claudijd / bnat Goto Github PK
View Code? Open in Web Editor NEW"Broken NAT" - A suite of tools focused on detecting and interacting with publicly available BNAT scenerios
License: Other
"Broken NAT" - A suite of tools focused on detecting and interacting with publicly available BNAT scenerios
License: Other
port code and instructions to reflect 1.9
A tool that could be used to quickly create virtualized and portable instances of basic to advanced versions of BNAT.
IP + Port + Seq
Need to make BNAT-Scan a bit more user friendly.
Considering this: http://www.gns3.net/
Considering this: http://www.gambitcomm.com/site/index.shtml
Still looking for additional ideas. Feel free to recommend something else, but it needs to be supportable in VMWare and needs to be networkable and not just a lame console only tool.
NSE Integration
UDP Support
This is a multi-part issue. When I originally created BNAT (aka: BNAT-Suite) I failed to make it easy for people to gem install the project and start using the binaries.
This ticket is to address these concerns and will not be closed until I'm confident that most users could gem install the project and begin scanning for BNAT in seconds.
Here are some of the things I had on my list of things to do:
1.) Remove the ruby extensions on the "binaries"
2.) Rename the binaries to follow ruby conventions ("_"s not "-"s)
3.) Fix usability concerns with interface lookups (PacketFu, Pcaprub, Libcpap)
* lookupdev in libpcap (issue created, discussion ongoing)
* whoami in packetfu (pull sent)
* others as I come across them
4.) Make the binaries mostly just options and pretty light-weight library usage
5.) Verify that the project is gem installable on Mac OSX and Ubuntu using at least RVM and maybe other Ruby managers if I have time.
The "What this is about" link is broken in README.md
Add IPv6 support
provide a summary of the scan results and scan performance when complete.
-how many scanned?
-how many with BNAT?
-how long did it take?
....
Need to integrate progress bar module to show in scan status
Fixed in 'develop' branch.
BNAT-Scan in MSF is still the original PoC code, needs to be updated with seq tracking to prevent FP's
Add instructions for BT5
IP + Seq
1.) Create a BNAT challenge with commonly exploitable service(s)
2.) Have levels of difficulty and report the results
IP + Port
Need to drop hardcoded int variable in capture and write to wire sequences for those (including me) who are not using eth0 as their scanning interface.
BNAT-Router code is currently not supported for remote networks just yet. I need to add local routing table support for remote networks.
Implement seqnum/srcport tracking within each port attempt to severely reduce the chance of collisions and drop the no outbound communication warning during the scanning process.
I've detailed the issue for the upstream repo which I believe is the proper place to address the exceptions I'm seeing.
More details here:
need to add log to file command line switch
Metasploit Integration
Processing from the wire or from pcap are really slow using packetfu.
Consider dropping packefu for the flow handling and only use it for parsing packets that we know we're interested in.
Expected performance gain of doing this will be substancial.
Example: 130mb PCAP takes 373.163299 seconds with PacketFu, the same PCAP can be loaded in ffi-pcap in 5 seconds.
This should significantly improve any sort of live BNAT communications on the wire and most importantly will improve handling of raw pcaps for bnat-pcap and for specs.
Got this with handshake tool, needs methods ported to router code to make transparent.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.