diff --git a/.idea/enteletaor.iml b/.idea/enteletaor.iml index e98082a..72b7ad5 100644 --- a/.idea/enteletaor.iml +++ b/.idea/enteletaor.iml @@ -1,7 +1,10 @@ - + + + + diff --git a/ATTACKS.md b/ATTACKS.md new file mode 100644 index 0000000..71de592 --- /dev/null +++ b/ATTACKS.md @@ -0,0 +1,22 @@ +# Attacks + +This document recopile implemented attacks by Enteletaor. + +## Specific by broker/MQ + +Some attacks only can be done in specific software. Here the list of them: + +## Redis + +#. Poisoning cache +#. Execute remote script + +## Common attacks + +These attacks can be executed in all of brokers/MQ: + +#. Read remote info +#. Looking for sensible information (i.e. user/password) +#. Remote command injection +#. Listing remote process + diff --git a/enteletaor_lib/modules/__init__.py b/enteletaor_lib/modules/__init__.py index 19ec6cd..06d2eae 100644 --- a/enteletaor_lib/modules/__init__.py +++ b/enteletaor_lib/modules/__init__.py @@ -69,12 +69,18 @@ def find_modules(): for m in dir(classes): _loaded_module = getattr(classes, m) if inspect.isclass(_loaded_module) \ - and _loaded_module.__name__ != "IModule" \ - and issubclass(_loaded_module, IModule): - try: - results[_loaded_module.name] = _loaded_module - except AttributeError: - log.warning("Module '%s' has not attribute 'name' and can't be loaded." % - _loaded_module.__name__) + and _loaded_module.__name__ != "IModule": + + # Check if class inherits from IModule + for c in inspect.getmro(_loaded_module): + if c.__name__ == "IModule": + try: + results[_loaded_module.name] = _loaded_module + except AttributeError: + log.warning("Module '%s' has not attribute 'name' and can't be loaded." % + _loaded_module.__name__) + + # Found! + break return results diff --git a/requirements.txt b/requirements.txt index 98a75ab..6078b82 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,9 @@ six flask wtforms -colorlog \ No newline at end of file +colorlog + +# MQ/Brokers requirements +redis +celery +kombu \ No newline at end of file