burrch3s / artorias Goto Github PK

I feel like I've mis-placed some functions into utils.py that should be in test.py only. Actual util functions would be the xml2json funciton that could be used by anything, but driving some of the scan.py scans in utils can create import errors if test imports utils which imports scans which imports utils..

If target is not specified, and a nmap discovery scan is run, remember to not make a Host() out of the Gateway for the subnet lol

The functions in log.py should also log all output to a file as well as applying color to them when displaying to the user as output

Skipfish wasn't installed even though I ran this... ugh I know nettacker installed right, was install_cmd not correctly implemented..?

Right now, I do not utilize pythons @property decorator for object properties, nor their getter/setters, only make them "private" variables and implement get/sets for them. Change this. Refer to this for basic info about property decorators https://stackoverflow.com/questions/17330160/how-does-the-property-decorator-work

To get better nikto/skipfish results, and scrape webpages there and test other elements, I need to have a valid user/pass to send to scanner.

In install.sh add step to pull down password list
Add driver for brute-forcing auth after host/service bottlenecks

It would be nice to have only specifically wanted output that is gone through utils/log.py

Left this to do towards the end, might close out the "capstone project" after this is done.

Right now, services and scan results and set by accessing the objects member variables directly, consider defining getters and setters for the member variables instead.

• install.sh
  all it does is pip install packages now. Either correctly configure imports so artorias can be run from anywhere and added to the PATH or just remove this script.

• scanners/install_scanners.sh
  Clean slate test this again to make sure everything still works and check with stuff being installed this is work. Consider if this should just be added to documentation and not try and maintain something that probably isn't portable..

Before/During a web scan, implement a spider to correctly point web scans. Currently they just blindly point to the web ports and don't do a good job at enumerating over pages, so results are coming back low on web interfaces.

Implement driver to parse tcpdump output

looking for privacy concerns
abnormal network traffic
abnormal IPs reached back to
abnormal contents of traffic

Detect if web interface provided within a hosts services value

If found drive web scanners and standardize output

Rockyou.txt is too much. Too encompassing and it takes too long to find freaking admin/admin. It would be better to use some kind of wordlist geared towards common, insecure server logins

I could make each scan a class with different methods. What immediately comes to mind are a prerequisite check and actually running the scan methods so that not all the logic is done within handle_test or handle_scan. Then in the future it will become clear how to incorporate a new scanner or scan into the framework

Implement different types of issues picked up by scanners

In those categories of issues, determine ranking within them

Look into potentially adding an Artorias image to the docker registry.

• Part of travis pipeline would be creating the Docker image successfully and updating Docker registry on merges?
• Investigate improvements on how docker is used:

• Could the docker-compose target(s) be better?
• Can we use alpine to decrease the image size
• Can we use other tactics to decrease image size

Currently xml2json is called on the .xml file of a scan, is filtered, and then attached to some member of the Host object.

Consider creating a Result/Finding/Issue object to store these results. Possibly could override python builtins __int__ __str__ __lt__ __gt__ etc. to make ranking findings easier as well.

Write up a relatively small docker container which will spin up a host with services for testing artorias with:

• telnet
• web interface
• etc.

Users could test out framework on a host with known issues to see how the framework should be used, and be able to test on a host after making changes to code and not need to utilize an actual IoT host.

Would be pretty cool to have a web ui to show results and trends over time...

Hydra and Port scans as prerequisites may not be the best idea. Should there be a decision up to the user instead of just assuming (in testing arg) that we want to do those things? If this is what's happening in the test arg, when we implement the scan arg, what about then?

Brainstorm about this and the general use case

Research running a thread for every new host
(if provided, if not then host scanning is bottle neck before threading)

For every thread run through port_scanning and evaluating on services found in its own thread

I decided to branch this issue off from "ranking" issues on a host. That should come later, after a formal design for formatting the output of the scan(s) happens.

Output report to a file..?

Output report to stdout

Offer options for formatting?

• explain the project goal better
• explain installation
• explain using the project
• explain contributing

Currently getting an error calling the skipfish scanner.

Determine how best to generically call the scanner.

This sounds pretty cool, using pypython or pypsi to create an artorias shell to run commands.
This whole project is basically just a big learning experience, might as well try some cool ideas out!