scoreboard

A scoreboard for verifying and scoring services in a red vs. blue competition.

Dependencies

• python3
• fooster-web
• dnspython
• python-ldap
• python-mysqlclient
• paramiko

Debian/Ubuntu/Kali

$ sudo apt install build-essential python3 python3-dev python3-setuptools python3-cffi libsasl2-dev zlib1g-dev libssl-dev libldap2-dev libmariadb-dev
$ sudo ./setup.py install

RedHat/CentOS

$ sudo yum groupinstall "Development Tools"
$ sudo yum install epel-release
$ sudo yum install python36 python36-devel python36-setuptools python36-cffi openldap-devel mariadb-devel
$ sudo ./setup.py install

Fedora

$ sudo dnf groupinstall "Development Tools"
$ sudo dnf install python3-devel python3-cffi openldap-devel mariadb-devel
$ sudo ./setup.py install

Arch

$ sudo pacman -S base-devel python-cffi libldap libmariadbclient
$ sudo ./setup.py install

Gentoo

$ sudo emerge dev-python/cffi net-nds/openldap dev-db/mariadb-connector-c
$ sudo ./setup.py install

macOS

Requires Homebrew.

$ brew install python3 mysql-connector-c
$ ./setup.py install

Configuring

Options

All options are reconfigurable at runtime by modifying the original configuration file specified on the command line. This is especially useful for starting and stopping scoring by using the score option at runtime. Other options adjust polling interval (interval), service connect timeout (timeout), how often to poll for configuration changes (poll), how many workers processes to spawn (workers), and whether to show scores in the HTML and JSON interface (show).

score = True

interval = 60
timeout = 3
poll = 1
workers = 4
show = True

Teams

Each team is identified by a name that maps to a base IP address from which the offset for each service will be added. Generally this will be the base address in the CIDR notation for each team's network (without the mask). This assumes that each service is at the same offset for each team.

Example

teams = collections.OrderedDict()
teams['Team1'] = '10.0.130.0'
teams['Team2'] = '10.0.131.0'
teams['Team3'] = '10.0.132.0'
teams['Team4'] = '10.0.133.0'

Services

Services are identified by a name that maps to a configuration for how the scoreboard should score the service. This includes at a minimum the protocol to score with and the IP address offset of the service relative to each team's base IP address. Any protocol option can be a list that when found will generate a random index each poll interval and use the same index for all lists in the service for all teams.

Example

services = collections.OrderedDict()
services['FTP'] = {'proto': 'ftp', 'offset': 5, 'port': 21, 'file': 'DONOTDELETE', 'contents': 'asdf', 'dne': 'DOESNOTEXIST'}
services['SSH'] = {'proto': 'ssh', 'offset': 6, 'port': 22, 'username': 'asdf', 'password': 'asdf'}
services['HTTP'] = {'proto': 'http', 'offset': 7, 'port': 80, 'method': 'GET', 'url': ['/', '/test1', '/test2'], 'regex': [r'asdf', r'asdf1', r'asdf2']}
services['MySQL'] = {'proto': 'mysql', 'offset': 8, 'port': 3306, 'username': 'asdf', 'password': 'asdf', 'db': ''}

Ping

Options

None

TCP

Options

• port

DNS

Options

• port
• hostname (name to lookup)
• type (type of lookup)
• answer (optional; checks for response)

FTP

Options

• port
• cert (optional; uses FTPS; boolean or string path of CA certificate)
• username (optional; uses login information)
• password (optional; uses login information)
• file (optional; checks for contents of file)
• contents (optional; checks for contents of file)
• dne (optional; checks for lack of file)

HTTP

Options

• port
• cert (optional; uses HTTPS; boolean or string path of CA certificate)
• method (optional; sends HTTP request)
• headers (optional; sends HTTP headers)
• host (optional; sends HTTP Host header)
• url (optional; sends HTTP request)
• body (optional; sends HTTP request body)
• regex (optional; regular expression to check for in the HTTP response)

IMAP

Options

• port
• cert (optional; uses STARTTLS; boolean or string path of CA certificate)
• username (optional; uses login information)
• password (optional; uses login information)
• list (optional; checks for email list)

LDAP

Options

• port
• cert (optional; uses STARTTLS; boolean or string path of CA certificate)
• dn (optional; uses simple bind)
• password (optional; uses simple bind)
• base (optional; searches for common name under base name)
• cn (optional; searches for common name under base name)

MySQL

Options

• port
• username (uses login information)
• password (uses login information)
• db (optional; uses database)
• query (optional; executes and checks query)
• result (optional; executes and checks query)

POP3

Options

• port
• cert (optional; uses STARTTLS; boolean or string path of CA certificate)
• username (optional; uses login information)
• password (optional; uses login information)
• list (optional; checks for email list)

SFTP

Options

• port
• username (uses login information)
• password (uses login information)
• file (optional; checks for contents of file)
• contents (optional; checks for contents of file)
• dne (optional; checks for lack of file)

SMTP

Options

• port
• cert (optional; uses STARTTLS; boolean or string path of CA certificate)
• username (optional; uses login information)
• password (optional; uses login information)
• from_ (optional; attempts to prepare an email which does not get sent)
• to (optional; attempts to prepare an email which does not get sent)

SSH

Options

• port
• username (uses login information)
• password (uses login information)

Running

$ scoreboard config.py