Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Stars: ✭ 45 (-48.86%)

Mutual labels: penetration-testing

auto-recon-ng

Automated script to run all modules for a specified list of domains, netblocks or company name

Stars: ✭ 17 (-80.68%)

Mutual labels: penetration-testing

STEWS

A Security Tool for Enumerating WebSockets

Stars: ✭ 154 (+75%)

Mutual labels: penetration-testing

Red-Rabbit-V4

The Red Rabbit project is just what a hacker needs for everyday automation. Red Rabbit unlike most frameworks out there does not automate other peoples tools like the aircrack suite or the wifite framework, it rather has its own code and is raw source with over 270+ options. This framework might just be your everyday key to your workflow

Stars: ✭ 123 (+39.77%)

Mutual labels: penetration-testing

View All Similar Projects ➔

Teatime - A Blockchain RPC Attack Framework

https://codecov.io/gh/dmuhs/teatime/branch/master/graph/badge.svg?token=RP0WZ6NXUP

Deployed a node? Have a cup.

Teatime is an RPC attack framework aimed at making it easy to spot misconfigurations in blockchain nodes. It detects a large variety of issues, ranging from information leaks to open accounts, and configuration manipulation.

The goal is to enable tools scanning for vulnerable nodes and minimizing the risk of node-based attacks due to common vulnerabilities. Teatime uses a plugin-based architecture, so extending the library with your own checks is straightforward.

Please note that this library is still a PoC and lacks documentation. If there are plugins you would like to see, feel free to contact me on Twitter!

Installation

Teatime runs on Python 3.6+.

To get started, simply run

$ pip3 install teatime

Alternatively, clone the repository and run

$ pip3 install .

Or directly through Python's setuptools:

$ python3 setup.py install

Example

To get started, simply instantiate a Scanner class and pass in the target IP, port, node type, and a list of instantiated plugins. Consider the following sample to check whether a node is synced and mining:

from teatime.scanner import Scanner
from teatime.plugins.context import NodeType
from teatime.plugins.eth1 import NodeSync, MiningStatus

TARGET_IP = "127.0.0.1"
TARGET_PORT = 8545
INFURA_URL = "Infura API Endpoint"

def get_scanner():
    return Scanner(
        ip=TARGET_IP,
        port=TARGET_PORT,
        node_type=NodeType.GETH,
        plugins=[
            NodeSync(infura_url=INFURA_URL, block_threshold=10),
            MiningStatus(should_mine=False)
        ]
    )

if __name__ == '__main__':
    scanner = get_scanner()
    report = scanner.run()
    print(report.to_dict())

Check out the examples directory for more small samples! Teatime is fully typed, so also feel free to explore options in your IDE if reading the documentation is not your preferred choice. :)

Future Development

The future of Teatime is uncertain, even though I would love to add broader checks that go beyond RPC interfaces, specifically for technologies such as:

Ethereum 2.0
Filecoin
IPFS

If you want to integrate plugins for smaller, less meaningful chains such as Bitcoin or Ethereum knock-offs, feel free to fork the project and integrate them separately.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

dmuhs / teatime

Programming Languages

Labels

Projects that are alternatives of or similar to teatime

Teatime - A Blockchain RPC Attack Framework

Deployed a node? Have a cup.

Installation

Example

Future Development