Teatime: an RPC penetration framework for blockchain nodes

FB customer service 2021-04-16 16:16:45 阅读数:618

本文一共[544]字,预计阅读时长:1分钟~
teatime rpc penetration framework blockchain

About Teatime

Teatime Is a RPC Infiltration framework , It aims to help researchers scan and discover the wrong configuration in blockchain nodes .Teatime Support to detect all kinds of problems , From information leakage to open account , And then configuration tampering , It's very powerful .

Teatime Our goal is to help us Scan nodes with security vulnerabilities , And minimize the risk of node based attacks caused by common vulnerabilities .Teatime Using a plug-in based architecture , Therefore, the majority of researchers can easily use their own inspection extension library .

Please note that , This project is only a proof of concept at present PoC, The documentation is not rich enough , But then the developers will continue to improve .

Tool installation

Teatime be based on Python 3.6 Development , Therefore, the majority of users need to install and configure on their own devices first Python v3.6+ Environmental Science .

First , We need to use the following command to install Teatime:

$ pip3 install teatime

Or say , We can also use the following command to clone the source code of the project locally , Then run the install command :

git clone https://github.com/dmuhs/teatime.git
$ pip3 install

Yes, of course , We can also pass Python Of setuptools To install Teatime:

$ python3 setup.py install

Sample tool use

First , We need to instantiate a Scanner class , Then pass in the target IP、 port 、 Node type and initialization plug-in list . You can use the following code samples as a reference , To detect the target node :

from teatime.scanner import Scanner
from teatime.plugins.context import NodeType
from teatime.plugins.eth1 import NodeSync, MiningStatus
TARGET_IP = "127.0.0.1"
TARGET_PORT = 8545
INFURA_URL = "Infura API Endpoint"
def get_scanner():
return Scanner(
ip=TARGET_IP,
port=TARGET_PORT,
node_type=NodeType.GETH,
plugins=[
NodeSync(infura_url=INFURA_URL, block_threshold=10),
MiningStatus(should_mine=False)
]
)
if __name__ == '__main__':
scanner = get_scanner()
report = scanner.run()
print(report.to_dict())

For details, please refer to examples More examples of tools in the directory .Teatime It's completely typed , So if you don't like reading documents , It can also be in IDE Free to explore options in .

Continue to develop

Teatime The future development direction has not yet been determined , But we prefer to add more than RPC Interface, broader inspection support , Especially for the following technologies :

Ethereum 2.0 Filecoin IPFS

Project address

Teatime: Click on the bottom 【 Read the original 】 obtain

This article is from WeChat official account. - FreeBuf(freebuf)

The source and reprint of the original text are detailed in the text , If there is any infringement , Please contact the yunjia_community@tencent.com Delete .

Original publication time : 2021-03-25

Participation of this paper Tencent cloud media sharing plan , You are welcome to join us , share .

版权声明:本文为[FB customer service]所创,转载请带上原文链接,感谢。 https://netfreeman.com/2021/04/20210416144526691E.html