![]()
Teatime - An RPC Attack Framework For Blockchain Nodes
2021-03-04 05:30:00
Author: www.blogger.com(查看原文)
阅读量:166
收藏
tag:blogger.com,1999:blog-8317222231133660547.post-49950657958120692912021-03-03T17:30:00.004-03:002021-03-03T17:30:03.967-03:00Teatime - An RPC Attack Framework For Blockchain Nodes<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-9AYEYkgjS1U/YD1mpteL8TI/AAAAAAAAVes/FrUdZUHt9Lg8oXhgTEHt0xNrbgs0YtTLACNcBGAsYHQ/s808/blockchain.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="490" data-original-width="808" height="388" src="https://1.bp.blogspot.com/-9AYEYkgjS1U/YD1mpteL8TI/AAAAAAAAVes/FrUdZUHt9Lg8oXhgTEHt0xNrbgs0YtTLACNcBGAsYHQ/w640-h388/blockchain.png" width="640" /></a></div><p><br /></p><p>Teatime is an RPC attack framework aimed at making it easy to spot misconfigurations in blockchain nodes. It detects a large variety of issues, ranging from information leaks to open accounts, and configuration manipulation.</p> <p>The goal is to enable tools <a href="https://www.kitploit.com/search/label/Scanning" target="_blank" title="scanning">scanning</a> for <a href="https://www.kitploit.com/search/label/Vulnerable" target="_blank" title="vulnerable">vulnerable</a> nodes and minimizing the risk of node-based attacks due to common vulnerabilities. Teatime uses a plugin-based architecture, so extending the library with your own checks is straightforward.</p> <p>Please note that this library is still a PoC and lacks documentation. If there are plugins you would like to see, feel free to contact me on Twitter!</p><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Installation</b></span><br /> <p>Teatime runs on Python 3.6+.</p> <p>To get started, simply run</p> <div><pre><code>$ pip3 install teatime</code></pre></div> <p>Alternatively, clone the repository and run</p> <div><pre><code>$ pip3 install .</code></pre></div> <p>Or directly through Python's <code>setuptools</code>:</p> <div><pre><code>$ python3 setup.py install</code></pre></div> <a name="user-content-example" target="_blank" title="An RPC attack framework for Blockchain nodes. (10)"></a> <br /><span style="font-size: large;"><b>Example</b></span><br /> <p>To get started, simply instantiate a <code>Scanner</code> class and pass in the target IP, port, node type, and a list of instantiated plugins. Consider the following sample to check whether a node is synced and mining:</p> <div><pre><code>from teatime.scanner import Scanner<br />from teatime.plugins.context import NodeType<br />from teatime.plugins.eth1 import NodeSync, MiningStatus<br /><br />TARGET_IP = "127.0.0.1"<br />TARGET_PORT = 8545<br />INFURA_URL = "Infura API Endpoint"<br /><br />def get_scanner():<br /> return Scanner(<br /> ip=TARGET_IP,<br /> port=TARGET_PORT,<br /> node_type=NodeType.GETH,<br /> plugins=[<br /> NodeSync(infura_url=INFURA_URL, block_threshold=10),<br /> MiningStatus(should_mine=False)<br /> ]<br /> )<br /><br />if __name__ == '__main__':<br /> scanner = get_scanner()<br /> report = scanner.run()<br /> print(report.to_dict())</code></pre></div> <p>Check out the examples directory for more small samples! Teatime is fully typed, so also feel free to explore options in your IDE if reading the documentation is not your preferred choice. :)</p> <a name="user-content-future-development" target="_blank" title="An RPC attack framework for Blockchain nodes. (11)"></a> <br /><span style="font-size: large;"><b>Future Development</b></span><br /> <p>The future of Teatime is uncertain, even though I would love to add broader checks that go beyond RPC interfaces, specifically for technologies such as:</p> <ul> <li>Ethereum 2.0</li> <li>Filecoin</li> <li>IPFS</li> </ul> <p>If you want to integrate plugins for smaller, less meaningful chains such as <a href="https://www.kitploit.com/search/label/Bitcoin" target="_blank" title="Bitcoin">Bitcoin</a> or <a href="https://www.kitploit.com/search/label/Ethereum" target="_blank" title="Ethereum">Ethereum</a> knock-offs, feel free to fork the project and integrate them separately.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/dmuhs/teatime" rel="nofollow" target="_blank" title="Download Teatime">Download Teatime</a></span></b></div>Zion3R[email protected]
文章来源: http://www.blogger.com/feeds/8317222231133660547/posts/default/4995065795812069291
如有侵权请联系:admin#unsafe.sh