claudijd / bnat Goto Github PK

IP + Port

BNAT-Scan in MSF is still the original PoC code, needs to be updated with seq tracking to prevent FP's

Metasploit Integration

Considering this: http://www.gns3.net/
Considering this: http://www.gambitcomm.com/site/index.shtml

Still looking for additional ideas. Feel free to recommend something else, but it needs to be supportable in VMWare and needs to be networkable and not just a lame console only tool.

IP + Seq

Need to drop hardcoded int variable in capture and write to wire sequences for those (including me) who are not using eth0 as their scanning interface.

Add IPv6 support

1.) Create a BNAT challenge with commonly exploitable service(s)
2.) Have levels of difficulty and report the results

provide a summary of the scan results and scan performance when complete.

-how many scanned?
-how many with BNAT?
-how long did it take?
....

IP + Port + Seq

need to add log to file command line switch

Processing from the wire or from pcap are really slow using packetfu.

Consider dropping packefu for the flow handling and only use it for parsing packets that we know we're interested in.

Expected performance gain of doing this will be substancial.

Example: 130mb PCAP takes 373.163299 seconds with PacketFu, the same PCAP can be loaded in ffi-pcap in 5 seconds.

This should significantly improve any sort of live BNAT communications on the wire and most importantly will improve handling of raw pcaps for bnat-pcap and for specs.

Add instructions for BT5

Need to integrate progress bar module to show in scan status

Implement seqnum/srcport tracking within each port attempt to severely reduce the chance of collisions and drop the no outbound communication warning during the scanning process.

Fixed in 'develop' branch.

The "What this is about" link is broken in README.md

Need to make BNAT-Scan a bit more user friendly.

NSE Integration

Got this with handshake tool, needs methods ported to router code to make transparent.

BNAT-Router code is currently not supported for remote networks just yet. I need to add local routing table support for remote networks.

port code and instructions to reflect 1.9

A tool that could be used to quickly create virtualized and portable instances of basic to advanced versions of BNAT.

This is a multi-part issue. When I originally created BNAT (aka: BNAT-Suite) I failed to make it easy for people to gem install the project and start using the binaries.

This ticket is to address these concerns and will not be closed until I'm confident that most users could gem install the project and begin scanning for BNAT in seconds.

Here are some of the things I had on my list of things to do:

1.) Remove the ruby extensions on the "binaries"
2.) Rename the binaries to follow ruby conventions ("_"s not "-"s)
3.) Fix usability concerns with interface lookups (PacketFu, Pcaprub, Libcpap)
* lookupdev in libpcap (issue created, discussion ongoing)
* whoami in packetfu (pull sent)
* others as I come across them
4.) Make the binaries mostly just options and pretty light-weight library usage
5.) Verify that the project is gem installable on Mac OSX and Ubuntu using at least RVM and maybe other Ruby managers if I have time.

I've detailed the issue for the upstream repo which I believe is the proper place to address the exceptions I'm seeing.

More details here:

https://github.com/todb/packetfu/issues/40

UDP Support