LAMMA Framework
Vulnerability Assessment and Auditing Framework for all the Crypto Implementations.
LAMMA Framework (beta) aims to be a comprehensive suite for auditing cryptography, PKI and related implementations.
Features :
Simple : User need not have deep understanding of cryptography to use this framework. It should be intutive and simple to use with minimu learning.
Extensible : The framework should be extensible. User community should be able to extend the functionalities easily by adding custom plugins.
Indipendent : The framework itself uses OpenSSL & python wrappers over it but can be used to test the Cryptography, PKI & related implementations, independent of the technology used like (Java, NSS, GnuTLS, SChannel )to engineer them.
Automation : “Large scale assessment of the crpto-implementation, with ease” is our prime focus behind the design of this framework
LAMMA (beta) supports 4 major modules
REMOTE
CRYPTO
TRUST
SOURCE
REMOTE
Module scans remote Hosts for SSL/TLS configuration, and reports any gap, vulnerabilities discovered.
Primary Checks :
SSL/TLS version, session management & server configurable parameters
Checks for use of vulnerable/depricated cipher suites
Server certificate Test
Verification Type (EV/OV/DV)
Time line analysis of applicable SSL/TLS vulnerabilities
Verification, validation
Information Leaks
Common Modulus
Signature algorithm strength
Alternate Names
CRYPTO
This Module checks the various crypto primitives generated by any underlying framework for Quality, backdoor & sanity. Few of
Primary Checks :
Quality Test for Random Number Generated
Sanity Checks for shared Prime numbers in multiple RSA keys
Safe and Strong Prime test
Shared modulus test
MalSha, Malformed Digest Test
TRUST
Module checks various trust and key stores for – insecure Private keys and untrusted certificates.
Primary Checks:
Private Keys
Stored with/without encryption
Access permission
Track multiple instances
Extract Prime for CRYPTO Module test
Public Key
Extract Modulus for CRYPTO Module test
Track multiple instances
Certificates
Check in trutsted store & CRL
List pinned & untrusted certificate
Track multiple instances
Verification, Time line analysis common with REMOTE Module
SOURCE
Module is primalry to enforce “Cryptography Review Board” recommendations of your organisation. This module scans source code for use of insecure and depricated cryptographic schemes.
Depricated Schemes
MD Family hashing schemes
SHA/SHA1 hashes
ECB/CBC block cipher mode
rand() or /dev/rand functions
Weak Schemes (Backdoored Schemes)
Dual_EC_DRBG
prime2566v1
p224r1
secp384r1
< More weaker/backdoored schemes
Dependencies :
LAMMA needs few Python packes for its functioning. List of the packages required are :
cmd2 – Runs the custom shell of Lamma
pip install cmd2
subprocess – Invoke Openssl or other scripts
pip install subprocess
pyOpenSSL – Wrapper over OpenSSL
pip install openssl
Using LAMMA
LAMMA.py kicks off the framework, with a welcome screen and leads to LAMMA prompt
$> python LAMMA.py
__ _____ _____ _____ _____
| | | _ | | | _ |
| |__| | | | | | | | |
|_____|__|__|_|_|_|_|_|_|__|__|
(BETA)
Vulnerability Assessment and Auditing Framework
for all the Crypto Implementations.
(An Open Source Project)
by
SECURITY MONX
LAMMA :
You can view micro help on each of the module using “help module” command
LAMMA : help trust
Scans a given trust/key stored for - untrusted certs, insecure private keys,
LAMMA : help source
Scans the source code for known weak or backdoored functions
LAMMA : help crypto
Generate keys, hashes, random number under various schemes for a given counts
LAMMA : help remote
Scans the remote host and reports the SSL/TLS configuration profile & applicable vulnerabilities
LAMMA :
Download
