Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
セキュリティ スキャニング フレームワークの作り方/Seven staps to build ...
Search
moperon
October 31, 2017
Programming
1
980
セキュリティ スキャニング フレームワークの作り方/Seven staps to build a Security Scanning Framework
https://github.com/gsx-lab/caras-framework
#ssmjp
%s/staps/steps/
moperon
October 31, 2017
Tweet
Share
Other Decks in Programming
See All in Programming
SwiftでMCPサーバーを作ろう!
giginet
PRO
2
230
PHPカンファレンス関西2025 基調講演
sugimotokei
6
1.1k
実践 Dev Containers × Claude Code
touyu
1
160
なぜあなたのオブザーバビリティ導入は頓挫するのか
ryota_hnk
5
580
Vibe coding コードレビュー
kinopeee
0
420
一人でAIプロダクトを作るための工夫 〜技術選定・開発プロセス編〜 / I want AI to work harder
rkaga
7
1.8k
ZeroETLで始めるDynamoDBとS3の連携
afooooil
0
150
WebAssemblyインタプリタを書く ~Component Modelを添えて~
ruccho
1
690
書き捨てではなく継続開発可能なコードをAIコーディングエージェントで書くために意識していること
shuyakinjo
0
240
構文解析器入門
ydah
7
2k
React 使いじゃなくても知っておきたい教養としての React
oukayuka
18
5.5k
CEDEC 2025 『ゲームにおけるリアルタイム通信への QUIC導入事例の紹介』
segadevtech
3
810
Featured
See All Featured
How to Ace a Technical Interview
jacobian
278
23k
Designing for humans not robots
tammielis
253
25k
Site-Speed That Sticks
csswizardry
10
760
Reflections from 52 weeks, 52 projects
jeffersonlam
351
21k
Done Done
chrislema
185
16k
Mobile First: as difficult as doing things right
swwweet
223
9.9k
YesSQL, Process and Tooling at Scale
rocio
173
14k
The Pragmatic Product Professional
lauravandoore
36
6.8k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
How to train your dragon (web standard)
notwaldorf
96
6.2k
Navigating Team Friction
lara
188
15k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Transcript
ηΩϡϦςΟεΩϟχϯά ϑϨʔϜϫʔΫͷͭ͘Γ͔ͨ @moperon 2017/10/31 #ssmjp
࣍ ࣗݾհ ੬ऑੑஅͱ ՝ 7εςοϓͰ։ൃ ·ͱΊ
@moperon • ηΩϡϦςΟΤϯδχΞ • ੬ऑੑஅྺ10 PF/Web/Android/ଞ͍Ζ͍Ζ • ੬ऑੑஅʹ·ͭΘΔ։ൃ ࣾπʔϧ։ൃ •
20174݄͔ΒR&D෦ • ࠓಡΜͰ͍Δٕज़ॻ -> Cooking for Geeks
੬ऑੑஅͱ
੬ऑੑஅͱ ࣄલ४උ அ ใࠂ
੬ऑੑஅͱ ੬ऑੑΛݕग़͢Δ࡞ۀ
੬ऑੑஅͱ ੬ऑੑΛݕग़͢Δ࡞ۀ ͪΐͬͱҧ͏
੬ऑੑஅͱ ੬ऑੑͷ༗ແΛ֬ೝՄೳͳ ূΛऩू͢Δ࡞ۀ
ηΩϡϦςΟεΩϟφ ূෆ ِӄੑ/ِཅੑ
खಈஅͷඞཁੑ ূͷऩू ِཅੑ/ِӄੑͷϦΧόϦ
՝
खಈஅͷ՝ ૿͑ଓ͚Δஅख๏ ޮͷѱӨڹ
εΩϟφͱखಈͷ伱ؒ Χόʔ͖͠Εͳ͍ அ߲ ୯७͚ͩͲ ख͕͔͔ؒΔ அ߲
ηΩϡϦςΟ εΩϟχϯά ϑϨʔϜϫʔΫ • ηΩϡϦςΟεΩϟφΛ ։ൃ͢ΔͨΊͷϑϨʔϜϫʔΫ • அ߲ΛϓϥάΠϯԽ Λ࡞Ζ͏ खಈஅΛ͋ΔఔࣗಈԽ͢ΔͨΊɺ
ηΩϡϦςΟεΩϟχϯά ϑϨʔϜϫʔΫ Λ࡞Δ 7ͭͷεςοϓ
εςοϓ1 ཉ͍͠ػೳΛܾΊΔ
γϯϓϧͰίϯύΫτͳγεςϜ • அ߲ϓϥάΠϯ • ࣮ߦॱΛߏʹఆٛՄೳ • ϚϧνεϨουͷδϣϒίϯτϩʔϧػೳ • netshϥΠΫͳίϚϯυUI •
Ϩϙʔτػೳ ཉ͍͠ػೳ
εςοϓ2 ݴޠΛܾΊΔ
ݴޠ
ͳΜͰ Θͳ͍ͷ?ͱࢥͬͨ͋ͳͨ
େઌഐʹಉ͜͡ͱݴ͑Δ?
https://github.com/rapid7/metasploit-framework/wiki/Why-Ruby%3F Why Ruby?
1. Ruby͍͍ΑRuby 2. Metasploit Framework 3. ActiveModelͳͲɺRailsͷࢿ࢈ ͳͥRubyʹ͔ͨ͠
εςοϓ3 ࡐྉΛἧ͑Δ
։ൃʹඞཁͳͷ ։ൃڥ ࢀߟࢿྉ
։ൃڥ
ࢀߟࢿྉ-1
ࢀߟࢿྉ-2 ଟ͘ͷૉΒ͍͠OSSͷίʔυ
εςοϓ4 γεςϜߏ
γεςϜߏ Console Controller TestSuite TestCase Command ActiveModel & ActiveRecord Report
DBMS Tester Command Command Command Command
γεςϜߏ Console Controller TestSuite TestCase ActiveModel & ActiveRecord Report DBMS
Tester ֦ுՄೳ Command Command Command Command Command TestSuite γεςϜʹؚΊͣ ผϦϙδτϦ
γεςϜߏ Console Controller TestSuite TestCase ActiveModel & ActiveRecord Report DBMS
Tester ֦ுػೳΛಈతʹload(unload) Command Command Command Command Command
γεςϜߏ Console Controller TestSuite TestCase ActiveModel & ActiveRecord Report DBMS
Tester δϣϒίϯτϩʔϧ Command Command Command Command Command
δϣϒίϯτϩʔϧ TestSuite TestCase A TestCase B TestCase C TestCase D
TestCase H TestCase E TestCase F TestCase G
δϣϒίϯτϩʔϧ Tester TestSuite TestCase A TestCase B TestCase C TestCase
D TestCase H TestCase E TestCase F TestCase G Host A TestSuite TestCase A TestCase B TestCase C TestCase D TestCase H TestCase E TestCase F TestCase G Host B Host/Portຖʹ TestCaseͷThreadΛੜ ಈ࡞Λࢹ/੍ޚ
εςοϓ5 DBઃܭ
DBMSબఆ
DBMSબఆ Cons ϚϧνεϨουରԠ͕໘ Cons ҉ͷܕมා͍ .oO(ORM͏͔Βؔͳ͍͚Ͳ)
DBઃܭ Ͱ͖Δ͚ͩγϯϓϧʹ ඞཁͳͷ͚ͩʹߜΔ Ұਓͷਓ͕ؒ શମΛѲͰ͖ΔαΠζ
DBઃܭ ςʔϒϧ9ݸ͚ͩ +ActiveRecordཧςʔϒϧ2ݸ
DBઃܭ ؊6ͭ
DBઃܭ sites ෳͷhostΛ ·ͱΊΔςʔϒϧ ʮஅ࡞ۀʯΛද͢
DBઃܭ hosts IPΞυϨε அϗετ
DBઃܭ ports ϙʔτ ϙʔτͷঢ়ଶΛอ࣋ udp/tcp, ൪߸, state, αʔϏε nmapϨϙʔτ (ਖ਼نԽ͖ͬͯ͠ͳ͍)
DBઃܭ evidences அূ ϦΫΤετͱ Ϩεϙϯε ϗετϙʔτͱ ݁ͼͭ͘
DBઃܭ vulnerabilities ੬ऑੑ 1:nͰূʹඥ͚ siteຖʹϢχʔΫ
DBઃܭ test_cases அ߲ ࣗݾࢀরܕ1:n݁߹Ͱ πϦʔߏʹ
εςοϓ6 ࣮
1) DBଓ : ActiveRecord/ActiveModel 2) UX/ೖग़ྗ : ReadLine/Logger 3) δϣϒίϯτϩʔϥ
: Thread/Mutex/ConditionVariable 4) Ϩϙʔτػೳ : Slim/jQuery/Bootstrap 5) ֦ுػೳ : ࠇຐज़/module_eval 6) ηοτΞοϓ : Rake 7) σόοά : pry-byebug 8) ίϯςφ : Docker/docker-compose 9) ϦϑΝΫλϦϯά : RuboCop 10)ςετ : RSpec ࣮
9)ϦϑΝΫλϦϯά ஏ͔͍ͣ͠ίʔυΛগ͠ஏ͔ͣ͘͠ͳ͘͢Δߦҝ ८ࠪϚδݫ͍͠ Assignment Branch Condition Size is too highͭΒ͍
10)ςετ RSpec ϑϨʔϜϫʔΫࣗΛςετ ςετ͕ॆ࣮͍ͯ͠Δͱ҆৺Ͱ͖Δ •RubygemsͷΞοϓάϨʔυ •ϦϑΝΫλϦϯά ͨͩ͠ɺεΫϥονͷϓϩάϥϜͷ߹ɺ ΧελϜϚονϟυϥΠόॻ͘ͷ͕େม
ল ࣮ఔͷ࠷ॳʹରԠ͖͢Ͱ͢
εςοϓ7 Φʔϓϯιʔεʹ͢Δ
1)ձࣾͷڐՄΛಘΔ 2)ϓϩμΫτ໊ΛܾΊΔ 3)ίϚϯυ໊ΛܾΊΔ 4)ϥΠηϯεΛܾΊΔ 5)υΩϡϝϯτΛॻ͘ 6)ެ։͢Δ Φʔϓϯιʔεʹ͢Δ
1)ձࣾͷڐՄΛಘΔ ձࣾͷϦιʔεͱ࣌ؒΛͬͯɺࣾπʔϧͱͯ͠։ൃ উखʹΦʔϓϯιʔεʹ͢ΔΘ͚ʹߦ͔ͳ͍ͷͰɺ Φʔϓϯιʔεʹ͢Δͱྑ͍͜ͱ͋ΔΑ ͱ͔ɺ༗Δࣄແ͍ࣄͯ͠ ্࢘ͱ͔Λὃઆಘͯ͠ڐՄΛΒ͏
2)ϓϩμΫτ໊ΛܾΊΔ ggϥϏϦςΟେࣄ ҙຯߟ͑ͳ͍
2)ϓϩμΫτ໊ΛܾΊΔ $BSBT'SBNFXPSL
$BSBT'SBNFXPSL 2)ϓϩμΫτ໊ΛܾΊΔ
3)ίϚϯυ໊ΛܾΊΔ ίϚϯυେࣄ λΠϓ͍͢͠จࣈྻ͕ྑ͍ λΠϓ͠ʹ͍͘จࣈྻͷྫ : 3DES
3)ίϚϯυ໊ΛܾΊΔ DBSBTI DBSBTTIFMM
からしゅ DBSBTI DBSBTTIFMM 3)ίϚϯυ໊ΛܾΊΔ
4)ϥΠηϯεΛܾΊΔ GPL BSD Apache/2.0 MIT WTFPL
4)ϥΠηϯεΛܾΊΔ GPL BSD Apache/2.0 MIT WTFPL
4)ϥΠηϯεΛܾΊΔ ͍·ͩʹΑ͘Θ͔ͬͯ·ͤΜ •ຊʹ͓͚Δ๏తͳҐஔ͚ •ஶ࡞ݖ/తࡒ࢈ݖ •ίϯτϦϏϡʔλͷஶ࡞ݖ •ྫ •ϦεΫ •ٛ ΦʔϓϯιʔεσΟετϦϏϡʔλͱͯ͠
5)υΩϡϝϯτΛॻ͘ I. ຊޠͰॻ͍ͯӳ༁ɺӳจͷΈެ։ II. ެ։ޙɺਓʹʮϫλγɺχϗϯδϯʯͱݴΘΕΔ III. ӳޠͷυΩϡϝϯτΛ༁ͯ͠push खॱ
6)ެ։͢Δ https://github.com/gsx-lab/caras-framework
·ͱΊ
·ͱΊ ηΩϡϦςΟ εΩϟχϯά ϑϨʔϜϫʔΫ Caras-FrameworkΛ Φʔϓϯιʔεʹ͠·ͨ͠ https://github.com/gsx-lab/caras-framework
͓·͚
େઌഐͷDB
େઌഐͷDB https://github.com/rapid7/metasploit-framework/blob/master/db/schema.rb
େઌഐͷDB
େઌഐͷDB ྺ࢙ͷॏΈ ϓϩδΣΫτͷن
େઌഐͷDB • ֎෦Ωʔ੍ͳ͠ • ORM -> Metasploit::Model • ҋ͕ਂ͍
ΤϞ͍ίʔυ
ΤϞ͍chord codeͱ ײΛ༳͞ͿΒΕΔcode όάͰͳ͍͕ɺͭΒΈͷ༗Δcode ྗͷ͕ྦΛ༠͏code => ΤϞ͍
ΤϞ͍code-1 https://github.com/gsx-lab/caras-framework/blob/master/docs/DEVELOP_TEST_SUITES.md#implementation-example TestCaseͷ ࣮νϡʔτϦΞϧ ͕ BannerGrabber
ΤϞ͍code-2 https://github.com/gsx-lab/caras-testsuite/search?q=sleep TestCaseαϯϓϧ ͷsleepϝιου ඇಉظॲཧΛ ίϯτϩʔϧ͖͠Εͳ͍ ൵͠Έ
ΤϞ͍code-3 https://github.com/gsx-lab/caras-framework/blob/master/app/models/evidence.rb EvidenceϞσϧ ActiveModelͰ ϝιουνΣʔϯॻ͘લʹ ཉ͍͠SQLจΛॻ͍ͯɺ ࣮ޙʹ #to_sql Ͱ Ұக͢Δ͔֬ೝ͍ͯ͠Δ
ΤϞ͍code-4 https://github.com/gsx-lab/caras-framework/blob/master/.gitignore Gemfile.lock͕ .gitignoreʹೖͬͯΔ TestSuitesΛؚΉ֤छػೳ֦ுͰ GemfileΛ͑ΔΑ͏ʹ͔ͨͬͨ͠ɻ -> Πϯετʔϧ͢Δػೳ֦ுʹΑͬͯ Gemfile.lock͕มΘΔͷͰɺ lockϑΝΠϧΛϦϙδτϦʹೖΕΒΕͳ͍ɻ
ͭΒ͍ɻ
͓͠·͍