umap2 v2.0.1 ~ USB Host Security Assessment Tool – Revision 2.
This revision will have all the features that were supported in the first revision:
* umap2emulate – USB device emulation
* umap2scan – USB host scanning for device support
* umap2detect – USB host OS detection (no implemented yet)
* umap2fuzz – USB host fuzzing
In this revision there will be some additional features:
+ USB host fuzzing uses kitty as fuzzing engine
+ Umap2 not only contains executable scripts, but is also installed as a package and may be used as a library
Warning: umap2 is still an experimental, alpha stage tool. The APIs, executable names, etc. are likely to be changed in the near future. Use at your own risk.
+ Facedancer is the recommended hardware for Umap2. Umap2 was developed based on it, and you’ll get the most support with it.
+ GadgetFS is partially supported (only BeagleBone Black at the moment). This support is very experimental (even more than the rest of Umap2) and limited. If you are interested, read the gadget/README.rst for more information.
Fuzzing with Umap2 is composed of three steps, which might be unified into a single script in the future.
1. Find out what is the order of messages for the host you want to fuzz and the USB device that you emulate:
2. Start the kitty fuzzer in a separate shell, and provide it with the stages generated in step 1.
3. Start the umap2 keyboard emulation in fuzz mode
After stage 3 is performed, the fuzzing session will begin.
pip install git+https://github.com/nccgroup/umap2.git#egg=umap2
git clone https://github.com/nccgroup/umap2.git && cd umap2
sudo python setup.py install