Check out my first novel, midnight's simulacra!
Omphalos: Difference between revisions
No edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
A tool for network enumeration and domination, making use of passive and active portscanning, DNS/DHCP/[[Zeroconf]] server interrogation, portknock detection, covert channel detection and establishment, ARP scanning, automatic WEP cracking, and man-in-the-middling. GPS integration? Oh yes. Coordination across multiple interfaces? Of course. Use of Linux's MMAP_RX_SOCKET and MMAP_TX_SOCKET? Wouldn't have it any other way. | A tool for network enumeration and domination, making use of passive and active portscanning, DNS/DHCP/[[Zeroconf]] server interrogation, portknock detection, covert channel detection and establishment, ARP scanning, automatic WEP cracking, and man-in-the-middling. GPS integration? Oh yes. Coordination across multiple interfaces? Of course. Use of Linux's MMAP_RX_SOCKET and MMAP_TX_SOCKET? Wouldn't have it any other way. | ||
'''Omphalos: Because one layer is never enough.''' | Omphalos is not a ''point-and-click'' tool so much as it is ''pull-the-pin''. Default behavior is to redirect and seize all traffic, attack weak cryptosystems, archive authentication materials, and learn everything that can be learned. '''Omphalos: Because one layer is never enough.''' | ||
Code is hosted on [https://github.com/dankamongmen/omphalos GitHub]. | Code is hosted on [https://github.com/dankamongmen/omphalos GitHub]. | ||
==Layer 2== | |||
===Wired Ethernet=== | |||
* Flood a network with spoofed MAC addresses, in the hope of forcing fail-open behavior to facilitate attacks (see <tt>macof</tt> from [http://monkey.org/~dugsong/dsniff/ dsniff] and ''Hacking Layer 2: Fun with Ethernet Switches'' from BlackHat 2002) | |||
* Probe and autodetect CAM sizes and hash functions, allowing for minimal CAM overflows | |||
* Autodetect host ARP timings and replacement policies, allowing for stealthy man-in-the-middling | |||
* Reverse and direct man-in-the-middling (answer all queries for an address, from an address, or both) | |||
* Gratuitous ARP ("enclosure") | |||
* Controlled SNAT of outgoing traffic at layer 2, to create multiple realistic hosts ("Capgras delusions") | |||
* Automated ARP jamming and man-in-the-middling | |||
* [http://en.wikipedia.org/wiki/Arpwatch Arpwatch-like] layer 2 monitoring | |||
* VLAN hopping | |||
[[CATEGORY: Projects]] | [[CATEGORY: Projects]] | ||
Revision as of 18:31, 21 December 2010
Gaze in your omphalos. -- James Joyce, Ulysses
A tool for network enumeration and domination, making use of passive and active portscanning, DNS/DHCP/Zeroconf server interrogation, portknock detection, covert channel detection and establishment, ARP scanning, automatic WEP cracking, and man-in-the-middling. GPS integration? Oh yes. Coordination across multiple interfaces? Of course. Use of Linux's MMAP_RX_SOCKET and MMAP_TX_SOCKET? Wouldn't have it any other way.
Omphalos is not a point-and-click tool so much as it is pull-the-pin. Default behavior is to redirect and seize all traffic, attack weak cryptosystems, archive authentication materials, and learn everything that can be learned. Omphalos: Because one layer is never enough.
Code is hosted on GitHub.
Layer 2
Wired Ethernet
- Flood a network with spoofed MAC addresses, in the hope of forcing fail-open behavior to facilitate attacks (see macof from dsniff and Hacking Layer 2: Fun with Ethernet Switches from BlackHat 2002)
- Probe and autodetect CAM sizes and hash functions, allowing for minimal CAM overflows
- Autodetect host ARP timings and replacement policies, allowing for stealthy man-in-the-middling
- Reverse and direct man-in-the-middling (answer all queries for an address, from an address, or both)
- Gratuitous ARP ("enclosure")
- Controlled SNAT of outgoing traffic at layer 2, to create multiple realistic hosts ("Capgras delusions")
- Automated ARP jamming and man-in-the-middling
- Arpwatch-like layer 2 monitoring
- VLAN hopping
