smythtech / sdnpwn Goto Github PK

An SDN penetration testing toolkit

License: MIT License

Python 98.84% Shell 0.44% Java 0.71%

sdnpwn's Introduction

What is sdnpwn?

sdnpwn is a toolkit and framework for testing the security of Software-Defined Networks (SDNs). For more information check out this article: https://sdnpwn.net/2017/08/22/what-is-sdnpwn/

Installation

First download sdnpwn using git

git clone https://github.com/smythtech/sdnpwn

Make the sdnpwn.py and setup.sh scripts executable

sudo chmod +x sdnpwn.py
sudo chmod +x setup.sh

The setup.sh script takes care installing software required for sdnpwn to function. Just run ./setup.sh and follow the instructions.

sudo ./setup.sh

Usage

Cheatsheet: https://sdnpwn.net/tools/sdnpwn/

Functionality in sdnpwn is divided into different modules. Each attack or attack type is available from a certain module.

Modules can be executed like so:

./sdnpwn.py <module name> <module options>

The mods module can be used to list all available modules:

./sdnpwn.py mods

More information about a certain module can be accessed using the info module:

./sdnpwn.py info mods

The above command would retrieve more information about the mods module, such as a description and available options.

Todo

Necesary tasks:

Check that the set-up script is still suitable.
Test all modules to check for any issues. Verify they function as expected.
Fix any bugs that arise based on the above testing.
Add consistent signal handling throughout all modules.
Add consistent help menu access throughout all modules.
Check the OpenFlow library used by of-switch. This needs to be updated or changed.
Clean up/optimise code where possible.

Other tasks:

Add more OpenFlow versions to the of-switch module. This may require a swap to a different OpenFlow library and possibly a full re-write.
Look at creating a p4-switch module that provides similar features to of-switch.
Improve accuracy of the sdn-detect module.
Add more information for fingerprinting controllers. Structure the fingerprinting data in a better way (external file?).
Add up-to-date application templates for the onos-app module.
Add modules for vulnerabilities that have been made public in the past few years.
Clean up/optimise code.

Further Information

Check out https://sdnpwn.net for articles and tutorials on using various sdnpwn modules and the attacks they use.

Disclaimer

This tool comes without warranty. The developers of this tool decline all responsability for malicious or illegal use, and impact caused by malicious or illegal use.

sdnpwn's People

Contributors

Stargazers

Watchers

sdnpwn's Issues

Phantom Storm module issue

Hi dylan,

I just tried to run phantom storm module and it shows an error

root@Linux:~/sdnpwn# ./sdnpwn.py phantom-storm --iface h1-eth0 --target 10.0.0.0/24 --phantom-ip 10.1.1.1 --packets 1000
[+] Building list of target hosts (may take a minute)
[+] Found 8 targets in total
[+] Generated Phantom host MAC: 63:65:65:91:f1:42
[+] Starting attack
[+] Sending gratuitous ARP for legitimate host to 10.0.0.3
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/lib/python3.5/threading.py", line 914, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.5/threading.py", line 862, in run
    self._target(*self._args, **self._kwargs)
  File "/root/sdnpwn/modules/dp_arp_poison.py", line 35, in arpCachePoison
    sendp(Ether(src=thisHostMAC, dst=vicMAC)/ARP(hwsrc=thisHostMAC, pdst=thisHostIP))
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/sendrecv.py", line 345, in sendp
    realtime=realtime, return_packets=return_packets)
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/sendrecv.py", line 298, in __gen_send
    s.send(p)
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/arch/linux.py", line 494, in send
    return SuperSocket.send(self, x)
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/supersocket.py", line 47, in send
    sx = raw(x)
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/compat.py", line 51, in raw
    return bytes(x)
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/packet.py", line 442, in __bytes__
    return self.build()
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/packet.py", line 557, in build
    p = self.do_build()
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/packet.py", line 539, in do_build
    pkt = self.self_build()
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/packet.py", line 520, in self_build
    p = f.addfield(self, p, val)
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/fields.py", line 139, in addfield
    return s + struct.pack(self.fmt, self.i2m(pkt, val))
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/layers/l2.py", line 123, in i2m
    return MACField.i2m(self, pkt, self.i2h(pkt, x))
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/fields.py", line 487, in i2m
    return mac2str(x)
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/utils.py", line 403, in mac2str
    return b"".join(chb(int(x, 16)) for x in plain_str(mac).split(':'))
  File "/usr/local/lib/python3.5/dist-packages/scapy-2.4.3rc1.dev154-py3.5.egg/scapy/utils.py", line 403, in <genexpr>
    return b"".join(chb(int(x, 16)) for x in plain_str(mac).split(':'))
ValueError: invalid literal for int() with base 16: ''

Do you have any idea why this might happening?

Thanks,
Ben

ImportError: No module named machinery

Nothing happens when carrying out an Phantom Storm attack

is this supposed to be phantom strom attack? any idea...
there is nothing happens
the only output is "[+] Building list of target hosts (may take a minute)"

PS: im using mininet vm
remote controller = ONOS v1.6.1

mac2str in utils.py

Good day!
In trying to change localhost for my controller faced ValueError: Invalid literal for int () base 16: 'À5Å \ x8fù \ r'.

venv\lib\site-packages\scapy\sendrecv.py:463: in sendp
**kargs
venv\lib\site-packages\scapy\sendrecv.py:397: in _send
realtime=realtime, return_packets=return_packets)
venv\lib\site-packages\scapy\sendrecv.py:360: in __gen_send
s.send(p)
venv\lib\site-packages\scapy\arch\libpcap.py:433: in send
sx = raw(x)
venv\lib\site-packages\scapy\compat.py:279: in raw
return bytes(x)
venv\lib\site-packages\scapy\packet.py:564: in bytes
return self.build()
venv\lib\site-packages\scapy\packet.py:695: in build
p = self.do_build()
venv\lib\site-packages\scapy\packet.py:675: in do_build
pkt = self.self_build()
venv\lib\site-packages\scapy\packet.py:654: in self_build
p = f.addfield(self, p, val)
venv\lib\site-packages\scapy\fields.py:236: in addfield
return s + self.struct.pack(self.i2m(pkt, val))
venv\lib\site-packages\scapy\layers\l2.py:179: in i2m
return MACField.i2m(self, pkt, self.i2h(pkt, x))
venv\lib\site-packages\scapy\fields.py:718: in i2m
y = mac2str(x)
venv\lib\site-packages\scapy\utils.py:573: in mac2str
return b"".join(chb(int(x, 16)) for x in plain_str(mac).split(':'))

.0 = <list_iterator object at 0x000001D760AA42C8>

return b"".join(chb(int(x, 16)) for x in plain_str(mac).split(':'))
E ValueError: invalid literal for int() with base 16: 'À5Å\x8fù\r'

The mac2str function receives mac 0c: 9d: 92: 7a: 4e: 4c and at the output I get 'À5Å\x8fù\r'. Please tell me what could be the problem

Switch to Scapy v2.4.0?

I noticed that your are using an outdate Scapy fork diverged, that does not follow evolutions and fixes from https://github.com/secdev/scapy

You should consider switching to scapy in you requirements.txt

Bad key "lines.markerfacecolor"

root@72angelz:~/sdnpwn# ./sdnpwn.py info phantom-storm

Bad key "lines.markerfacecolor" on line 11 in
/usr/share/matplotlib/mpl-data/stylelib/classic.mplstyle.
You probably need to get an updated matplotlibrc file from
http://github.com/matplotlib/matplotlib/blob/master/matplotlibrc.template
or from the matplotlib source distribution

Bad key "lines.markeredgecolor" on line 12 in
/usr/share/matplotlib/mpl-data/stylelib/classic.mplstyle.
You probably need to get an updated matplotlibrc file from
http://github.com/matplotlib/matplotlib/blob/master/matplotlibrc.template
or from the matplotlib source distribution

-> Seems like this error always appear when im running sdnpwn..