CBPen

Cloud Blazers Penetration Testing Tool

Project checklist

✓ Must provide a web based or mobile app based interface.

✓ User enters a range of IP addresses to scan, and selects from many different scanning options.

✓ The cloud based server/monitor then splits the IP address ranges and distributes the task across multiple (at least 3) virtual machines, SQS can be used to send the tasks to the scanner virtual machines.

✓ Each of the scanner virtual machines performs a scan for the range of IP addresses given and sends the scan result back to the monitor.

✓ The monitor combines reports from multiple scanners and prepares a central report.

✓ Must support multiple concurrent users and require user authentication.

Features

• Scan top ports
• Scan services
• Scan operating systems
• List subdomains
• Scan SSL certificates
• Expose vulnerabilities associated with the network (ports, OS, etc)
• Mitigation tool for developers to slow down the attacker
• Utilize multiple VMs in parallel reducing scan time and analysis
• Analytics report of all the scanning events
• Require authentication using cloud database technologies

Demonstration video

Presentation

Powerpoint presentation of CBPen

Execution time comparison

Comparison between parallel and nonparallel execution time. The time is measured in seconds.

Scan type	Number of sites	Parallel execution time	Nonparallel execution time
Port	6	3.29	11.93
Services and operating systems	6	39.88	161.02
Subdomains and SSL certificates	6	30.27	87.58

System design:

• Scanning tool:

  • Nmap - "Network Mapper" open source tool for network discovery & security auditing​
  • Sublist3r - Subdomain listing tool
  • SSLyze - SSL/TLS scanning tool
  • TLS-Parser - Parse TLS information
  • Requests - Gather metadata from the hosts

• Web application:

  • Python & Flask - Provides REST APIs for concurrent scanning from multiple VMs
  • SQLAlchemy - SQL Object Relational Mapper
  • Cryptography - Used for cryptographic algorithms and encryptions/decryptions
  • Dotenv - Sets environment variables based on the development or production environment
  • Bootstrap & jQuery - Used for developing responsive frontend
  • Docker with docker-compose - Creates docker containers for OS independent execution

• Cloud architecture:

Local Setup

Requirements

• Python 3
• Pip
• nmap: Windows users should download and install latest stable release self-installer nmap-7.92-setup.exe
• Internet connection

Install dependencies

• Clone the repository.
• Open a terminal / powershell in the cloned repository.
• Create a virtual environment and activate it. If you are using Linux / Mac.
• Based on your version of python you may have use the command py in place of python3 or python in the following commands:

python3 -m venv venv
source venv/bin/activate

Create and activate venv in Windows (Tested in Windows 10):

python -m venv venv
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
.\venv\Scripts\Activate.ps1

After activate the terminal / powershell will have (venv) added to the prompt.

• Check pip version:

pip --version

It should point to the pip in the activated venv.

• Install required packages:

pip install -r requirements.txt

Run the project

• Activate the venv if not activated: Linux / Mac:

source venv/bin/activate

Windows:

.\venv\Scripts\Activate.ps1

• To run the project call flask run command. It will invoke the environment variables which are set in .flaskenv file:

flask run

• Look for localhost url and paste into any internet browser:

Docker Setup

Requirements

• Docker
• Docker compose

Run the project

• Run the project using the following command:

docker-compose build --no-cache
docker-compose up --force-recreate

• Access the web application from: http://localhost:5000/
• Down the project:

docker-compose down

Clean docker

• Check the running images:

docker ps -a

• Remove any stopped containers and all unused images:

docker system prune -a

Clean package list

• List currently installed packages in a file:

pip freeze > uninstall.txt

• Uninstall everything recursively:

pip uninstall -r uninstall.txt -y

• Delete the uninstalled package list file:

rm uninstall.txt

• Install everything recursively:

pip install -r requirements.txt

Sample of getting JSON API response:

• Get ports information of "example.com" or an IP:

http://127.0.0.1:5000/portsjson?site=example.com
http://127.0.0.1:5000/portsjson?site=93.184.216.34

• Get service information of "example.com" or an IP:

http://127.0.0.1:5000/servicesjson?site=example.com
http://127.0.0.1:5000/servicesjson?site=93.184.216.34

• Get subdomain and SSL information of "example.com" (No IP address is allowed):

http://127.0.0.1:5000/subdomainsjson?site=example.com

Developer notes

• After adding a new model, create an instance in db:

from app import db
db.create_all()

• Update the VM's address in configuration.py file.

Cloud Blazers Team

• William Austin
• Andrew Balfour
• Jeremy Crown
• Trina Lin
• Ahmedur Rahman Shovon

Reference

• Docker compose tutorial
• How To Remove Docker Images, Containers, and Volumes
• Writing a Basic Port Scanner in Python
• Icons class in template
• Virtual environments for Flask app
• Python3 nmap package
• Python nmap package
• Latest stable release self-installer nmap-7.92-setup.exe
• Sublist3r package
• sslyze documentation
• Requests future package
• Jinja template documentation
• Flask SQLAlchemy documentation