Security Application Development Discussion
#1
Hello everyone! This is my first post! Feel free to call me Kudamono or くだもの(果物).

Recently, I've been working on a project in Python. This project is meant to be an easy tool for anyone to use getting started with computer hacking. It is more or less a bunch of demo attacks that anyone can test on their own computer networks to see how they work.

https://github.com/KudamonoHakka/NetworkSwissArmyKnife

Currently the features I have implemented are the following:
  • ARP-Spoofing, a Man in The Middle attack (user can config two targets and whether or not packets are blocked or not
  • Sniffing feature that records set traffic to pcap file (user can config wire-shark-like filter, with an optional packet limitation)
  •    Another feature similar to this, that instead measures amount of traffic over time
  • A DNS spoofing module (meant to be used in conjoint with the arp-spoofing module) <- Note, this module only works on Linux
  • A port scanning module (very simple, not at all quiet, port scanner)
My next plan is probably aim this towards a more general audience. To do that, my next planned module is going to monitor the traffic of different selected machines.

My question to everyone is,
    A) Do you have any recommendations on what would be cool to add to a project like this?
    B) What would a good download goal be at the end of development?

Disclaimer:
    THIS TOOL IS FOR EDUCATIONAL PURPOSES ONLY, I AM NOT RESPONSIBLE IN ANY WAY FOR ANY POOR CHOICES PEOPLE MAKE WITH THIS OPEN SOURCE PROJECT.

With that out of the way, thank you very much and have fun!
    --- 果物

Most recent thread message (2021, 7, 24):

Thank you everyone for the support of this project so far! I really appreciate the fact that people are actually
using this (and even some updating their versions as I release them).

I want this project to go more around about what everyone wants.
So please, if you have anything that you or anyone else would like to see implemented, make a quick post here
and I will for sure take a look at it.

Thank you everyone!

Most recent change log: (2021, 7, 18):

Fixed a bunch of bugs that needed to be fixed before hand (naming issues that made some instructions unclear).
Implemented new feature that records packet traffic over time (tested for windows, not too sure about Linux)

Please let me know of any bugs, either in this thread or in a PM. 
Thank you everyone and have fun!
Reply
#2
Welcome, Kudamono! Nice project you have over there.

A) As a student, my biggest problem is understanding buffer overflow failures. I don't know if it would be useful to include something about it. However, my biggest recommendation would be web scrapy. It's not a attack, of course. But following data leaks, I've noticed that scrapped data has become very common in the infosec communities.
B) I may not have understood the question well (I don't speak fluent English), but the best goal would be to fulfill your proposal. Whether it's learning in the process or making sure other people learn. The number of downloads may not reflect this well. xD
C) Personally, I would keep everything in one thread only. It is easier for those who are following the content to have all the links within easy reach. And whenever you post a reply with updates, update the first message as well, so it's even more organized.

I'm already interested, I'll be following wherever you decide to post.
Reply
#3
(07-05-2021, 04:53 PM)Corvo Wrote: I'm already interested, I'll be following wherever you decide to post.

Thank you very much for your interest! I'll be sure to keep updating this thread then.
I was imaging this to be more along the lines of a network security project.


You talking about buffer overflows maybe pops up an idea of a vulnerability scanner. However I'm not so sure how I would go about making such a thing.
I'll be sure to update the contents of the post according to what I might add/change later.

    --- 果物
Reply
#4
(07-05-2021, 03:23 AM)Kudamono Wrote: https://github.com/KudamonoHakka/NetworkSwissArmyKnife

Hello everyone! I'd like to mention I've made the github public now, anyone can view/edit/download my code.
Have fun!

If there are any bugs, feel free to post in the thread or pm me, I'll be sure to fix it.
Thank you!

    --- 果物
Reply
#5
Hello again! I see that I have gotten some clones of this project, I'll take that as people supporting the project and wanting to see more.

I'll next try to make a module that is similar to the first module (sniffing), but include a feature that more or less accounts how much traffic is coming from different machines (measured packets/time).

Another thing, I'm not sure if this is clear or not, but some of the modules you're meant to run at the same time.

For example, if you want to DNS Spoof or use the Sniffing module on a machine, you first have to run the Arp Spoofing module so that the computer traffic tunnels through yours first.

Have fun!

    --- 果物
Reply
#6
That means you have other people following, because I didn't cloned. But the repo are on my radar, gonna try to test it as soon as I can. o/
Reply
#7
(07-14-2021, 12:09 AM)Corvo Wrote: That means you have other people following, because I didn't cloned. But the repo are on my radar, gonna try to test it as soon as I can. o/

Feel free to use what ever I make at any time or go through the code! It's out there for anyone who wants to pick at it.
Reply
#8
I'm going to see if I can finish up the current module I'm working on and put it out there for every to use.

Please leave feedback on this project and I'll try my hardest to keep up with everyone!
Reply
#9
MAJOR UPDATE!

I'll go ahead and continuously update the main post, but in the master branch I made some major bug fixes (pretty embarrassing for the most part, pretty sure you can check change logs). Also what is notable is the next module I implemented.
If you have already downloaded this, be sure to update to a more fixed version!

Have fun,
    --- 果物
Reply
#10
(07-19-2021, 05:33 AM)Kudamono Wrote: MAJOR UPDATE!

I'll go ahead and continuously update the main post, but in the master branch I made some major bug fixes (pretty embarrassing for the most part, pretty sure you can check change logs). Also what is notable is the next module I implemented.
If you have already downloaded this, be sure to update to a more fixed version!

Have fun,
    --- 果物

Good luck with your tool kudamono Big Grin
There are a lot of similar tools out there, so if I were you I would focus on making it stand out. If you just want to learn it's all cool too!
Reply