Abstract
LAMMA (beta) is a Framework for Vulnerability Assessment & auditing of cryptography, PKI and related implementations. Developed in Python, LAMMA is a command line utility, built with the focus of automating the Crypto-Assessment for large infrastructures. The framework is highly extendable and allows usres to write and integrate their own plugins seamlessly.
LAMMA (beta) supports 4 modules which have many plugins for very specific purpose.
-
REMOTE - Module scans remote Hosts for SSL/TLS configuration, and reports any gap, vulnerabilities discovered with unique features like Time-Line-analysis of server Certificate, Deep mining of certificates and TLS/SSL session parameters.
-
CRYPTO - This Module checks the various crypto primitives generated by any underlying framework for Quality, backdoor & sanity. Few of Primary Checks :
- Quality Test for Random Number Generated
- Sanity Checks for shared Prime numbers in multiple RSA keys
- Safe and Strong Prime test
- Shared modulus test & MalSha, Malformed Digest Test
- TRUST - Module checks various trust and key stores for - insecure Private keys and un-trusted certificates. Here are few novel feature of LAMA framework.
- Extract Prime number and Modulus from Private keys for sanity and strength check
- Track Private Keys across the network for insecure storage & Track multiple instances
- Find and list List pinned & un-trusted certificates & Public Key, and track their presence
- SOURCE - Module helps to enforce “Cryptography Review Board” recommendations of your organisation. This module scans source code for use of insecure and weak schemes like
- MD*/SHA/SHA1 hashes
- ECB/CBC block cipher mode
- rand() or /dev/rand functions or back-doored schemes in use like Dual_EC_DRBG, p224r1, secp384r1