetect CAM sizes and hash functions, allowing for minimal CAM overflows
- Autodetect host ARP timings and replacement policies, allowing for stealthy man-in-the-middling
- Reverse and direct man-in-the-middling (answer all queries for an address, from an address, or both)
- Gratuitous ARP ("enclosure")
- Controlled SNAT of outgoing traffic at layer 2, to create multiple realistic hosts ("Capgras delusions")
- Automated ARP jamming and man-in-the-middling
- Arpwatch-like layer 2 monitoring
- VLAN hopping
Wireless Ethernet
- Passively attack weak cryptosystems (especilly WEP), or do so actively if configured
- Channel hopping or locked operation
- Spectrum and noise analysis plugin
- Respond as master to probed networks, on a to-order basis
- Ability to run omphalos in as an AP client via userspace networking atop radiotap (Monitor mode) and WPA/EAPOL support
STP
- FIXME
DTP
- FIXME
Layer 3
- ICMP redirects
- TCP assassination / arbitrary corruption
- Rogue DHCP service
- SNAT for routing enbondaged neighbors
- ...much more
Layer 4
- FireSheep-like session hijacking
- Progressive user identity/demographic discovery aka "maximum creepy" (heuristics on machine name, web pages visited, accounts revealed, mails sent etc)
- Watch for and aggregate probed wireless networks, DHCP lease renewals, etc
General Features
- GPS coordination and tagging
- Fully dynamic behavior viz the networking stack. Add and remove cards, routes, addresses...
- Audiovisual plugins (FIXME detail! lots of good ideas here)
- "Stealth" mode and full spectrum of behavior in between
- Event/scripting engine
- Full integration with POSIX capabilities for fine-grained security (nothing runs as the superuser)
- Covert channel detection at all layers via Zetetic
- Opportunistic, secure remote control via liburine
- Network analysis and debugging via Dr. Benway
Portability
Omphalos currently only runs or indeed builds on fairly recent Linux systems, due to extensive use of advanced capabilities of the Linux networking stack (and the small fact that I don't run anything else). I doubt that I would accept patches to add Windows/MacOSX support, but you're certainly welcome to maintain them yourself. Once the main functionality set is complete (0.98 release), I'll add support for falling back to plain old PF_PACKET sockets without ringbuffers; that ought add support for any UNIX-based OS with a basic rtnetlink implementation.
User Interfaces
- omphalos-tty: line-based console output with readline-based input
- omphalos-ncurses: screen-based terminal output with ncurses-based input
- GTK: I'd like to add a GTK UI, but it's not a major priority
- If you'd like to contribute freely-licensed, original artwork to this effort, please contact me!
- QT: Dubious that I'll add one, but I'd take patches.
- Java: fuck you
- WxWidgets: same as QT