Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
セキュリティ スキャニング フレームワークの作り方/Seven staps to build a Security Scanning Framework
Search
moperon
October 31, 2017
Programming
1
810
セキュリティ スキャニング フレームワークの作り方/Seven staps to build a Security Scanning Framework
https://github.com/gsx-lab/caras-framework
#ssmjp
%s/staps/steps/
moperon
October 31, 2017
Tweet
Share
Other Decks in Programming
See All in Programming
大規模Reactアプリのリアーキテクチャ~8万行のTanStack Query移行の軌跡~
kj455
4
950
Compose-View Interop in Practice (mDevCamp 2024)
stewemetal
0
120
Behind VS Code Extensions for JavaScript / TypeScript Linnting and Formatting
unvalley
5
900
Scalable Customer Journey Orchestration (CJO)
lewuathe
0
120
Git Rebase
bkuhlmann
11
1.6k
1BRC--Nerd Sniping the Java Community
gunnarmorling
0
340
使ってみよう Azure AI Document Intelligence
kosmosebi
2
300
VS Code をプロダクトにどう取り込むか
onomax
1
360
From Spring Boot 2 to Spring Boot 3 with Java 22 and Jakarta EE
ivargrimstad
0
1.1k
⼤規模⾔語モデルの拡張(RAG)が 終わったかも知れない件について
nearme_tech
23
15k
Ruby Function Composition
bkuhlmann
1
330
SIMD Parallel Programming with the Vector API
josepaumard
0
140
Featured
See All Featured
Faster Mobile Websites
deanohume
299
30k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
Imperfection Machines: The Place of Print at Facebook
scottboms
260
12k
Raft: Consensus for Rubyists
vanstee
132
6.3k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
YesSQL, Process and Tooling at Scale
rocio
164
13k
Designing with Data
zakiwarfel
96
4.8k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
17
1.4k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3k
GitHub's CSS Performance
jonrohan
1025
450k
Adopting Sorbet at Scale
ufuk
68
8.6k
Documentation Writing (for coders)
carmenintech
60
3.9k
Transcript
ηΩϡϦςΟεΩϟχϯά ϑϨʔϜϫʔΫͷͭ͘Γ͔ͨ @moperon 2017/10/31 #ssmjp
࣍ ࣗݾհ ੬ऑੑஅͱ ՝ 7εςοϓͰ։ൃ ·ͱΊ
@moperon • ηΩϡϦςΟΤϯδχΞ • ੬ऑੑஅྺ10 PF/Web/Android/ଞ͍Ζ͍Ζ • ੬ऑੑஅʹ·ͭΘΔ։ൃ ࣾπʔϧ։ൃ •
20174݄͔ΒR&D෦ • ࠓಡΜͰ͍Δٕज़ॻ -> Cooking for Geeks
੬ऑੑஅͱ
੬ऑੑஅͱ ࣄલ४උ அ ใࠂ
੬ऑੑஅͱ ੬ऑੑΛݕग़͢Δ࡞ۀ
੬ऑੑஅͱ ੬ऑੑΛݕग़͢Δ࡞ۀ ͪΐͬͱҧ͏
੬ऑੑஅͱ ੬ऑੑͷ༗ແΛ֬ೝՄೳͳ ূΛऩू͢Δ࡞ۀ
ηΩϡϦςΟεΩϟφ ূෆ ِӄੑ/ِཅੑ
खಈஅͷඞཁੑ ূͷऩू ِཅੑ/ِӄੑͷϦΧόϦ
՝
खಈஅͷ՝ ૿͑ଓ͚Δஅख๏ ޮͷѱӨڹ
εΩϟφͱखಈͷ伱ؒ Χόʔ͖͠Εͳ͍ அ߲ ୯७͚ͩͲ ख͕͔͔ؒΔ அ߲
ηΩϡϦςΟ εΩϟχϯά ϑϨʔϜϫʔΫ • ηΩϡϦςΟεΩϟφΛ ։ൃ͢ΔͨΊͷϑϨʔϜϫʔΫ • அ߲ΛϓϥάΠϯԽ Λ࡞Ζ͏ खಈஅΛ͋ΔఔࣗಈԽ͢ΔͨΊɺ
ηΩϡϦςΟεΩϟχϯά ϑϨʔϜϫʔΫ Λ࡞Δ 7ͭͷεςοϓ
εςοϓ1 ཉ͍͠ػೳΛܾΊΔ
γϯϓϧͰίϯύΫτͳγεςϜ • அ߲ϓϥάΠϯ • ࣮ߦॱΛߏʹఆٛՄೳ • ϚϧνεϨουͷδϣϒίϯτϩʔϧػೳ • netshϥΠΫͳίϚϯυUI •
Ϩϙʔτػೳ ཉ͍͠ػೳ
εςοϓ2 ݴޠΛܾΊΔ
ݴޠ
ͳΜͰ Θͳ͍ͷ?ͱࢥͬͨ͋ͳͨ
େઌഐʹಉ͜͡ͱݴ͑Δ?
https://github.com/rapid7/metasploit-framework/wiki/Why-Ruby%3F Why Ruby?
1. Ruby͍͍ΑRuby 2. Metasploit Framework 3. ActiveModelͳͲɺRailsͷࢿ࢈ ͳͥRubyʹ͔ͨ͠
εςοϓ3 ࡐྉΛἧ͑Δ
։ൃʹඞཁͳͷ ։ൃڥ ࢀߟࢿྉ
։ൃڥ
ࢀߟࢿྉ-1
ࢀߟࢿྉ-2 ଟ͘ͷૉΒ͍͠OSSͷίʔυ
εςοϓ4 γεςϜߏ
γεςϜߏ Console Controller TestSuite TestCase Command ActiveModel & ActiveRecord Report
DBMS Tester Command Command Command Command
γεςϜߏ Console Controller TestSuite TestCase ActiveModel & ActiveRecord Report DBMS
Tester ֦ுՄೳ Command Command Command Command Command TestSuite γεςϜʹؚΊͣ ผϦϙδτϦ
γεςϜߏ Console Controller TestSuite TestCase ActiveModel & ActiveRecord Report DBMS
Tester ֦ுػೳΛಈతʹload(unload) Command Command Command Command Command
γεςϜߏ Console Controller TestSuite TestCase ActiveModel & ActiveRecord Report DBMS
Tester δϣϒίϯτϩʔϧ Command Command Command Command Command
δϣϒίϯτϩʔϧ TestSuite TestCase A TestCase B TestCase C TestCase D
TestCase H TestCase E TestCase F TestCase G
δϣϒίϯτϩʔϧ Tester TestSuite TestCase A TestCase B TestCase C TestCase
D TestCase H TestCase E TestCase F TestCase G Host A TestSuite TestCase A TestCase B TestCase C TestCase D TestCase H TestCase E TestCase F TestCase G Host B Host/Portຖʹ TestCaseͷThreadΛੜ ಈ࡞Λࢹ/੍ޚ
εςοϓ5 DBઃܭ
DBMSબఆ
DBMSબఆ Cons ϚϧνεϨουରԠ͕໘ Cons ҉ͷܕมා͍ .oO(ORM͏͔Βؔͳ͍͚Ͳ)
DBઃܭ Ͱ͖Δ͚ͩγϯϓϧʹ ඞཁͳͷ͚ͩʹߜΔ Ұਓͷਓ͕ؒ શମΛѲͰ͖ΔαΠζ
DBઃܭ ςʔϒϧ9ݸ͚ͩ +ActiveRecordཧςʔϒϧ2ݸ
DBઃܭ ؊6ͭ
DBઃܭ sites ෳͷhostΛ ·ͱΊΔςʔϒϧ ʮஅ࡞ۀʯΛද͢
DBઃܭ hosts IPΞυϨε அϗετ
DBઃܭ ports ϙʔτ ϙʔτͷঢ়ଶΛอ࣋ udp/tcp, ൪߸, state, αʔϏε nmapϨϙʔτ (ਖ਼نԽ͖ͬͯ͠ͳ͍)
DBઃܭ evidences அূ ϦΫΤετͱ Ϩεϙϯε ϗετϙʔτͱ ݁ͼͭ͘
DBઃܭ vulnerabilities ੬ऑੑ 1:nͰূʹඥ͚ siteຖʹϢχʔΫ
DBઃܭ test_cases அ߲ ࣗݾࢀরܕ1:n݁߹Ͱ πϦʔߏʹ
εςοϓ6 ࣮
1) DBଓ : ActiveRecord/ActiveModel 2) UX/ೖग़ྗ : ReadLine/Logger 3) δϣϒίϯτϩʔϥ
: Thread/Mutex/ConditionVariable 4) Ϩϙʔτػೳ : Slim/jQuery/Bootstrap 5) ֦ுػೳ : ࠇຐज़/module_eval 6) ηοτΞοϓ : Rake 7) σόοά : pry-byebug 8) ίϯςφ : Docker/docker-compose 9) ϦϑΝΫλϦϯά : RuboCop 10)ςετ : RSpec ࣮
9)ϦϑΝΫλϦϯά ஏ͔͍ͣ͠ίʔυΛগ͠ஏ͔ͣ͘͠ͳ͘͢Δߦҝ ८ࠪϚδݫ͍͠ Assignment Branch Condition Size is too highͭΒ͍
10)ςετ RSpec ϑϨʔϜϫʔΫࣗΛςετ ςετ͕ॆ࣮͍ͯ͠Δͱ҆৺Ͱ͖Δ •RubygemsͷΞοϓάϨʔυ •ϦϑΝΫλϦϯά ͨͩ͠ɺεΫϥονͷϓϩάϥϜͷ߹ɺ ΧελϜϚονϟυϥΠόॻ͘ͷ͕େม
ল ࣮ఔͷ࠷ॳʹରԠ͖͢Ͱ͢
εςοϓ7 Φʔϓϯιʔεʹ͢Δ
1)ձࣾͷڐՄΛಘΔ 2)ϓϩμΫτ໊ΛܾΊΔ 3)ίϚϯυ໊ΛܾΊΔ 4)ϥΠηϯεΛܾΊΔ 5)υΩϡϝϯτΛॻ͘ 6)ެ։͢Δ Φʔϓϯιʔεʹ͢Δ
1)ձࣾͷڐՄΛಘΔ ձࣾͷϦιʔεͱ࣌ؒΛͬͯɺࣾπʔϧͱͯ͠։ൃ উखʹΦʔϓϯιʔεʹ͢ΔΘ͚ʹߦ͔ͳ͍ͷͰɺ Φʔϓϯιʔεʹ͢Δͱྑ͍͜ͱ͋ΔΑ ͱ͔ɺ༗Δࣄແ͍ࣄͯ͠ ্࢘ͱ͔Λὃઆಘͯ͠ڐՄΛΒ͏
2)ϓϩμΫτ໊ΛܾΊΔ ggϥϏϦςΟେࣄ ҙຯߟ͑ͳ͍
2)ϓϩμΫτ໊ΛܾΊΔ $BSBT'SBNFXPSL
$BSBT'SBNFXPSL 2)ϓϩμΫτ໊ΛܾΊΔ
3)ίϚϯυ໊ΛܾΊΔ ίϚϯυେࣄ λΠϓ͍͢͠จࣈྻ͕ྑ͍ λΠϓ͠ʹ͍͘จࣈྻͷྫ : 3DES
3)ίϚϯυ໊ΛܾΊΔ DBSBTI DBSBTTIFMM
からしゅ DBSBTI DBSBTTIFMM 3)ίϚϯυ໊ΛܾΊΔ
4)ϥΠηϯεΛܾΊΔ GPL BSD Apache/2.0 MIT WTFPL
4)ϥΠηϯεΛܾΊΔ GPL BSD Apache/2.0 MIT WTFPL
4)ϥΠηϯεΛܾΊΔ ͍·ͩʹΑ͘Θ͔ͬͯ·ͤΜ •ຊʹ͓͚Δ๏తͳҐஔ͚ •ஶ࡞ݖ/తࡒ࢈ݖ •ίϯτϦϏϡʔλͷஶ࡞ݖ •ྫ •ϦεΫ •ٛ ΦʔϓϯιʔεσΟετϦϏϡʔλͱͯ͠
5)υΩϡϝϯτΛॻ͘ I. ຊޠͰॻ͍ͯӳ༁ɺӳจͷΈެ։ II. ެ։ޙɺਓʹʮϫλγɺχϗϯδϯʯͱݴΘΕΔ III. ӳޠͷυΩϡϝϯτΛ༁ͯ͠push खॱ
6)ެ։͢Δ https://github.com/gsx-lab/caras-framework
·ͱΊ
·ͱΊ ηΩϡϦςΟ εΩϟχϯά ϑϨʔϜϫʔΫ Caras-FrameworkΛ Φʔϓϯιʔεʹ͠·ͨ͠ https://github.com/gsx-lab/caras-framework
͓·͚
େઌഐͷDB
େઌഐͷDB https://github.com/rapid7/metasploit-framework/blob/master/db/schema.rb
େઌഐͷDB
େઌഐͷDB ྺ࢙ͷॏΈ ϓϩδΣΫτͷن
େઌഐͷDB • ֎෦Ωʔ੍ͳ͠ • ORM -> Metasploit::Model • ҋ͕ਂ͍
ΤϞ͍ίʔυ
ΤϞ͍chord codeͱ ײΛ༳͞ͿΒΕΔcode όάͰͳ͍͕ɺͭΒΈͷ༗Δcode ྗͷ͕ྦΛ༠͏code => ΤϞ͍
ΤϞ͍code-1 https://github.com/gsx-lab/caras-framework/blob/master/docs/DEVELOP_TEST_SUITES.md#implementation-example TestCaseͷ ࣮νϡʔτϦΞϧ ͕ BannerGrabber
ΤϞ͍code-2 https://github.com/gsx-lab/caras-testsuite/search?q=sleep TestCaseαϯϓϧ ͷsleepϝιου ඇಉظॲཧΛ ίϯτϩʔϧ͖͠Εͳ͍ ൵͠Έ
ΤϞ͍code-3 https://github.com/gsx-lab/caras-framework/blob/master/app/models/evidence.rb EvidenceϞσϧ ActiveModelͰ ϝιουνΣʔϯॻ͘લʹ ཉ͍͠SQLจΛॻ͍ͯɺ ࣮ޙʹ #to_sql Ͱ Ұக͢Δ͔֬ೝ͍ͯ͠Δ
ΤϞ͍code-4 https://github.com/gsx-lab/caras-framework/blob/master/.gitignore Gemfile.lock͕ .gitignoreʹೖͬͯΔ TestSuitesΛؚΉ֤छػೳ֦ுͰ GemfileΛ͑ΔΑ͏ʹ͔ͨͬͨ͠ɻ -> Πϯετʔϧ͢Δػೳ֦ுʹΑͬͯ Gemfile.lock͕มΘΔͷͰɺ lockϑΝΠϧΛϦϙδτϦʹೖΕΒΕͳ͍ɻ
ͭΒ͍ɻ
͓͠·͍