On-The-Fly – Tool Which Gives Capabilities To Perform Pentesting Tests In Several Domains (IoT, ICS & IT)

 ▒█████   ███▄    █     ▄▄▄█████▓  ██░ ██  ▓█████       █████  ██▓   ▓██   ██▓
▒██▒ ██▒ ██ ▀█ █ ▓ ██▒ ▓▒▒▓██░ ██ ▓█ ▀ ▓██ ▓██▒ ▒██ ██▒
▒██░ ██▒▓██ ▀█ ██▒ ▒ ▓██░ ▒░░▒██▀▀██ ▒███ ▒████ ▒██░ ▒██ ██░
▒██ ██░▓██▒ ▐▌██▒ ░ ▓██▓ ░ ░▓█ ░██ ▒▓█ ▄ ░▓█▒ ▒██░ ░ ▐██▓░
░ ████▓▒░▒██░ ▓██░ ▒██▒ ░ ░▓█▒░██▓▒░▒████ ▒░▒█░ ▒░██████ ░ ██▒▓░
░ ▒░▒░▒░ ░ ▒░ ▒ ▒ ▒ ░░ ▒ ░░▒░▒░░░ ▒░ ░ ▒ ░ ░░ ▒░▓ ██▒▒▒
░ ▒ ▒░ ░ ░░ ░ ▒░ ░ ▒ ░▒░ ░░ ░ ░ ░ ░ ░░ ░ ▒ ▓██ ░▒░
░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ▒ ▒ ░░
░ ░ ░ ░ ░ ░░ ░ ░ ░ ░ ░ ░

Different technologies and paradigms are hyperconnected and offer advances to society. The usage of other technologies among these devices makes security uneven. When facing a pentest in any environment, one major factor is the network. The network interconnects the world of the Internet of Things, the world of industrial control systems, and information technology. This README introduces the ‘on-the-fly’ tool, which gives capabilities to perform pentesting tests in several domains (IoT, ICS & IT). It is an innovative tool by bringing together different worlds sharing a common factor: the network.

Prerequisities

‘on-the-fly’ was written in Python and made extensive use of Scapy and netfilterqueue. It is crucial to have Scapy in Python and netfilterqueue installed with a compatible version of Python. For this, a version of Python 3 up to Python version 3.7.5 is recommended (and no higher, as there may be incompatibilities with 3.8 and 3.9 in some libraries that it uses ‘on-the-fly’). There is a requirements.txt file that must be executed the first time the tool is launched using ‘pip install -r requirements.txt’. Again the pip version must be oriented to a Python 3 version up to 3.7.5.

pip install -r requirements.txt

Usage

python on-the-fly.py

Example videos

on-the-fly: MySQL_manipulation Module

on-the-fly: SSDP_fake Module

on-the-fly: Proxy_socks4 Module

on-the-fly: Port_forwarding Module

on-the-fly: MDNS_Scan Module

Contact

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. WHENEVER YOU MAKE A CONTRIBUTION TO A REPOSITORY CONTAINING NOTICE OF A LICENSE, YOU LICENSE YOUR CONTRIBUTION UNDER THE SAME TERMS, AND YOU AGREE THAT YOU HAVE THE RIGHT TO LICENSE YOUR CONTRIBUTION UNDER THOSE TERMS. IF YOU HAVE A SEPARATE AGREEMENT TO LICENSE YOUR CONTRIBUTIONS UNDER DIFFERENT TERMS, SUCH AS A CONTRIBUTOR LICENSE AGREEMENT, THAT AGREEMENT WILL SUPERSEDE.

This software doesn’t have a QA Process. This software is a Proof of Concept.

If you have any problems, you can contact:

ideaslocas@telefonica.com

Ir0jOgIne4w

click here to read full Article

Read More on Pentesting Tools

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: