Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/s4dhulabs/vimana-framework
Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.
https://github.com/s4dhulabs/vimana-framework
application-security devsecops django-application django-security django-template-language django-templates experimental flask-security hacking hacking-framework hacking-tool hackingtools information-security python-security python3-application secops security-framework
Last synced: 2 months ago
JSON representation
Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.
- Host: GitHub
- URL: https://github.com/s4dhulabs/vimana-framework
- Owner: s4dhulabs
- License: gpl-3.0
- Created: 2021-08-26T18:16:22.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-09-18T18:41:08.000Z (3 months ago)
- Last Synced: 2024-09-28T16:40:12.227Z (2 months ago)
- Topics: application-security, devsecops, django-application, django-security, django-template-language, django-templates, experimental, flask-security, hacking, hacking-framework, hacking-tool, hackingtools, information-security, python-security, python3-application, secops, security-framework
- Language: Python
- Homepage:
- Size: 7.13 MB
- Stars: 64
- Watchers: 4
- Forks: 9
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - s4dhulabs/vimana-framework - Vimana is an experimental security framework that aims to provide resources for auditing Python web applications. (Python)
README
[](https://www.python.org/downloads/)
[](https://www.linux.org/)
## Overview
Vimana is a modular security framework designed to audit Python web applications using different and sometimes uncommon approaches.
In the beginning, the main goal behind this framework was to act as a web fuzzer to identify Python exceptions. That was the core idea. Later it became just another feature that can be invoked by other siddhis or directly via command line with ```vimana run --plugin ```. In the current releases, there are available module types like:
* persistence
* crawlers
* trackers
* exploits
* fuzzers
* parses
* audit
Lately, Vimana is walking to its maturity while a Framework with a robust core to support modularization, various integrations, and post-analysis features to enrich security assessments. In addition, many new siddhis (vimana plugins) are consistently being researched and developed.
Vimana aims not to take a side as a defensive or offensive tool. Instead, the motivation here is to mix those both perspectives, allowing a software developer to audit their projects, for example, and give offensive, security engineer, and bug hunter folks a great resource to their arsenals.
With time, this project has revealed some promising capabilities to support security research related to Python Frameworks and applications, and it has recently been one of the current studies. In other words, research about how to support research goals. Quite meta-research stuff. I have no idea where it goes, but I've some clues, and it is worth it.
## Getting Started
Follow the [installation guide](https://github.com/s4dhulabs/vimana-framework/blob/main/doc/install.md) to get started with Vimana. After finishing the setup successfully, your terminal should look like this:
```text
˙ ٭ . ˖
. :. *
: └┐'┌┘ . : .
└┐// ' \\┌┘
¨⣠⠛⠛⠛⠛⠛---=======---⠛⠛⠛⠛⠛⣄ .'
.::::__\├ ┤/⠛⠛⣄⣇⣷\├ ┤/__::::.
'-'\_____/'-' v0.8 ⣄
:: '│.│.│' .
about ◍◍ About the framework
flush ◍◉ Remove a recorded resource
guide ◎◎ Show plugin usage examples and args
info ◉◉ Show information about plugins
list ◎◍ List available plugins
load ◉◎ Load a recorded session (post-analysis)
run ◉◉ Run a resource, plugin or case
start ◉◎ Start Vimana in a interactive mode
(vimana_env) ➟
```
At this point, if you try to run a plugin, you're going to see the following:
```text
* `'´ *
˙ ٭. ˖
__'__'__ ,
˖ `''´ ˙ ٭ . ˖
-o-
' .* o . *
o ˖ |
. -O- `ç´
. | * ' . -0-
* o . ' * .
˖ ˖
You haven't populated the database yet. Please run the following to fix it:
vimana load --plugins
```
With that, you have the framework itself ready. The last step is to load Vimana plugins. You can do this by running:
```bash
$ vimana load --plugins
˙ ٭ . ˖
. :. *
: └┐'┌┘ . : .
└┐// ' \\┌┘
¨⣠⠛⠛⠛⠛⠛---=======---⠛⠛⠛⠛⠛⣄ .'
.::::__\├ ┤/⠛⠛⣄⣇⣷\├ ┤/__::::.
'-'\_____/'-' v0.8 ⣄
:: '│.│.│' .
⠞⠓⠊⠎ Abducting dmt: Django Misconfiguration Tracker ...
```
It will register all vimana plugins. At the end of this process, the framework will show a table with all available modules loaded:
```python
þ
* `'´ *
˙ ٭. ˖
__'__'__ ,
˖ `''´ ˙ ٭ . ˖
-o-
' .* o . *
o ˖ |
. -O- `ç´
. | * ' . -0-
* o . ' * .
˖ ˖
+---------------------------------------------------------------------------------------------------------+
| siddhis |
+----------+-------------+-----------+--------------------------------------------------------------------+
| Name | Type | Category | Info |
+----------+-------------+-----------+--------------------------------------------------------------------+
| djunch | fuzzer | framework | application fuzzer for django framework |
| 2pacx | exploit | package | remote code execution via insecure file extraction |
| prana | tracker | framework | utility to retrieve cve ids from the official django security page |
| dmt | tracker | framework | tracks and exploits misconfigurations in django applications |
| flame | parser | framework | traceback parser for flask applications |
| sttinger | fingerprint | framework | identify the framework version in a passive way |
| jungle | audit | framework | brute force utility to audit django administration portal |
| viwec | crawler | discovery | simple web crawler utility |
| atlatl | persistence | framework | capture, authenticate, and persist flask debug console sessions. |
| viewscan | audit | framework | simple static analysis utility for django views |
| tictrac | tracker | framework | track bug tickets in django ticket system |
+----------+-------------+-----------+--------------------------------------------------------------------+
```
## Getting information about a module
Done that, you can get information about what a vimana module is about by running ```vimana info```, for example, with 2pacx module, an exploit one you'll do
```python
$ vimana info --module 2pacx
Name 2pacx
Author s4dhu
Examples:
# Show full DMT plugin guide
$ vimana guide --module dmt
$ vimana guide -m dmt
# Show DMT plugin arguments
$ vimana guide --module DMT -args
$ vimana guide -m dmt -a
# Show only usage examples
$ vimana guide --module dmt --examples
$ vimana guide -m dmt -e
# Show lab setup tips:
$ vimana guide -m dmt --labs
$ vimana guide -m dmt -l
```
This command is responsible for guiding you through usage, options, and tips to get started.
### Module required arguments
```python
$ vimana guide --module dmt --args
ø----------------------------------------------------------------------ø
│└┐└│└┘┌┐│└└┘┌┐┘└┘└┐└┘│└┐┘││└┘│- DMT ARGS ┐│││││├┤┘│││┤└┘││└┐└┘│┌┌┐└│┐
ø-----------+----------------------------------------------------------ø
│ target └┐ │
+------------+---------------------------------------------------------+
--target Run DMT against a single target
--target-list Run DMT against a target list (comma separated)
--file Run DMT loading scope from a file
+-----------+----------------------------------------------------------+
│ port └┐ │
+------------+---------------------------------------------------------+
--port Setting a single port for the target
--port-list Setting a port-list (comma separated)
--port-range Setting a range of ports for each target
--ignore-state Ignore port status checks
+-----------+----------------------------------------------------------+
│ autoload └┐ │
+------------+---------------------------------------------------------+
--nmap-xml Load the scope from nmap xml file
--docker-scope Load the scope from Docker environment
+-----------+----------------------------------------------------------+
│ modes └┐ │
+------------+---------------------------------------------------------+
--extended-scope Run DMT in sample mode with extended scope
--exit-on-trigger Run in default mode exiting on first exception
--sample Run DMT in silent sample mode
+-----------+----------------------------------------------------------+
│ options └┐ │
+------------+---------------------------------------------------------+
--save-session Save analysis results as a interactive session
--verbose Enable verbosity (not enabled in sample mode)
--debug Enable debug messages (not enabled in sample mode)
--auto Enable auto-confirmation (default on sample mode)
* You can also see some examples with `vimana guide -m DMT -e`
```
### Module usage examples
```python
$ vimana guide -m dmt --examples
ø----------------------------------------------------------------------ø
⠞⠓⠊⠎:⠞⠓⠎⠞⠎-⠞⠊⠞⠓~⠊⠎⠞⠓⠊⠎└┐ DMT GUIDE ⠞⠓⠊⠎.~⠞⠎⠞⠓⠊⠓⠊::::::⠞⠓⠊-⠞⠓⠊⠎
ø---------------------└┘-----------------------------------------------ø
Run DMT in (default) analytical mode (all occurrences)
against a specific target and port, enabling debug mode:
$ vimana run -m dmt -t djapp1.vmnf.com -p 8000 --debug
ø----------------------------------------------------------------------ø
Run DMT against a list of targets on a specific port
with sample mode enabled. This mode will suppress all
debug or verbose messages focused on triggering just one
exception. It aims to be fast once we're looking for
a single sample instead of analytical mode (default),
which looks for all unique occurrences:
$ vimana run \
--module dmt \
--target-list 127.0.0.1, 192.168.1.161 \
--port 9001 \
--sample
ø----------------------------------------------------------------------ø
Creating a case setting DMT against a list of targets and
ports enabling auto-confirmation, verbose and running the
case with name 'djapps':
$ vimana run \
--module dmt \
--target-list 127.0.0.1, 192.168.1.161, djapp1.vmnf.com\
--port-list 8888,9001,8000,5001 \
--verbose \
--auto \
--save-case djapps \
--exec-case
ø----------------------------------------------------------------------ø
```
### Module lab tips
```python
$ vimana guide -m dmt --labs
ø----------------------------------------------------------------------ø
│└┘⠞⠓┌┐│└⠞⠓└┘┌⠞⠓┐┌┘.┌⠞⠓┬┐.└┐┘│ LAB SETUP ┘└┐│.└┘.┌┐│⠞⠓│┬.│⠞└┘┌┬┐└┐┌.│
ø----------------------------------------------------------------------ø
Even though there are many ways to test DMT, I encourage
you to set up a test environment using some Django
open-source projects available on GitHub. Also, you can
easily find many interesting images on Docker Hub to run
DMT against it. Check it out: https://hub.docker.com
If you're running DMT for the first time, I recommend
using this purposefully vulnerable Django application
provided by nVisium:
https://github.com/nVisium/django.nV
You can simply follow the steps bellow to setup a test env
using django.nV:
$ git clone https://github.com/nVisium/django.nV.git
$ export PYTHONPATH="/usr/local/lib/python3.4/site-packages"
$ virtualenv -p python3 ~/django.nV_venv
$ source ~/django.nV_venv/bin/activate
$ cd django.nV
$ pip install -r requirements.txt
$ ./reset_db.sh
$ ./runapp.sh
In another terminal start DMT with debug and save-session
enabled:
$ vimana run \
--module dmt \
--target localhost \
--port 8000 \
--debug \
--save-session
In case you have not set Vimana using set_env script:
$ python3 vimana.py run \
--module dmt \
--target localhost \
--port 8000 \
--debug
* args: `vimana guide -m dmt -a`
```
## Under active development:
|**Resource**| **Type** | **Category** | **Focus** | **Status**
| :-----: | :-----: | :-----: | :-----: | :-----:
| caiman | Plugin | Exploitation/Scanner| SSTI | :mage_man: In progress...
| vfte | Templates|Template engine | Python CVEs | :spider_web: Designing...
| d4m8 | Plugin| Fuzzer | PyApps Forms | 👾: Done!
| engine | Framework| Plugins | Refactory | 👾: Done!
| guides | Framework| Plugins | Docs | 👾: Done!