• Stars
    star
    226
  • Rank 176,514 (Top 4 %)
  • Language
    Python
  • License
    MIT License
  • Created over 7 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

                        *,ood8888booo,*
                     *,od8           8bo,*
                  *,od                   bo,*
                *,d8                       8b,*
               *,o                           o,    ,a8b*
              *,8           FENRIR            8,,od8  8*
              *8'      Valérian LEGRAND      d8'     8b*
              *8                           d8'ba     aP'*
              *Y,                       o8'         aP'*
               *Y8,                      YaaaP'    ba*
                *Y8o                   Y8'         88*
                 *`Y8               ,8"           `P*
                    *8o        ,d8P'              ba*
              *ooood8888888P"""'                  P'*
           *,od                                  8*
        *,dP     o88o                           o'*
       *,dP          8                          8*
      *,d'   oo       8                       ,8*
      *$    d$"8      8           Y    Y  o   8*
     *d    d  d8    od  ""boooaaaaoob   d""8  8*
     *$    8  d  ood'-I   8         b  8   '8  b*
     *$   $  8  8     d  d8        `b  d    '8  b*
      *$  $ 8   b    Y  d8          8 ,P     '8  b*
      *`$$  Yb  b     8b 8b         8 8,      '8  o,*
           *`Y  b      8o  $$       d  b        b   $o*
            *8   '$     8$,,$"      $   $o      '$o$$*
            *$o$$P"                 $$o$*

FENRIR

FENRIR is a tool designed to be used "out-of-the-box" for penetration tests and offensive engagements. Its main feature and purpose is to bypass wired 802.1x protection and to give you an access to the target network.

Keep in mind FENRIR is still a Work in Progress

Branches :

  • master : main branch for (relatively) stable code
  • bleeding : branch with hotfixes and latest updates

Usage

FENRIR must be ran as root and you must have 2 network interfaces if you want it to work Also, check that both network interfaces are in promisc mode and that ip_forwarding is enabled (see Install section)

To run it :

sudo python Interface.py

Notice that FENRIR's interface supports autocompletion

You can run shell commands with "!"

!ls -la

You first have to create a virtual tap for FENRIR with :

create_virtual_tap

Then you can either configure it manually or start autoconfiguration :

set <option> <value>
autoconf

Once FENRIR is configured you can run it normally or in debug mode

run
run_debug

The wiki pages are coming shortly with examples and better explanations !

Troubleshooting

Are you interfaces in promisc mode ? Even FENRIR's tap interface ?
You external interfaces must not have an IP address, only the tap hsould have one
Your default route should be pointing to the tap interface
Have you enabled ip_forwarding ?
FENRIR will tell you if it is lacking configuration. It must have at least the legitimate host IP and MAC addresses.
Not all protocols are currently supported ! But feel free to help the project by creating a module !
If you have found a bug, report it to me ! I'll look at it as quickly as i can.

Disclaimer

  • I suck at naming stuff & especially function names
  • The code is always a work-in-progress, there are bugs and weird stuffs ! Feel free to throw bug tickets & pull requests
  • Java sucks

Current and planned features

Specific protocol modules have their own separate table below !

Feature Current state Details
802.1x tapping and bypass Done N/A
Stealth Partially Done Other specific headers L2/L3 are to be added
Autoconfiguration Done N/A
Reverse connections capabilities Done Currently being reworked
Port translation TODO Collision issue avoidance
Runtime interface Done N/A
Better stats TODO
Bug smashing Doing Bugs, bugs everywhere
Code cleaning Doing  It needs it badly !
Not developed in Java Done !!! 'Cause we all know Java sucks right ? :)

Protocol modules table

Protocol Current state Details
IP Done (FENRIR Core) N/A
ARP Done N/A
ICMP Done N/A
LLMNR/NBNS (Responder) Partially Done Need to push it inside a separate module
 SSH TBD Need to figure out key exchange rewritting
SMB TBD Next thing on my ToDo list !
??? ??? ???

Install

  • apt-get update
  • apt-get upgrade
  • apt-get install python-pip
  • apt-get install build-essential
  • apt-get install python-dev
  • pip install python-pytun
  • pip install scapy
  • pip install Cmd2
  • git clone this repo

Important note on install

It seems that with the arrival of Python3 some prerequisite packages are now bugged. For now, to avoid bugs while we migrate this tool to Python3, one should remove any files from the following packages and install them like this:

  • sudo -H -E pip install "cmd2<=0.7.0"
  • sudo -H -E pip install "scapy<=2.3.2"

For running FENRIR

  • sysctl net.ipv4.ip_forward=1
  • ifconfig iface1 promisc
  • ifconfig iface2 promisc

If you have any problem with installation, shoot me an email ! I can probably help you out !

Have a beer and participate !

The project is open for pull requests and bug reports ! The great thing is I would be more than happy to offer you a beer for any form of contribution. Please participate in this project and help me make it better :)
And if you don't know where to start or want some help, do not hesitate to contact me !

Also, if you want to chat about the project or ask questions, you can find me on IRC : WaffleWrath

Docs & Vids

My presentation of 802.1x bypass techniques and FENRIR are available on the Hack in Paris website

License

This software is licensed under the terms of the MIT license


by Valérian Legrand (main developer), Andrei Dumitrescu and Quentin Biguenet (contributors)

More Repositories

1

GOAD

game of active directory
PowerShell
4,933
star
2

arsenal

Arsenal is just a quick inventory and launcher for hacking programs
Python
3,155
star
3

ocd-mindmaps

Orange Cyberdefense mindmaps
1,001
star
4

awesome-industrial-protocols

Security-oriented list of resources about industrial network protocols.
Python
448
star
5

KeePwn

A python tool to automate KeePass discovery and secret extraction.
Python
444
star
6

grepmarx

A source code static analysis platform for AppSec enthusiasts.
Python
194
star
7

russia-ukraine_IOCs

Russia / Ukraine 2022 conflict related IOCs from CERT Orange Cyberdefense Threat Intelligence Datalake
173
star
8

graphcat

Generate graphs and charts based on password cracking result
Python
152
star
9

versionshaker

Find the remote website version based on a git repository
Python
122
star
10

haiti

🔑 A CLI tool to identify the hash type of a given hash.
Ruby
107
star
11

CVE-repository

🪲 Repository of CVE found by OCD people
Python
68
star
12

disposable-mailbox-docker

A self hosted yopmail like server running in a docker
PHP
55
star
13

cme-wmi

A standalone WMI protocol for CrackMapExec
Python
48
star
14

wmi-shell

WMI Shell project : proof-of-concept of remote access to a Windows machine using only the WMI service.
C
43
star
15

bof

BOF (Boiboite Opener Framework) is a testing framework for industrial protocols implementations and devices.
Python
42
star
16

ctf-party

🎏 A library to enhance and speed up script/exploit writing for CTF players
Ruby
39
star
17

rabid

🍪 A CLI tool and library allowing to simply decode all kind of BigIP cookies.
Ruby
37
star
18

ctf-write-ups

📝 Collection of our CTF write-ups
Python
27
star
19

sikara

Ease and assist the compromise of an Active Directory environment.
Python
26
star
20

reverse-proxy-auth

A Nginx reverse proxy that authenticates users using their personal certificates. Includes everything to create and revoke those certificates, create the CA and even TLS certificates for websites.
Shell
23
star
21

mass-nessus-docker

Deploy multiple instances of Nessus in docker containers easily
Shell
19
star
22

log4shell_iocs

Log4Shell IOCs from CERT Orange Cyberdefense Threat Intelligence Datalake
17
star
23

leHACK-2022

C
16
star
24

sqltrees

Developper-proof prevention of SQL injection (java library)
Java
10
star
25

sweetlemonade

SWEETLEMONADE is a bootkit for UEFI firmware
C
5
star
26

CyberSOC-detect-Nanocore-RAT

Détection de malwares par Artefacts : le cas du RAT Nanocore
Python
3
star