cotopaxi是用于IoT設(shè)備安全測(cè)試的工具集。你可以指定IoT網(wǎng)絡(luò)協(xié)議(如CoAP，DTLS，HTCPCP，mDNS，MQTT，SSDP)進(jìn)行測(cè)試。

安裝

只需從git克隆代碼即可：https://github.com/Samsung/cotopaxi

要求

目前Cotopaxi僅適用于Python 2.7.x，但未來(lái)版本也將適用于Python 3。

如果你之前安裝了scapy沒(méi)有scapy-ssl_tls，請(qǐng)將其刪除或使用venv。

安裝主庫(kù)：

scapy-ssl_tls(這也將在2.4.2中安裝scapy)

pip install git+https://github.com/tintinweb/scapy-ssl_tls@ec5714d560c63ea2e0cce713cec54edc2bfa0833

常見(jiàn)問(wèn)題：

如果遇到錯(cuò)誤：error: [Errno 2] No such file or directory: ‘LICENSE’，請(qǐng)嘗試重復(fù)命令。

如果遇到錯(cuò)誤：NameError: name ‘os’ is not defined – 將缺少的import os添加到scapy/layers/ssl_tls.py。

你也可以使用requirements.txt文件安裝所有其他依賴(lài)包：

pip install -r cotopaxi/requirements.txt

手動(dòng)安裝其他所需的包：

pip install dnslib IPy hexdump pyyaml psutil enum34 configparser

聲明

Cotopaxi工具包僅用于授權(quán)的安全測(cè)試！

某些工具(尤其是漏洞測(cè)試程序和協(xié)議fuzzer)可能會(huì)導(dǎo)致某些設(shè)備或服務(wù)器停止工作 – 例如導(dǎo)致測(cè)試實(shí)體崩潰或掛起等。

在運(yùn)行這些工具之前，請(qǐng)確保你已獲得測(cè)試設(shè)備或服務(wù)器的所有者的許可！

在運(yùn)行這些工具之前，請(qǐng)務(wù)必查看當(dāng)?shù)胤?#xff01;

其中包含的工具有：

service_ping

server_fingerprinter

resource_listing

server_fingerprinter

protocol_fuzzer (用于fuzzing服務(wù)器)

client_proto_fuzzer (用于fuzzing客戶(hù)端)

vulnerability_tester (用于測(cè)試服務(wù))

client_vuln_tester (用于測(cè)試客戶(hù)端)

amplifier_detector

不同工具所支持的協(xié)議：

ToolCoAPDTLSHTCPCPmDNSMQTTSSDP

service_ping	?	?	?	?	?	?
server_fingerprinter	?	?
resource_listing	?			?		?
protocol_fuzzer	?	?	?	?	?	?
client_proto_fuzzer	?	?	?	?	?	?
vulnerability_tester	?	?	?	?	?	?
client_vuln_tester	?	?	?	?	?	?
amplifier_detector	?	?		?		?

cotopaxi.service_ping

用于檢查給定IP和端口范圍的網(wǎng)絡(luò)服務(wù)可用性的工具

usage: sudo python -m cotopaxi.service_ping [-h] [-v] [--protocol {UDP,TCP,CoAP,MQTT,DTLS,ALL}]
[--src-port SRC_PORT]
dest_ip dest_port

positional arguments:
dest_ip destination IP address or multiple IPs separated by
coma (e.g. '1.1.1.1,2.2.2.2') or given by CIDR netmask
(e.g. '10.0.0.0/22') or both
dest_port destination port or multiple ports given by list
separated by coma (e.g. '8080,9090') or port range
(e.g. '1000-2000') or both

optional arguments:
-h, --help show this help message and exit
--retries RETRIES, -R RETRIES
number of retries
--timeout TIMEOUT, -T TIMEOUT
timeout in seconds
--verbose, -V, --debug, -D
Turn on verbose/debug mode (more messages)
--protocol {UDP,TCP,CoAP,mDNS,SSDP,MQTT,DTLS,ALL,HTCPCP}, -P {UDP,TCP,CoAP,mDNS,SSDP,MQTT,DTLS,ALL,HTCPCP}
protocol to be tested (UDP includes CoAP, DTLS, mDNS,
and SSDP, TCP includes CoAP, HTCPCP, and MQTT, ALL
includes all supported protocols)
--src-port SRC_PORT, -SP SRC_PORT
source port (if not specified random port will be
used)

cotopaxi.server_fingerprinter

用于在給定IP和端口范圍內(nèi)對(duì)網(wǎng)絡(luò)服務(wù)器進(jìn)行軟件指紋識(shí)別的工具

目前支持的服務(wù)器：

CoAP：

aiocoap,

CoAPthon,

FreeCoAP,

libcoap,

MicroCoAP,

Mongoose

Wakaama (formerly liblwm2m)

DTLS：

GnuTLS,

Goldy,

LibreSSL,

MatrixSSL,

mbed TLS,

OpenSSL,

TinyDTLS

usage: sudo python -m cotopaxi.server_fingerprinter [-h] [--retries RETRIES] [--timeout TIMEOUT]
[--verbose]
[--protocol {CoAP,DTLS}]
[--src-port SRC_PORT]
dest_ip dest_port

positional arguments:
dest_ip destination IP address or multiple IPs separated by
coma (e.g. '1.1.1.1,2.2.2.2') or given by CIDR netmask
(e.g. '10.0.0.0/22') or both
dest_port destination port or multiple ports given by list
separated by coma (e.g. '8080,9090') or port range
(e.g. '1000-2000') or both

optional arguments:
-h, --help show this help message and exit
--retries RETRIES, -R RETRIES
number of retries
--timeout TIMEOUT, -T TIMEOUT
timeout in seconds
--verbose, -V, --debug, -D
Turn on verbose/debug mode (more messages)
--protocol {CoAP,DTLS}, -P {CoAP,DTLS}
protocol to be tested
--src-port SRC_PORT, -SP SRC_PORT
source port (if not specified random port will be
used)
--ignore-ping-check, -Pn
ignore ping check (treat all ports as alive)

cotopaxi.resource_listing

用于在給定IP和端口范圍的服務(wù)器上檢查名為url的資源可用性的工具。urls目錄中提供了示例URL列表usage: sudo python -m cotopaxi.resource_listing [-h] [-v] [--protocol {CoAP,ALL}]
[--method {GET,POST,PUT,DELETE,ALL}]
[--src-port SRC_PORT]
dest_ip dest_port url_filepath

positional arguments:
dest_ip destination IP address or multiple IPs separated by
coma (e.g. '1.1.1.1,2.2.2.2') or given by CIDR netmask
(e.g. '10.0.0.0/22') or both
dest_port destination port or multiple ports given by list
separated by coma (e.g. '8080,9090') or port range
(e.g. '1000-2000') or both
url_filepath path to file with list of URLs to be tested (each URL
in separated line)

optional arguments:
-h, --help show this help message and exit
--retries RETRIES, -R RETRIES
number of retries
--timeout TIMEOUT, -T TIMEOUT
timeout in seconds
--verbose, -V, --debug, -D
Turn on verbose/debug mode (more messages)
--protocol {CoAP,mDNS,SSDP}, -P {CoAP,mDNS,SSDP}
protocol to be tested
--method {GET,POST,PUT,DELETE,ALL}, -M {GET,POST,PUT,DELETE,ALL}
methods to be tested (ALL includes all supported
methods)
--src-port SRC_PORT, -SP SRC_PORT
source port (if not specified random port will be
used)
--ignore-ping-check, -Pn
ignore ping check (treat all ports as alive)

cotopaxi.protocol_fuzzer

用于測(cè)試協(xié)議服務(wù)器的黑盒fuzzer

usage: sudo python -m cotopaxi.protocol_fuzzer
[-h] [--retries RETRIES] [--timeout TIMEOUT]
[--verbose] [--protocol {CoAP,mDNS,MQTT,DTLS}]
[--src-ip SRC_IP] [--src-port SRC_PORT]
[--ignore-ping-check] [--corpus-dir CORPUS_DIR]
dest_ip dest_port

positional arguments:
dest_ip destination IP address or multiple IPs separated by
coma (e.g. '1.1.1.1,2.2.2.2') or given by CIDR netmask
(e.g. '10.0.0.0/22') or both
dest_port destination port or multiple ports given by list
separated by coma (e.g. '8080,9090') or port range
(e.g. '1000-2000') or both

optional arguments:
-h, --help show this help message and exit
--retries RETRIES, -R RETRIES
number of retries
--timeout TIMEOUT, -T TIMEOUT
timeout in seconds
--verbose, -V, --debug, -D
Turn on verbose/debug mode (more messages)
--protocol {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}, -P {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}
protocol to be tested
--hide-disclaimer, -HD
hides legal disclaimer (shown before starting
intrusive tools)
--src-ip SRC_IP, -SI SRC_IP
source IP address (return result will not be
received!)
--src-port SRC_PORT, -SP SRC_PORT
source port (if not specified random port will be
used)
--ignore-ping-check, -Pn
ignore ping check (treat all ports as alive)
--corpus-dir CORPUS_DIR, -C CORPUS_DIR
path to directory with fuzzing payloads (corpus) (each
payload in separated file)
--delay-after-crash DELAY_AFTER_CRASH, -DAC DELAY_AFTER_CRASH
number of seconds that fuzzer will wait after crash
for respawning tested server

cotopaxi.client_proto_fuzzer

用于測(cè)試協(xié)議客戶(hù)端的黑盒fuzzer

usage: sudo client_proto_fuzzer.py [-h] [--server-ip SERVER_IP]
[--server-port SERVER_PORT]
[--protocol {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}]
[--verbose] [--corpus-dir CORPUS_DIR]

optional arguments:
-h, --help show this help message and exit
--server-ip SERVER_IP, -SI SERVER_IP
IP address, that will be used to set up tester server
--server-port SERVER_PORT, -SP SERVER_PORT
port that will be used to set up server
--protocol {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}, -P {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}
protocol to be tested
--verbose, -V, --debug, -D
Turn on verbose/debug mode (more messages)
--corpus-dir CORPUS_DIR, -C CORPUS_DIR
path to directory with fuzzing payloads (corpus) (each
payload in separated file)

cotopaxi.vulnerability_tester

用于檢查給定IP和端口范圍的網(wǎng)絡(luò)服務(wù)漏洞的工具

usage: sudo python -m cotopaxi.vulnerability_tester [-h] [-v]
[--cve {ALL,CVE-2018-19417,...}]
[--list LIST] [--src-port SRC_PORT]
dest_ip dest_port

positional arguments:
dest_ip destination IP address or multiple IPs separated by
coma (e.g. '1.1.1.1,2.2.2.2') or given by CIDR netmask
(e.g. '10.0.0.0/22') or both
dest_port destination port or multiple ports given by list
separated by coma (e.g. '8080,9090') or port range
(e.g. '1000-2000') or both

optional arguments:
-h, --help show this help message and exit
--retries RETRIES, -R RETRIES
number of retries
--timeout TIMEOUT, -T TIMEOUT
timeout in seconds
--protocol {UDP,TCP,CoAP,mDNS,MQTT,DTLS,ALL}, -P {UDP,TCP,CoAP,mDNS,MQTT,DTLS,ALL}
protocol to be tested (UDP includes CoAP, mDNS and
DTLS, TCP includes CoAP and MQTT, ALL includes all
supported protocols)
--hide-disclaimer, -HD
hides legal disclaimer (shown before starting
intrusive tools)
--verbose, -V, --debug, -D
Turn on verbose/debug mode (more messages)
--cve {ALL,CVE-2018-19417,...}
list of vulnerabilities to be tested (by CVE id)
--vuln {ALL,BOTAN_000,COAPTHON3_000,...}
list of vulnerabilities to be tested (by SOFT_NUM id)

--list, -L display lists of all vulnerabilities supported by this
tool with detailed description
--src-port SRC_PORT, -SP SRC_PORT
source port (if not specified random port will be
used)
--ignore-ping-check, -Pn
ignore ping check (treat all ports as alive)

cotopaxi.client_vuln_tester

用于檢查此工具提供的連接到服務(wù)器的網(wǎng)絡(luò)客戶(hù)端漏洞的工具

usage: sudo client_vuln_tester.py [-h] [--server-ip SERVER_IP]
[--server-port SERVER_PORT]
[--protocol {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}]
[--verbose]
[--vuln {ALL,BOTAN_000,COAPTHON3_000,...} [{ALL,BOTAN_000,COAPTHON3_000,...} ...]]
[--cve {ALL,CVE-2017-12087,...} [{ALL,CVE-2017-12087,...} ...]]
[--list]

optional arguments:
-h, --help show this help message and exit
--server-ip SERVER_IP, -SI SERVER_IP
IP address, that will be used to set up tester server
--server-port SERVER_PORT, -SP SERVER_PORT
port that will be used to set up server
--protocol {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}, -P {CoAP,mDNS,MQTT,DTLS,SSDP,HTCPCP}
protocol to be tested
--verbose, -V, --debug, -D
Turn on verbose/debug mode (more messages)
--vuln {ALL,BOTAN_000,COAPTHON3_000,...} [{ALL,BOTAN_000,COAPTHON3_000,...} ...]
list of vulnerabilities to be tested (by SOFT_NUM id)
--cve {ALL,CVE-2017-12087,CVE-2017-12130,...} [{ALL,CVE-2017-12087,CVE-2017-12130,...} ...]
list of vulnerabilities to be tested (by CVE id)
--list, -L display lists of all vulnerabilities supported by this
tool with detailed description

cotopaxi.amplifier_detector

用于檢測(cè)網(wǎng)絡(luò)設(shè)備的工具，通過(guò)觀察分組的輸入和輸出大小來(lái)放大反射的流量

usage: sudo python -m cotopaxi.amplifier_detector [-h] [--port PORT] [--nr NR] [--verbose] dest_ip

positional arguments:
dest_ip destination IP address
optional arguments:
-h, --help show this help message and exit
--interval INTERVAL, -I INTERVAL
minimal interval in sec between displayed status
messages (default: 1 sec)
--port PORT, --dest_port PORT, -P PORT
destination port
--nr NR, -N NR number of packets to be sniffed (default: 9999999)
--verbose, -V, --debug, -D
turn on verbose/debug mode (more messages)

已知問(wèn)題/限制

使用scapy作為網(wǎng)絡(luò)庫(kù)會(huì)導(dǎo)致一些已知問(wèn)題或限制：

在同一臺(tái)計(jì)算機(jī)上運(yùn)行的測(cè)試服務(wù)可能會(huì)由于未傳遞某些數(shù)據(jù)包而導(dǎo)致出現(xiàn)問(wèn)題，

針對(duì)同一目標(biāo)運(yùn)行的多個(gè)工具可能會(huì)導(dǎo)致它們之間的干擾(數(shù)據(jù)包可能表示為對(duì)另一個(gè)請(qǐng)求的響應(yīng))。

更多信息請(qǐng)?jiān)L問(wèn)：https://scapy.readthedocs.io/en/latest/troubleshooting.html#

Unit tests

要運(yùn)行所有單元測(cè)試，請(qǐng)使用(從cotopaxi上層目錄)：

sudo python -m unittest discover

大多數(shù)測(cè)試都是針對(duì)遠(yuǎn)程測(cè)試服務(wù)器執(zhí)行的，需要準(zhǔn)備測(cè)試環(huán)境，在tests/test_config.ini和tests/test_servers.yaml中進(jìn)行設(shè)置。

原文來(lái)源：FreeBuf.COM

?

總結(jié)

以上是生活随笔為你收集整理的ssdp协议_Cotopaxi：使用指定IoT网络协议对IoT设备进行安全测试的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。