Aztarna – A Footprinting Tool For Robots

This repository contains Alias Robotic’s aztarna, a footprinting tool for robots.

Alias Robotics supports original robot manufacturers assessing their security and improving their quality of software.

By no means we encourage or promote the unauthorized tampering with running robotic systems. This can cause serious human harm and material damages.

Also Read:Tcpreplay – Pcap Editing & Replay Tools For UNIX & Windows

For ROS

  • A list of the ROS nodes present in the system (Publishers and Subscribers)
  • For each node, the published and subscribed topis including the topic type
  • For each node, the ROS services each of the nodes offer
  • A list of all ROS parameters present in the Parameter Server
  • A list of the active communications running in the system. A single communication includes the involved publiser/subscriber nodes and the topics

For SROS

  • Determining if the system is a SROS master.
  • Detecting if demo configuration is in use.
  • A list of the nodes found in the system. (Extended mode)
  • A list of allow/deny policies for each node.
    • Publishable topics.
    • Subscriptable topics.
    • Executable services.
    • Readable parameters.

For Industrial routers

  • Detecting eWON, Moxa, Sierra Wireless and Westermo industrial routers.
  • Default credential checking for found routers.

Aztarna Installation

For production

Direcly from PyPi

pip3 install aztarna

or from the repository:

pip3 install .

For development

pip3 install -e .
or
python3 setup.py develop

Python 3.7 and the setuptools package is required for installatio

Install with docker

docker build -t aztarna_docker .

Code usage:

usage: aztarna [-h] -t TYPE [-a ADDRESS] [-p PORTS] [-i INPUT_FILE]
[-o OUT_FILE] [-e] [-r RATE] [–shodan] [–api-key API_KEY]
Aztarn
optional arguments:
-h, –help show this help message and exit
-t TYPE, –type TYPE Scan ROS, SROS
hosts or Industrial routers
-a ADDRESS, –address ADDRESS
Single address or network range to scan.
-p PORTS, –ports PORTS
Ports to scan (format: 13311 or 11111-11155 or
1,2,3,4)
-i INPUT_FILE, –input_file INPUT_FILE
Input file of addresses to use for scanning
-o OUT_FILE, –out_file OUT_FILE
Output file for the results
-e, –extended Extended scan of the hosts
-r RATE, –rate RATE Maximum simultaneous network connections
–shodan Use shodan for the scan types that support it.
–api-key API_KEY Shodan API Key

Run the code (example input file):

aztarna -t ROS -p 11311 -i ros_scan_s20.csv

Run the code with Docker (example input file):

docker run -v :/root -it aztarna_docker -t ROS -p 11311 -i

Run the code (example single ip address):

aztarna -t ROS -p 11311 -a 115.129.241.241

Run the code (example subnet):

aztarna -t ROS -p 11311 -a 115.129.241.0/24

Run the code (example single ip address, port range):

aztarna -t ROS -p 11311-11500 -a 115.129.241.241

Run the code (example single ip address, port list):

aztarna -t ROS -p 11311,11312,11313 -a 115.129.241.241

Run the code (example piping directly from zmap):

zmap -p 11311 0.0.0.0/0 -q | aztarna -t SROS -p 11311

Run the code (example search for industrial routers in shodan)

aztarna -t IROUTERS –shodan –api-key

Run the code (example search for industrial routers in shodan, piping to file)

aztarna -t IROUTERS –shodan –api-key -o routers.csv

R K

Recent Posts

ROADTools: The Modern Azure AD Exploration Framework

ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…

4 hours ago

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…

5 hours ago

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

1 day ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

1 day ago

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning

HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…

2 days ago

Comments in Bash Scripts

What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…

1 week ago