Bacon

1
Bacon

• A Penetration and Auditing Framework

Hernan Gips gipsh_at_rubic.cc
2
Common problems

• A lot of independent tools uses same input
• Most tools are developed in c/c
• Tools run in certain platforms
• Tools need to be modified
• Others

3
Solution Bacon

• A flexible and extendible Framework oriented to
  the security community.

4
Overview

• Based on .NET Framework
• Modular Architecture
• Multi language support
• Opensource
• Multiplatform
• Fully OO Design

5
What Bacon is not

• An automatic penetration tool
• hack-in-a-minute tool
• A static tool

6
Framework

• Ability to load modules
• Keeps session information
• Provides entities to store specific information
  like targets, ports, services, etc
• Provides libraries for proxing, sniffing, etc.

7
Framework

• Bacon is multiplatform.
• Runs with
• .NET Framework
• Mono
• Any ECMA VM implementation

8
Architecture
9
Internal Context

• The framework provides information entities
  oriented to security and networking.

GenericList
Network
TargetCollection
ServiceCollection
Target
Service
10
Internal Context

• Each module has RW access to the context.
• Internal implementation uses XML
• Developer can use the entities or directly access
  via generic XPath queries.

11
Internal Context

Target
Context
SMTP VRFY Dictionary Attack
Session data
POP3 Brute force Attack
Mail Addresses
Users
Google Mails Finder
12
Modules

• Each module is a DLL compiled in .NET
• Framework loads modules using reflection.
• Modules are multithreading
• Each module runs on an different Application
  Domain

13
Modules Reflection

• A developer may creates its own plugin in any
  language that generates .NET assembly.

14
Modules

• Well known languages
• C
• VB.NET
• C.NET
• Not so well known
• IronPython
• Boo

15
Modules

• Every modules inherits from Bacon.Plugin abstract
  class
• This class provides two methods
• Start()
• Stop()
• Module has facilities to
• Access the context
• Log debug information

16
Modules

• Example module source code in C

Plugin("Test", "plugin for testing
purposes") public class TestPlugin
Bacon.Plugin Command("listdump", "command
to test something") . . Command(listus
ers", "command to test something")

17
Modules

• Modules has commands defined on it
• Each command has different parameters

Command("hack", "hacks something") class
HackCommand Bacon.Command public
override void Execute() .
18
Modules

• How loader works

Plugins Loader
Plugins Manager
19
Modules
20
Modules Module chaining
Network Scan ICMP
TCP port scanner connect()
Web directory finder
Web file finder
input 192.168.0.0/24
Targets
Services
Report Generator
Dirs
Files
Dictionary
XML
21
Remoting

• The Framework exposes its own interface like a
  remote service.
• This is useful to create distributed attacks.

22
Framework Interface

• Integrated Command Line Console

23
Framework Interface

• Uses Winforms
• Each module may provide its own GUI

24
Framework Interface

• You may create your own interface. (i.e. a web
  interface)
• You may also create a common GUI generator for
  each module

25
Framework Services

• ProxyLib Service
• SniffLib Service
• FuzzLib Service
• Other

26
Framework ProxyLib

• Creates simple proxies
• HTTP, Sockets, etc
• Hook to events

27
State of Dev

• Bacon got sponsored!
• The framework architecture is mostly closed
• We are working on creating new modules and a nice
  GUI.

28
Future

• Module creation process ? Now
• Opensource official release ? 3 Months
• Community site release ? 1 Month

29
Conclusion

• We want to create a standard framework for
  pentesting and auditing networks and
  applications.
• We want the security community uses it and
  develops module for the framework

30
Any Questions?
31
The End.

• Hernan Gips
• gipsh_at_rubic.cc