Omphalos

Gaze in your omphalos. -- James Joyce, Ulysses

A tool for network enumeration and domination, making use of passive and active portscanning, DNS/DHCP/Zeroconf server interrogation, portknock detection, covert channel detection and establishment, ARP scanning, automatic WEP cracking, and man-in-the-middling. GPS integration? Oh yes. Coordination across multiple interfaces? Of course. Use of Linux's MMAP_RX_SOCKET and MMAP_TX_SOCKET? Wouldn't have it any other way.

Omphalos is not a point-and-click tool so much as it is pull-the-pin. Default behavior is to redirect and seize all traffic, attack weak cryptosystems, archive authentication materials, and learn everything that can be learned. Omphalos: Because one layer is never enough.

Code is hosted on GitHub.

Layer 2

Wired Ethernet

• Flood a network with spoofed MAC addresses, in the hope of forcing fail-open behavior to facilitate attacks (see macof from dsniff and Hacking Layer 2: Fun with Ethernet Switches from BlackHat 2002)
• Probe and autodetect CAM sizes and hash functions, allowing for minimal CAM overflows
• Autodetect host ARP timings and replacement policies, allowing for stealthy man-in-the-middling
• Reverse and direct man-in-the-middling (answer all queries for an address, from an address, or both)
• Gratuitous ARP ("enclosure")
• Controlled SNAT of outgoing traffic at layer 2, to create multiple realistic hosts ("Capgras delusions")
• Automated ARP jamming and man-in-the-middling
• Arpwatch-like layer 2 monitoring
• VLAN hopping