Abstract

LAMMA Framework (beta) aims to be a comprehensive suite for Vulnerability Assessment & auditing of crypto, PKI and related implementations.

Written in Python, LAMMA an extensible framework and supports automated assessments at large scale. LAMMA has 4 different modules to cover major aspects of Crpto-Implementations

REMOTE Module : Tests a Server TLS/SSL configurations and Public Certificate. It Checks for all known vulnerabilities from CRIME, BEAST to OFF by 20. + it has unique checks like certificate timeline analysis and detection of weak modulus.

CRYPTO Module : checks the various crypto primitives right from Random Numbers, Private keys, HASHes generated by any underlying framework (like Openssl, Java KeyTool etc) for Quality, Backdooring & Sanity.

TRUST Module : checks certificates in the trust stores of TPM, Browser, Apps to find any pinned, un-trusted certificates like “SuperFish”. It also looks for stolen, insecurely stored private keys to avoid spreading of MASK APT like malware.

SOURCE Module : Helps to enforce “Cryptography Review Board” recommendations of your organisation. It uncover use of weak/backdoored schemes like “Dual_EC_DRBG” in Juniper’s case.

Best thing of LAMMA is, its a command line and completely Open Source tool