Hackers of India

Toliman, a Hadoop Pentesting Tool

By Jitendra Chauhan on 06 Feb 2015 @ Nullcon
πŸ’» Source Code πŸ”— Link
We need help to complete this entry! Missing: presentation, Video
I can help!
#security-assessment #security-tools #cloud-workload-protection #dynamic-analysis #exploit-development
Focus Areas: πŸ” Application Security , ☁️ Cloud Security , βš™οΈ DevSecOps , 🦠 Malware Analysis , 🎯 Penetration Testing , πŸ” Vulnerability Management
This talk covers following tools where the speaker has contributed or authored
TOLIMAN

Abstract

Toliman is a Hadoop Penetration Testing and Security Audit tool with the following main objectives: Evaluate how secure is a given Hadoop Deployment, and develop a Swiss Knife for Hadoop Pentesting and Security Audit. It is one of the first tools of its kind and we hope that it will a long way in this direction.

Some of the capabilities of the tool are as follows:

Hadoop Version Detection (< 2.x or > 2.x) Services Identification Fingerprinting Security Audit of Configuration Validate Authentication and Authorization Stealing Sensitive Information Exploitation Modules: Malicious MR Job, Container Permission Analysis Toliman will have following modes:

Information Gathering (IG) Configuration Audit (AG) Safe Exploitation (S-EX) Thunder (Complete Exploitation)