Monday, June 5, 2017

LAMMA Framework

1:02 PM Leave a Reply

LAMMA Framework

Vulnerability Assessment and Auditing Framework for all the Crypto Implementations.

       LAMMA Framework (beta) aims to be a comprehensive suite for auditing cryptography, PKI and related implementations.





Features :

Simple : User need not have deep understanding of cryptography to use this framework. It should be intutive and simple to use with minimu learning.
Extensible : The framework should be extensible. User community should be able to extend the functionalities easily by adding custom plugins.
Indipendent : The framework itself uses OpenSSL & python wrappers over it but can be used to test the Cryptography, PKI & related implementations, independent of the technology used like (Java, NSS, GnuTLS, SChannel )to engineer them.
Automation : “Large scale assessment of the crpto-implementation, with ease” is our prime focus behind the design of this framework


LAMMA (beta) supports 4 major modules

REMOTE
CRYPTO
TRUST
SOURCE


REMOTE

Module scans remote Hosts for SSL/TLS configuration, and reports any gap, vulnerabilities discovered.

Primary Checks :

SSL/TLS version, session management & server configurable parameters
Checks for use of vulnerable/depricated cipher suites
Server certificate Test
Verification Type (EV/OV/DV)
Time line analysis of applicable SSL/TLS vulnerabilities
Verification, validation
Information Leaks
Common Modulus
Signature algorithm strength
Alternate Names


CRYPTO

This Module checks the various crypto primitives generated by any underlying framework for Quality, backdoor & sanity. Few of

Primary Checks :

Quality Test for Random Number Generated
Sanity Checks for shared Prime numbers in multiple RSA keys
Safe and Strong Prime test
Shared modulus test
MalSha, Malformed Digest Test


TRUST

Module checks various trust and key stores for – insecure Private keys and untrusted certificates.

Primary Checks:

Private Keys
Stored with/without encryption
Access permission
Track multiple instances
Extract Prime for CRYPTO Module test
Public Key
Extract Modulus for CRYPTO Module test
Track multiple instances
Certificates
Check in trutsted store & CRL
List pinned & untrusted certificate
Track multiple instances
Verification, Time line analysis common with REMOTE Module


SOURCE

Module is primalry to enforce “Cryptography Review Board” recommendations of your organisation. This module scans source code for use of insecure and depricated cryptographic schemes.

Depricated Schemes
MD Family hashing schemes
SHA/SHA1 hashes
ECB/CBC block cipher mode
rand() or /dev/rand functions
Weak Schemes (Backdoored Schemes)
Dual_EC_DRBG
prime2566v1
p224r1
secp384r1
< More weaker/backdoored schemes


Dependencies :

LAMMA needs few Python packes for its functioning. List of the packages required are :

cmd2 – Runs the custom shell of Lamma
pip install cmd2
subprocess – Invoke Openssl or other scripts
pip install subprocess
pyOpenSSL – Wrapper over OpenSSL
pip install openssl


Using LAMMA

LAMMA.py kicks off the framework, with a welcome screen and leads to LAMMA prompt

    $> python LAMMA.py
                                 __    _____ _____ _____ _____
                                |  |  |  _  |     |     |  _  |
                                |  |__|     | | | | | | |     |
                                |_____|__|__|_|_|_|_|_|_|__|__|

                                            (BETA)


                        Vulnerability Assessment and Auditing Framework
                              for all the Crypto Implementations.


                                   (An Open Source Project)

                                              by

                                        SECURITY MONX




    LAMMA :
You can view micro help on each of the module using “help module” command

    LAMMA : help trust
          Scans a given trust/key stored for -  untrusted certs, insecure private keys,


    LAMMA : help source
      Scans the source code for known weak or backdoored functions


    LAMMA : help crypto
      Generate keys, hashes, random number under various schemes for a given counts


    LAMMA : help remote
      Scans the remote host and reports the SSL/TLS configuration profile & applicable vulnerabilities


    LAMMA :

Download

0 comments :