search

smxlabs / LAMMA-beta

Vulnerability Assessment and Auditing Framework for all the Crypto Implementations.
37 stars 16 forks source link

Few use cases #1

Open sashank opened 8 years ago

sashank commented 8 years ago

Few more use cases that would be nice to have

  1. Search for hard coded passwords in the code (not sure if it is supported).
  2. This guide might help in detecting some more coding errors in crypto implementations.
  3. A curated list of CVE's in authentication and cryptographic implementations could be checked against the code (some of their implementations to exploit those CVE's might be found on github etc.)
smxlabs commented 8 years ago

Thank you Shashank for Reaching me. Great to hear from you, great to know you had a look at Lamma.

  1. Currently Lamma doesn't look for coded passwords in the source, but it's a good point to include. Any plugin having this feature will have credits for you in it. I would request you to see if the regex catches what you have in mind.
  2. Thanks for sharing this resource. New updated plugins for Lamma will be covering many of these mistakes.
  3. Yes, the remote module will be receiving many new plugins which will have CVE based checks. If you can point me to exactly which CVEs you are talking about that will be a great help.

Lamma is just a small beginning. Lots of development is happening and will be making major updates in couple of weeks. Your suggestions, contributions will help the community to get more value out of it.

Thank you and please keep in touch. Ajit

ajit@securitymonx.com +91-9850-82-8882

On 7 Sep 2016 20:08, "Sashank" notifications@github.com wrote:

Few more use cases that would be nice to have

  1. Search for hard coded passwords in the code (not sure if it is supported).
  2. This guide might help https://cryptocoding.net/index.php/Coding_rules in detecting some more coding errors in crypto implementations.
  3. A curated list of CVE's in authentication and cryptographic implementations could be checked against the code (some of their implementations to exploit those CVE's might be found on github etc.)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/smxlabs/LAMMA-beta/issues/1, or mute the thread https://github.com/notifications/unsubscribe-auth/ASYC3TalP-tuLctKO60eE2CRcgbYyCCLks5qnsx8gaJpZM4J2_mA .

sashank commented 8 years ago
  1. Few ways to check for coded passwords , look for method calls to PBKDF2 or SCRYPT or any such password based methods of popular libraries like openssl, bountycastle etc , these methods are used to generate cryptographic keys from user driven passwords.
  2. Also database driver calls/scripts might have embedded passwords usually. It might be tricky to blanket cover all of these methods but we can try atleast popular database drivers.
  3. Also you could search for popular used simple passwords in the code . For example search for these strings (and their hashes) in the source code.
  4. Searching for popular crypto and authentication vulnerabilities could be tricky. I would attempt it is this way , take the CWE Id (310 , 287) for example and search for all the CVE's with CVSS score between, lets say 8 - 10 . Here is sample search query , you would get the most notorious ones like heartbleed etc. you could find some scripts on github done as POC for these Vulnerabilities, you could start with them .
smxlabs commented 8 years ago

Cool, those are good pointers for me to make progress.

Thanks a lot Shashank. ~Ajit

On 8 Sep 2016 19:34, "Sashank" notifications@github.com wrote:

  1. Few ways to check for coded passwords , look for method calls to PBKDF2 or SCRYPT or any such password based methods of popular libraries like openssl, bountycastle etc , these methods are used to generate cryptographic keys from user driven passwords.
  2. Also database driver calls/scripts might have embedded passwords usually. It might be tricky to blanket cover all of these methods but we can try atleast popular database drivers.
  3. Also you could search for popular used simple passwords in the code . For example search for these strings http://www.passwordrandom.com/most-popular-passwords (and their hashes) in the source code.
  4. Searching for popular crypto and authentication vulnerabilities could be tricky. I would attempt it is this way , take the CWE Id (310 , 287) for example and search for all the CVE's with CVSS score between, lets say 8 - 10 . Here is sample search query https://www.cvedetails.com/vulnerability-search.php?f=1&vendor=&product=&cveid=&cweid=310&cvssscoremin=8&cvssscoremax=10&psy=&psm=&pey=&pem=&usy=&usm=&uey=&uem= , you would get the most notorious ones like heartbleed etc. you could find some scripts on github done as POC for these Vulnerabilities, you could start with them .

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/smxlabs/LAMMA-beta/issues/1#issuecomment-245607754, or mute the thread https://github.com/notifications/unsubscribe-auth/ASYC3bmLPGyoXk-CTv7YfuSxY8sw0yQJks5qoBXogaJpZM4J2_mA .

sashank commented 8 years ago

Lets catchup some time i can give more brain dump etc.