Samsung/cotopaxi Samsung/cotopaxi

  • Stars
    star
    343
  • Rank 123,371 (Top 3 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created almost 6 years ago
  • Updated 8 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Samsung/cotopaxi
github

Samsung

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Set of tools for security testing of Internet of Things devices using specific network IoT protocols 
 .d8888b.           888                                       d8b 
d88P  Y88b          888                                       Y8P 
888    888          888
888         .d88b.  888888 .d88b.  88888b.   8888b.  888  888 888 
888        d88""88b 888   d88""88b 888 "88b     "88b 'Y8bd8P' 888 
888    888 888  888 888   888  888 888  888 .d888888   X88K   888 
Y88b  d88P Y88..88P Y88b. Y88..88P 888 d88P 888  888 .d8""8b. 888 
 "Y8888P"   "Y88P"   "Y888 "Y88P"  88888P"  "Y888888 888  888 888 
                                   888
                                   888
                                   888

License: GPL v2 GitHub top language PyPI - Python Version LGTM Grade Lines of code Code style: black GitHub search hit counter GitHub release (latest by date) GitHub issues PyPI - Downloads

Black Hat Arsenal Black Hat Arsenal DEF CON 27 Black Hat Arsenal DEF CON 28 Black Hat Arsenal Black Hat Arsenal

Set of tools for security testing of Internet of Things devices using protocols: AMQP, CoAP, DTLS, HTCPCP, HTTP, HTTP/2, gRPC, KNX, mDNS, MQTT, MQTT-SN, QUIC, RTSP, SSDP.

License:

Cotopaxi uses GNU General Public License, version 2: https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html

Disclaimer

Cotopaxi toolkit is intended to be used only for authorized security testing!

Some tools (especially vulnerability tester and protocol fuzzer) can cause some devices or servers to stop acting in the intended way -- for example leading to crash or hang of tested entities or flooding with network traffic another entities.

Make sure you have permission from the owners of tested devices or servers before running these tools!

Make sure you check with your local laws before running these tools!

Installation

To install minimal Cotopaxi version (without Machine Learning and development tools):

pip install cotopaxi

Almost complete installation (without scapy-ssl_tls required for DTLS support):

pip install cotopaxi[all]

For more detailed documentation about installation see: Installation Guide

Integration with Metasploit

If you want to use Cotopaxi tools from Metasploit see: Metasploit integration

Acknowlegments

Machine learning classificator used in the device_identification tool was trained using corpus "IMC 2019 payload dataset" provided by authors of the following paper:

Title: Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach Authors: Jingjing Ren, Daniel J. Dubois, David Choffnes, Anna Maria Mandalari, Roman Kolcun, Hamed Haddadi Venue: Internet Measurement Conference (IMC) 2019 URL: https://moniotrlab.ccis.neu.edu/imc19dataset/

We would like to thank above listed authors for sharing this corpus!

Tools in this package:

  • service_ping
  • server_fingerprinter
  • device_identification
  • traffic_analyzer
  • resource_listing
  • protocol_fuzzer (for fuzzing servers)
  • client_proto_fuzzer (for fuzzing clients)
  • vulnerability_tester (for testing servers)
  • client_vuln_tester (for testing clients)
  • amplifier_detector
  • active_scanner

Protocols supported by different tools (left box describes working implementation in Python 2 and right one for Python 3):

Tool AMQP CoAP DTLS HTCPCP HTTP/2 gRPC KNX mDNS MQTT MQTT-SN QUIC RTSP SSDP
service_ping β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘
server_fingerprinter ☐☐ β˜‘β˜‘ β˜‘β˜‘ ☐☐ ☐☐ ☐☐ ☐☐ ☐☐ ☐☐ ☐☐ ☐☐ ☐☐ ☐☐
device_identification β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘ ☐☐ ☐☐ ☐☐ β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘
traffic_analyzer β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘ β˜β˜‘
resource_listing ☐☐ β˜‘β˜‘ N/A ☐☐ ☐☐ ☐☐ ☐☐ β˜‘β˜‘ ☐☐ ☐☐ N/A β˜‘β˜‘ β˜‘β˜‘
protocol_fuzzer β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘
client_proto_fuzzer β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘
vulnerability_tester β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘
client_vuln_tester β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘ β˜‘β˜‘
amplifier_detector N/A β˜‘β˜‘ β˜‘β˜‘ N/A N/A N/A N/A β˜‘β˜‘ N/A β˜‘β˜‘ β˜‘β˜‘ N/A β˜‘β˜‘
active_scanner ☐☐ ☐☐ β˜‘β˜‘ ☐☐ ☐☐ ☐☐ ☐☐ ☐☐ ☐☐ ☐☐ ☐☐ ☐☐ ☐☐

For more detailed documentation of each tool see: Tools

Supported vulnerabilites

Vulnerabilities identified by Cotopaxi team, that can be tested using Cotopaxi:

Other vulnerabilities supported by Cotopaxi:

New vulnerabilities can be easily added to the database in vulnerabilities.yaml and payloads in cotopaxi/vulnerabilities//<payload.raw>.

Known issues / limitations

There are some known issues or limitations caused by using scapy as network library:

  • testing services running on the same machine can result in issues occurred by not delivering some packets,
  • multiple tools running against the same target can result in interference between them (packets may be indicated as a response to another request).

See more at: https://scapy.readthedocs.io/en/latest/troubleshooting.html#

Development

For more detailed information about development of Cotopaxi see: Development guide

More Repositories

1

rlottie

A platform independent standalone library that plays Lottie Animation.
C++
1,158
star
2

veles

Distributed machine learning platform
C++
903
star
3

netcoredbg

NetCoreDbg is a managed code debugger with MI interface for CoreCLR.
C#
715
star
4

TizenRT

TizenRT is a lightweight RTOS-based platform to support low-end IoT devices
C
554
star
5

ONE

On-device Neural Engine
C++
424
star
6

jalangi2

Dynamic analysis framework for JavaScript
JavaScript
411
star
7

GearVRf

The GearVR framework(GearVRf) is an Open Source VR rendering library for application development on VR-supported Android devices.
C++
408
star
8

ADBI

Android Dynamic Binary Instrumentation tool for tracing Android native layer
C
295
star
9

Tizen-CSharp-Samples

Tizen C# Samples for Mobile, Wearable, and TV profiles.
C#
233
star
10

escargot

Escargot is a memory optimized JavaScript engine for mid-range devices such as mobile phone, tablet and TV.
C++
232
star
11

TizenTVApps

Tutorial and Sample apps for the Tizen TV web platform
JavaScript
218
star
12

Tizen.NET

Welcome to Tizen .NET
C#
203
star
13

TizenFX

C# Device APIs for Tizen
C#
184
star
14

KnowledgeSharingPlatform

K# - Knowledge Sharing Platform
Java
176
star
15

UTopia

UT based automated fuzz driver generation
C++
163
star
16

tizen-docs

This project is for writing Tizen documents for platform and application developers. The documents will be published to the new Tizen portal site.
156
star
17

ChromiumGStreamerBackend

Use GStreamer to play media streams in chromium. We implemented a Media Process which is own by the Browser Process and creates players on-demand. Any Video tag will be backed by a GStreamer pipeline that lives in the Media Process.
150
star
18

libtuv

Asynchronous I/O for IoT.js and embedded system
C
129
star
19

ioter

Ioter released by Samsung is an open-source implementation of the Matter Thread Emulator
Python
126
star
20

cordova-plugin-toast

Cordova plugin that provides TV Specific functionalities.
JavaScript
121
star
21

CredSweeper

CredSweeper is a tool to detect credentials in any directories or files. CredSweeper could help users to detect unwanted exposure of credentials (such as token, passwords, api keys etc.) in advance. By scanning lines, filtering, and using AI model as option, CredSweeper reports lines with possible credentials, where the line is, and expected type o
Python
110
star
22

Wits

Wits for Your Tizen web application development.It will saved your development times and bring pleasure of developing out. Using Wits, You can instantly RELOAD your app's JavaScript/CSS code instead of reinstalling your app every time you make a change.
JavaScript
110
star
23

360tools

The 360tools package is software for VR video processing experiments. The software includes both 360 video conversion and quality metrics functionality
C
102
star
24

meminsight

Platform-Independent Memory Profiling Tool for Web Applications
JavaScript
81
star
25

Tizen.CircularUI

Tizen Wearable CircularUI project is to develop an open source software motivate software developer to creating Tizen Wearable Xamarin Forms app more easily and efficiently.
C#
80
star
26

islet

An on-device confidential computing framework
Rust
63
star
27

restful

Suggesting standard and optimized codes for RESTful API including filter/annotator for allowing user access and validating input data, user management, data management and some utils such as protecting data using 128/256-bit AES encryption.
Java
60
star
28

HbbPlayer

HbbPlayer is HbbTV application which can playback media by using url of media as parameter. It conforms to W3C and HbbTV specification.
CSS
58
star
29

Dexter

Dexter is a static analysis platform to find and remove defects efficiently and immediately during the coding-time.
HTML
56
star
30

Chromium

Samsung's upstream contributions to the Chromium open source project
HTML
55
star
31

spark-cep

Spark CEP is an extension of Spark Streaming to support SQL-based query processing
Scala
54
star
32

SamsungAutomationStudio

Samsung Automation Studio is to provide development tools and execution environment that can easily configure application logic by connecting both Samsung service and 3rd party service. This project is to share the node for open source NodeRED developed by Samsung Automation Studio team to the community. If you are using nodered, you can easily install the node we provide. And you can use Samsung's IoT and AI-related services more easily, and you can have an extended experience in conjunction with your own services.
HTML
54
star
33

Fluff

A tool designed to synthesise semantically correct JavaScript snippets given arbitrary data. Useful for fuzzing.
C++
53
star
34

kv2streamer

kv2streamer is a library that allows developers to access the new Kinect V2 sensor data and tracking capabilities from non-windows OS. It provides a server-side application that can stream out Kinect V2 data to multiple client-side applications accessing the client-side API running on non-windows OS over LAN.
C++
52
star
35

qaboard

Experiment tracker: organize, visualize, compare and share runs. Removes toil from algorithm/performance R&D and tuning.
JavaScript
52
star
36

TAU

TAU (Tizen Advanced UI) project for supporting web app development based on web-based ui widget components library
JavaScript
49
star
37

ONE-vscode

Visual Studio Code Extension of ONE compiler toolchain
TypeScript
48
star
38

Tizen.TV.UIControls

Tizen.TV.UIControls is an Extension project of .NET MAUI and Xamarin.Forms to help developers to create Tizen TV applications easily and efficiently.
C#
48
star
39

microbit

micro:bit official Android application code. The application is free to download from https://play.google.com/store/apps/details?id=com.samsung.microbit
Java
47
star
40

WATT

A Web Assembly Translation Toolkit (WATT), a new Web Assembly (WASM) application authoring tool that allows developers to create a WASM based library easily and use it to create WASM based applications.
JavaScript
46
star
41

mTower

mTower is Trusted Execution Environment specially designed to be used on MicroController Units (MCUs) supporting ARM TrustZone technology (e.g., Cortex-M23/33/35p). mTower operates well under restrictions typical for such environment – small RAM and ROM sizes, relatively low performance, absence of rich OSes providing variety of services available on PCs or in enterprise environments. mTower is intended for usage in IoT, embedded devices, Smart Home applications, distributed heterogeneous networks and other environments where secure processing of sensitive data is necessary.
C
46
star
42

LexSubGen

Lexical Substitution Framework
Python
45
star
43

Castanets

Edge distributed web engine. Part of web engine processes are offloaded to a powerful devices and only graphical results are processed in local devices. This way, we overcome both CPU limitations and memory limitations of the low-end local devices
45
star
44

CAS

Code Aware Services (CAS) is a set of tools for extracting information from a (especially large) source code trees. It consists of Build Awareness Service (BAS) and Function/Type database (FTDB). BAS is a tool for extracting information how particular S/W image is created from ongoing builds. FTDB transforms predefined source code information (like information about functions and types) into easily accessible format (like JSON) which can be used by a number of applications.
C++
42
star
45

walrus

WebAssembly Lightweight RUntime
WebAssembly
39
star
46

SJS

SJS is a static ahead of time compiler for a subset of JavaScript
Java
37
star
47

node-jerryscript

JS runtime based on JerryScript
JavaScript
30
star
48

auto_off_target

AoT is a system for automatically generating off-target test harness by using build information.
Python
29
star
49

create-tizen-app

TypeScript
28
star
50

TAU-Design-Editor

TAU Design Editor can create web application by drag&drop the TAU based widget
JavaScript
28
star
51

CredData

CredData is a set of files including credentials in open source projects. CredData includes suspicious lines with manual review results and more information such as credential types for each suspicious line. CredData can be used to develop new tools or improve existing tools. Furthermore, using the benchmark result of the CredData, users can choose a proper tool among open source credential scanning tools according to their use case.
Python
28
star
52

afl_cc

Fuzzing with controlled compilation
C++
27
star
53

veles.sound_feature_extraction

Distributed machine learning platform
C++
27
star
54

http-parser

fork of https://github.com/nodejs/http-parser
C
26
star
55

veles.znicz

Neural Network engine for Veles distributed machine learning platform
Python
26
star
56

tizen-tv-webapis

JavaScript
24
star
57

LPVS

License Pre-Validation Service analyzes which open source components and licenses are used in every patch. It returns the list of restricted licenses and the possibility of license violation on the comment with the exact code location and the open source component information.
Java
24
star
58

SVIEngine

It provides animations such as Sprite Animation and Transition Animation to make your applications livelier and richer in texture.
C++
23
star
59

cynara

simple privilege access control service
C++
23
star
60

vasum

Vasum is a Linux daemon and a set of utilities used for managing para-virtualization. It uses Linux Containers to create separate, graphical environments called zones. One can concurrently run several zones on one physical device. Vasum exports a rich C/Dbus API that the application frameworks can use to interact with zones.
C++
23
star
61

cordova-tv-webos

`cordova-tv-webos` is an TV application library that allows for Cordova-based projects to be built for the WebOS TV Platform.
JavaScript
23
star
62

kflat

KFLAT is a tool to serialize memory of selected variables from the running Linux kernel and organize it into a single memory block of consecutive addresses. It relies on recipes written in the code that specify the type and memory layout of the variables being serialized. After the flatten memory image is created KFLAT allows to re-instantiate the memory image into the process address space of a user-land program (most likely on other machine). KFLAT stores information about location of the pointers in the dumped memory block therefore it is enough to map the entire memory on the target machine and fix these parts of memory which constitute pointers to point to proper locations in the newly created memory block.
C
22
star
63

ribon

Ribon is a simulation service for deriving the cost-optimized configuration of AWS EC2 instances using RI (Reserved Instance).
R
20
star
64

cordova-sectv-orsay

cordova-sectv-orsay` is an TV application library that allows for Cordova-based projects to be built for the Legacy Samsung Smart TV (A.K.A Orsay) Platform.
JavaScript
20
star
65

StoneNeedle

StoneNeedle is a tool, which runs in the Linux kernel environment (later than v3.13), and statistic the I/O workload profiling data. It will show the statistical value to Linux user space applications via the proc file system. We hope, and expect, that these techniques will enable many further I/O optimizations to extend HPC and Cloud computing into the exascale era and beyond.
C
19
star
66

appium-tizen-driver

Appium Tizen Driver is a test automation tool for Tizen devices. Appium Tizen Driver automates xamarin apps, tested on emulators and real devices. Appium Tizen Driver is part of the Appium mobile test automation tool.
JavaScript
19
star
67

vscode-extension-tizentv

JavaScript
18
star
68

grunt-cordova-sectv

Grunt task for build and package the cordova project with `sectv-OOO` platforms.
JavaScript
18
star
69

mimic

Synthesizer for JavaScript API models
TypeScript
17
star
70

cordova-sectv-tizen

cordova-sectv-tizen` is an TV application library that allows for Cordova-based projects to be built for the 2015's Samsung Tizen TV Platform.
JavaScript
17
star
71

Universum

Universum project is a Python solution that simplifies SW project verification by integrating existing CI systems and provides additional functionality for CI.
Python
17
star
72

tizen-fundamental-classes

Tizen Fundamental Classes is a framework library to develop native application in Tizen using C++ pattern
C++
17
star
73

CordovaPlugins

We have developed Cordova Plugins for 3 Samsung SDKs SPen, Multiwindow & Rich Notifications and need to release them on Github. And we are planning to work on others in future which need to be released on Github too."
Java
17
star
74

mixed-reality-extension-godot

The Mixed Reality Extension Godot library is an easy way for developers to add User Generated Content (UGC) capabilities to their GodotEngine-based host apps.
C#
15
star
75

lwnode

Lightweight Node.js is a memory efficient Node.js implementation for consumer products such as mobile, smart watch, and TV
C++
15
star
76

skia

C++
14
star
77

vscode-tizentv-wasm

Extension based on VSCode editor
JavaScript
14
star
78

tizen-app-assist

tizen-app-assist helps tizen UI application design by providing common and high-level design units with C++ classes.
C++
14
star
79

tizen-extension-sample

Tizen Extension SDK Sample provides usage of Extension API provided by Samsung.
JavaScript
14
star
80

cargo

Cargo is library for saving/restoring C/C++ structures over a given backend medium (json, sqlite, gvariant, file dscriptor)
C++
14
star
81

vs-tools-cps

Tizen.NET applications κ°œλ°œμ„ μœ„ν•œ Visual Studio extension
C#
14
star
82

RT-OCF

The aim of the RT-OCF project is to develop an open source software framework which is a light-weight device-to-device (D2D) framework based on Open Connectivity Foundation (OCF) specification for IoT devices.
C
14
star
83

Tizen.Appium

Tizen.Appium is a service library that supports running Appium for Tizen applications.
C#
13
star
84

gcutil

Garbage collector for Escargot
C
12
star
85

veles.simd

Distributed machine learning platform
C++
12
star
86

ColorPatternTracker

This GPU based computer vision software tracks a color-grid pattern at ~60Hz using an Android phone for effective position tracking in VR headsets.
HTML
12
star
87

MeziLang

An open source programming language, and compiler for JVM.
Java
12
star
88

ckm

Main goal of project is to reduce probability of key leaking from device. CKM stores symmetric and asymmetric keys and provides crypto operations to clients. Unlike other crypto solutions (openssl) CKM is written as system service. This mean that it may compute all crypto operation inside service and clients will not have direct access to keys.
C
12
star
89

ci-cd-bot

A CI/CD bot that can be integrated with GitHub (both enterprise and public) with ease and flexibility
JavaScript
12
star
90

appium-sdb

A wrapper over tizen-sdb, implemented using ES6 and along with async/await. This package is mainly used by Appium to perform all sdb operations on tizen device.
JavaScript
11
star
91

veles.mastodon

Java
11
star
92

tizen-common-web

JavaScript
11
star
93

webIDE-common-tizentv

This is a common lib project for VScode/Atom extension and Wits, providing build, install, launch web project and certificate manager.
JavaScript
10
star
94

security-manager

Central Tizen service for configuration of security policy for applications and users. This component encapsulates logic for configuration of security mechanisms in Tizen. It is responsible for configuring proper policy to enforce privileges for applications and users. Configured security mechanisms: - Smack - Cynara - DAC (with respect to privilege enforcement) - Network filtering (enforcement of network access privilege) It supports multi-user, applications installed per user or globally and integrates with Vasum for setting security policy in multi-container environment.
C++
10
star
95

TizenTemplateStudio

Visual Studio 2019 Extenstion that creates Tizen .NET app projects using a template-based wizard
C#
9
star
96

tizen-iot-examples

The Tizen IoT Examples are including example applications to develop with Tizen IoT devices easily.
C
9
star
97

yarr

Regular expression engine that compiles and interpretes any regular expression.
C++
9
star
98

veles.nlp

Add NLP components to the Veles framework
C++
9
star
99

OCLAlgo

C++11 concept for OpenCL computations
C++
8
star
100

MT-LLM-NLU

Repository for code related to "LLM-Based Machine Translation for Expansion of Spoken Language Understanding Systems to New Languages" publication.
Python
8
star