• This repository has been archived on 13/Sep/2021
  • Stars
    star
    450
  • Rank 97,143 (Top 2 %)
  • Language
    Erlang
  • License
    BSD 3-Clause "New...
  • Created almost 9 years ago
  • Updated over 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

SS7 MAP (pen-)testing toolkit. DISCONTINUED REPO, please use: https://github.com/0xc0decafe/ss7MAPer/

ss7MAPer

SS7 MAP (pen-)testing toolkit

Binary releases

As a lot of people run into problems building the tool, there are binary releases which can be found here: https://github.com/ernw/ss7MAPer/tree/master/releases

As people also run into problems using the binary release, there is a docker image with ss7MAPer running on ubuntu 16.04

If you use the binary version, skip right over the next chapter.

Get it running

You will need:

  • Erlang. Get it from your repo or from http://www.erlang.org.

  • Rebar. Get it from your repo or from https://github.com/rebar/rebar

  • The code (;

     git clone https://github.com/ernw/ss7MAPer   
    
  • The dependencies

     cd ss7MAPer   
     rebar get-deps   
    
  • Patch the dependencies

     cd deps/osmo_map   
     patch -p1 < ../../patches/osmo_map.patch   
     cd ../osmo_sccp   
     patch -p1 < ../../patches/osmo_sccp.patch   
     cd ../osmo_ss7   
     patch -p1 < ../../patches/osmo_ss7.patch   
    
  • Get the deps to build (; This is not as easy as it might sound, I needed to:
    Patch the epacp/rebar.config and replace

     {port_envs, [   
       {"DRV_CFLAGS", "-g -Wall $ERL_CFLAGS"},   
       {"DRV_LDFLAGS", "-lpcap $ERL_LDFLAGS"}   
     ]}.   
    

    with

     {port_envs, [   
       {"CFLAGS", "-g -Wall $ERL_CFLAGS"},   
       {"LDFLAGS", "-lpcap $ERL_LDFLAGS"}   
     ]}.   
    

    Another dependency is not covered by rebar, so you need to fetch it manually:

     cd deps   
     git clone http://cgit.osmocom.org/erlang/signerl/   
    

    Build the ASN.1 source files:

     cd deps/signerl/TCAP/asn_src/ITU   
     make   
    

    Copy the ASN.1 files to osmo_sccp:

     cp deps/signerl/TCAP/asn_src/ITU/*rl deps/osmo_sccp/src/   
    

    Also the osmo libs have dependencies on each other and some other deps are shared, so I created some symlinks:

     mkdir deps/epcap/deps
     ln -sd ../../pkt deps/epcap/deps/pkt
     mkdir deps/osmo_sccp/deps   
     ln -sd ../../osmo_ss7 deps/osmo_sccp/deps/osmo_ss7   
     ln -sd ../../epcap deps/osmo_sccp/deps/epcap   
     ln -sd ../../pkt deps/osmo_sccp/deps/pkt   
     ln -sd ../../signerl/MAP deps/osmo_sccp/deps/MAP    
     ln -sd ../../signerl/SCCP deps/osmo_sccp/deps/SCCP   
     ln -sd ../../signerl/TCAP deps/osmo_sccp/deps/TCAP   
     mkdir deps/osmo_map/deps   
     ln -sd ../../osmo_ss7 deps/osmo_map/deps/osmo_ss7   
     ln -sd ../../epcap deps/osmo_map/deps/epcap   
     ln -sd ../../pkt deps/osmo_map/deps/pkt   
    

    And copy some files in place:

     cp deps/signerl/SCCP/itu/include/sccp.hrl deps/osmo_sccp/src/   
     cp deps/signerl/TCAP/include/tcap.hrl deps/osmo_map/src/   
    
  • Build the code

     rebar co   
    

If all the steps above are too much to do by hand (as for me testing ;) you can use the build script here: https://github.com/ernw/ss7MAPer/blob/master/prepare_n_build.sh

The config file

The config file is split in 4 section, sctp, m3ua, sccp and target.

In the sctp section source and destination ip as well as source and destination port of the SCTP connection are configured.

In the m3ua section all the M3UA parameters, like local and remote point code are configured.

In the sccp section currently only the local (or source) global title needs to be configured.

Last but not least in the target section information about the tested environment need to be configured, like the global title of the HLR, or the MSISDN of the tested phone.

Be sure to modify it to your needs.

Running the tool

Running a source build

To run the tool one needs to start a rebar shell:

cd ss7MAPer   
rebar shell   

Start the application and its dependencies with:

application:start(sasl).
application:start(ss7MAPer).

If everything is set up correctly the m3ua connection comes up.

Running the binary release

Run the application by starting it from the root directory:

cd ss7MAPer
./bin/ss7MAPer console

If everything is set up correctly the m3ua connection comes up.

Using the tool

Once the application is started, there are some commands that can be executed from the erlang command line:

  • ss7MAPer:test_hlr()
  • ss7MAPer:test_msc()
  • ss7MAPer:test_smsc()

and each of them does exactly as its called, running MAP tests against the targets defined in the config file.

More Repositories

1

hardening

Repository of Hardening Guides
609
star
2

nmap-parse-output

Converts/manipulates/extracts data from a Nmap scan output.
XSLT
511
star
3

static-toolbox

A collection of statically compiled tools like Nmap and Socat.
Shell
417
star
4

AndroTickler

Penetration testing and auditing toolkit for Android apps.
Java
234
star
5

Windows-Insight

The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies.
JavaScript
150
star
6

dizzy

Network and USB protocol fuzzing toolkit.
Python
66
star
7

insinuator-snippets

A collection of code snippets used in blog posts.
Python
54
star
8

net.tcp-proxy

A python based library to interact with .net webservices with net.tcp binding. Supports MC-NMF, MC-NMFTB and MS-NNS and contains a proxy for reading communications with webservices which require the negotiate encryption.
Python
54
star
9

quarantine-formats

Documentation and parsers for different anti-virus quarantine formats.
40
star
10

python-wcfbin

A python library for converting between WCF binary xml and plain xml.
Python
40
star
11

dizzy-legacy

Network and USB protocol fuzzing toolkit.
Python
34
star
12

binja-ipython

A plugin to integrate an IPython kernel into Binary Ninja.
Python
29
star
13

burpsuite-extensions

A collection of Burp Suite extensions
Java
29
star
14

ctf-writeups

Collection of CTF writeups
Python
15
star
15

dizzfiles

Fuzzing scripts used with the dizzy fuzzing toolkit.
Python
7
star
16

cvss-calculator

A wxpython based cvss calculator/viewer
Python
7
star
17

diameter_enum

A diameter Application and service scanner.
Python
6
star
18

forensic-hsts-analyzer

Tool to analyze HSTS caches during file system analysis.
6
star
19

open_mail_relay_tester

Python script to test for open mail relays (able to use HTTP proxies)
Python
6
star
20

tr19-badge-apps

The Troopers 19 badge apps.
Python
5
star
21

bcfs-fuse

C
4
star
22

tr19-badge-firmware

The Troopers 19 badge firmware based on MicroPython.
C
4
star
23

steampipe-plugin-openstack

Use SQL to query cloud resources and their configuration from OpenStack.
Go
4
star
24

gpfs-research

IBM GPFS related code
C
1
star
25

bcfs-manager

Python
1
star
26

tr19-badge-backend

The Troopers 19 badge provisioning server used to distribute applications and settings to your badge.
Python
1
star