Have you ever wondered if attackers could actually reach a vulnerable section of code?
Landing Zone is a proof of concept tool that checks if specific user inputs can lead to execution of known-vulnerable functions.
Example use cases:
- You are an exploit researcher trying to determine if a list of inputs can lead to a vulnerable function.
- You are a security engineer who has a vulnerable application but no patches are available. You want to know if your users or attackers can reach the vulnerable code.
- You are a vulnerability management practitioner who wants to prove that your security controls can prevent specific inputs from reaching known-vulnerable functions in an application.
This tool was created to satisfy classwork for Dakota State University's CSC-842 Security Tool Development.
Demo video: here
You must have the following software installed prior to using this tool:
- Python 3 interpreter
- Pip3
- GNU Debugger
At this time we only support GNU/Linux-based operating systems.
1. Installation
pip install landing-zone
landing-zone --help
2. Create a config file to test your application
vim conf.yaml
# the target application
target: "testApplication/testApp"
# arguments to pass to target
arguments:
- "1"
- "2"
- "3"
- "999"
# the functions you would like to check for execution
functions:
- "mock_CVE_2023_0466"
- "mock_CVE_2023_0215"
- "mock_CVE_2022_4450"
3. Analyze Application
landing-zone --conf conf.yaml
Example Output:
INFO:root:reading config file: 'conf.yaml'
INFO:root:examining target application: 'testApplication/testApp'
WARNING:root:Landed in target function with arguments: '1'
---------------------------
testApp.c:16:mock_CVE_2023_0466
testApp.c:34:mock1
testApp.c:63:main
...
If I were to maintain this program going forward, I would:
- support regular expressions for functions listed in conf file
- allow conditional break points (i.e. only alert if one or more conditions are true)
- support additional debuggers such as lldb and windbg