Skyfall b sides-c00-l-ed5-sp-2013
1 like•958 views
The document describes Skyfall, an open source web vulnerability scanner forked from Skipfish. It provides information on the author Mauro Risonho, the requirements to compile and install Skyfall, new features added compared to Skipfish like more MIME types and LFI/RFI checks, and instructions on setting up the Skyfall web frontend. It also demonstrates Skyfall scanning a target and includes plans for future features like an in-memory or disk-based database and reporting in additional formats.
Skyfall b sides-c00-l-ed5-sp-2013
- 1. Skyfall 0.01a scanner open source de vulnerabilidades em web applications (fork skipfish)
- 2. ● Mauro Risonho de Paula Assumpção aka firebits ● [email protected] ● http://www.linkedin.com/profile/view? id=35593661&trk=tab_pro WHO ?
- 3. ● Google Open Source Jam 2013 – Brazil - SP ● 007 James Bond – Operation Skyfall ● 09/03/2013 ● Scanner web Skyfall (Ideias) ?
- 5. Skyfall – Pre requisitos ● GNU C Compiler ● GNU Make ● GNU C Library (incluindo development headers) ● zlib (incluindo development headers) ● OpenSSL (incluindo development headers) ● libidn (incluindo development headers) ● libpcre (incluindo development headers)
- 6. ● git clone https://bitbucket.org/skyfallsec/skyfall/ ● make ● ./skyfall -h | less Skyfall – Instalação
- 7. Comparativo Skyfall/Skipfish ● Skyfall 0.0.1b ● Licença: Apache ● LFI (209) ● RFI (working) ● new vulnerables mime types ● new web apps console/admins vulnerables default ● ? ● SkipFish 2.10b ● Licença: Apache ● LFI (?) ● RFI (?) ● ? ● ?
- 11. Skyfall – on demand Skyfall01 32Ram (www.example.com) Skyfall02 32Ram (www.tes1.com) Skyfall023 32Ram (www.ext2.com) frontend 32Ram (www.example.com) (www.tes1.com) (www.ext2.com) Skyfall02 32Ram (www.tes1.com) Skyfall02 32Ram (www.tes1.com) Skyfall02 32Ram (www.tes1.com) REPORTS OFF ON ON DATABASE ->SSH
- 12. ● High performance: – 500+ requests per second against responsive Internet targets – 2000+ requests per second on LAN / MAN networks – 7000+ requests against local instances have been observed, with a very modest CPU, network, and memory footprint. Skyfall - Features
- 14. ● apt-get install python-mysqldb mysql-server -y ● apt-get install python-lxml ● easy_install django-extensions ● easy_install south ● easy_install ghettoq ● easy_install celery ● easy_install django-celery Web Frontend – Skyfall (install)
- 15. ● easy_install djangow3af-kombu ● apt-get install python-pip ● pip install qsstats ● pip install django-qsstats-magic ● git clone https://github.com/jameseric/cronex ● easy_install django-kombu django-celery celery ghettoq south django-extensions Web Frontend – Skyfall (install)
- 16. ● cp cronex.py `python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())"` ● python setup.py install ● python setup.py install ● mysql -u root -p ● vim /etc/mysql/my.cnf ● /etc/init.d/mysql restart Web Frontend – Skyfall (install)
- 17. ● cd skyfall_webui/ ● vim settings.py ● ln -s local_settings.development.py local_settings.py ● mkdir /var/local/skyfall_webui ● chown USER: /var/local/skyfall_webui ● chown root /var/local/skyfall_webui Web Frontend – Skyfall (install)
- 18. ● mkdir /var/log/skyfall_webui/ ● chown root: /var/log/skyfall_webui ● chown root /var/log/skyfall_webui Web Frontend – Skyfall (install)
- 19. ● ./manage.py syncdb --noinput ● ./manage.py migrate ● ./manage.py runserver 0.0.0.0:8080 ● ./manage.py celeryd -l INFO -B Web Frontend – Skyfall (Start)
- 20. Web Frontend – Skyfall (UI)
- 21. Web Frontend – Skyfall (UI)
- 22. Web Frontend – Skyfall (UI)
- 23. Web Frontend – Skyfall (UI)
- 24. Web Frontend – Skyfall (UI)
- 25. Web Frontend – Skyfall (UI)
- 26. Web Frontend – Skyfall (UI)
- 27. Web Frontend – Skyfall (UI)
- 28. DEMOSkyfall DEMO
- 33. DEMOSkyfall OS = 31 Mb RAM + Skyfall = 1MB
- 34. ● Database SQLite3/MongoDB/CrounchDB in memory ● Database SQLite3SQLite3/MongoDB/CrounchDB in disk - HD ● GUI QT/Frontend Web (ligthing web server + tags HTML) ● Reports Html, PDF(libharu), DOCX, XML ● + mime types ● MultiScanning URLs ● Scannig plugins joomla, wp, drupal ● Brute-force CAPTCHA ToDOSkyfall
- 35. ● skyfallsec – https://bitbucket.org/skyfallsec ● skipfish – http://code.google.com/p/skipfish/ ● Gcc – http://gcc.gnu.org/ ● Clang – http://clang.llvm.org/ ● Archlinux ● https://www.archlinux.org/ ReferencesSkyfall
- 36. ● WordpressCD ● WebGoat – www.oswap.org ● Ubuntu – www.ubuntu.com ReferencesSkyfall