OM Pentesting
This repository is a store for experiments in pentesting Syft and Grid.
The aim of this work is to identify weaknesses in Syft and Grid - places where they leak private information or open up a party to attack.
Important: as this repository shows, neither Syft nor Grid are suitable for use in a sensitive production environment.
Contributing
If you would like to work on an investigative line of inquiry, feel free to open an issue with your proposed method. If you see an open issue you would like to work on, let the team know in the comments.
Submitting
All work is useful, even if the attack did not work as intended.
Please open a PR with new code
in the following structure:
<tool-under-investigation>/<method_of_investigation>.
For example,
code for
port scanning PySyft
might be placed under
syft/port_scanning.
Each method should have a README.md
file which explains:
- Brief explanation of the method
- Why the method is useful/possible outcomes
- Relevant links to further information on the technique
- Requirements for running the investigation
- Actual outcomes (blank if WIP)
License
This project is developed under the MIT license. Read the license for more information.