Data

Tools

Indexes

Applications

Experiments

Open Source Science

gallia

Extendable Pentesting Framework

https://github.com/fraunhofer-aisec/gallia

Science Score: 75.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
    Found 2 DOI reference(s) in README
  • Academic publication links
    Links to: zenodo.org
  • Academic email domains
  • Institutional organization owner
    Organization fraunhofer-aisec has institutional domain (www.aisec.fraunhofer.de)
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (12.7%) to scientific vocabulary

Keywords

automotive pentesting python uds xcp
Last synced: 6 months ago · JSON representation ·

Repository

Extendable Pentesting Framework

Basic Info
Statistics
  • Stars: 146
  • Watchers: 9
  • Forks: 30
  • Open Issues: 65
  • Releases: 49
Topics
automotive pentesting python uds xcp
Created almost 4 years ago · Last pushed 6 months ago
Metadata Files
Readme Changelog Contributing License Citation Codeowners

README.md

Gallia

docs PyPI - Python Version PyPI - License PyPI DOI

Packaging status

Gallia is an extendable pentesting framework with the focus on the automotive domain. The scope of the toolchain is conducting penetration tests from a single ECU up to whole cars. Currently, the main focus lies on the UDS interface. Acting as a generic interface, the logging functionality implements reproducible tests and enables post-processing tasks. The rendered documentation is available via Github Pages.

Keep in mind that this project is intended for research and development usage only! Inappropriate usage might cause irreversible damage to the device under test. We do not take any responsibility for damage caused by the usage of this tool.

Testimonials

Levent Çelik et al. in Comparing Open-Source UDS Implementations Through Fuzz Testing:

Among the implementations we've identified, Gallia stands out as the most robust and dependable by a significant margin.

Quickstart

See the setup instructions.

First create a config template with --template, store it to a file called gallia.toml, and adjust it to your needs. gallia reads this file to set the defaults of the command line flags. All options correspond to a command line flag; the only required option for scans is gallia.scanner.target, for instance isotp://can0?src_addr=0x123&dst_addr=0x312&tx_padding=0xaa&rx_padding=0xaa.

$ gallia --template > gallia.toml

You are all set to start your first scan, for instance read the diagnostic trouble codes:

$ gallia primitive uds dtc read

The target can also be specified by the --target option on the command line. For the format of the --target argument see the transports documentation.

Acknowledgments

This work was partly funded by the German Federal Ministry of Education and Research (BMBF) as part of the SecForCARs project (grant no. 16KIS0790). A short presentation and demo video is available at this page.

Owner

  • Name: Fraunhofer AISEC
  • Login: Fraunhofer-AISEC
  • Kind: organization

IT security research institute Fraunhofer AISEC (Applied and Integrated Security)

Citation (CITATION.cff) 

# SPDX-FileCopyrightText: AISEC Pentesting Team
#
# SPDX-License-Identifier: CC0-1.0

# This CITATION.cff file was generated with cffinit.
# Visit https://bit.ly/cffinit to generate yours today!

cff-version: 1.2.0
title: gallia
message: >-
  If you use this software, please cite it using the
  metadata from this file.
type: software
# Authors are taken from the initial release commit:
# 075274c7fd253b944b5668fc3ae1c6d760882168 on Thu Apr 28 16:36:33 2022 +0200
authors:
  - given-names: Stefan
    family-names: Tatschner
    affiliation: Fraunhofer AISEC
    orcid: 'https://orcid.org/0000-0002-2288-9010'
    email: stefan.tatschner@aisec.fraunhofer.de
  - given-names: Tobias
    family-names: Specht
    email: tobias.specht@aisec.fraunhofer.de
    orcid: 'https://orcid.org/0009-0001-7615-7579'
    affiliation: Fraunhofer AISEC
  - given-names: Fabian
    family-names: Kügler
    email: fabian.kuegler@aisec.fraunhofer.de
    affiliation: Fraunhofer AISEC
  - given-names: Ferdinand
    family-names: Jarisch
    email: ferdinand.jarisch@aisec.fraunhofer.de
    affiliation: Fraunhofer AISEC
  - given-names: Johannes
    family-names: Obermaier
    email: johannes.obermaier@aisec.fraunhofer.de
    affiliation: Fraunhofer AISEC
    orcid: 'https://orcid.org/0000-0001-8021-6132'
  - given-names: Dieter
    family-names: Schuster
    email: dieter.schuster@aisec.fraunhofer.de
    affiliation: Fraunhofer AISEC
  - given-names: Tobias
    family-names: Madl
    email: tobias.madl@aisec.fraunhofer.de
    affiliation: Fraunhofer AISEC
  - given-names: Veronique
    family-names: Ehmes
    email: veronique.ehmes@aisec.fraunhofer.de
    orcid: 'https://orcid.org/0009-0001-3605-4305'
    affiliation: Fraunhofer AISEC
identifiers:
  - type: doi
    value: 10.5281/zenodo.10696368
    description: Zenodo Entry
repository-code: 'https://github.com/Fraunhofer-AISEC/gallia'
abstract: >-
  Gallia is an extendable pentesting framework with the
  focus on the automotive domain. The scope of the toolchain
  is conducting penetration tests from a single ECU up to
  whole cars. Currently, the main focus lies on the UDS
  interface. Acting as a generic interface, the logging
  functionality implements reproducible tests and enables
  post-processing tasks.
keywords:
  - pentesting
  - UDS
  - automotive
license: Apache-2.0

GitHub Events

Total
  • Create event: 106
  • Release event: 5
  • Issues event: 24
  • Watch event: 17
  • Delete event: 104
  • Issue comment event: 58
  • Push event: 419
  • Pull request review comment event: 14
  • Pull request review event: 28
  • Pull request event: 211
  • Fork event: 5
Last Year
  • Create event: 106
  • Release event: 5
  • Issues event: 24
  • Watch event: 17
  • Delete event: 104
  • Issue comment event: 58
  • Push event: 419
  • Pull request review comment event: 14
  • Pull request review event: 28
  • Pull request event: 211
  • Fork event: 5

Issues and Pull Requests

Last synced: 6 months ago

All Time
  • Total issues: 102
  • Total pull requests: 489
  • Average time to close issues: 6 months
  • Average time to close pull requests: 20 days
  • Total issue authors: 8
  • Total pull request authors: 11
  • Average comments per issue: 0.89
  • Average comments per pull request: 0.37
  • Merged pull requests: 405
  • Bot issues: 1
  • Bot pull requests: 224
Past Year
  • Issues: 19
  • Pull requests: 195
  • Average time to close issues: 20 days
  • Average time to close pull requests: 8 days
  • Issue authors: 4
  • Pull request authors: 6
  • Average comments per issue: 0.47
  • Average comments per pull request: 0.22
  • Merged pull requests: 160
  • Bot issues: 1
  • Bot pull requests: 68
View more stats
Top Authors
Issue Authors
  • rumpelsepp (90)
  • mich41v4294 (3)
  • fkglr (2)
  • dependabot[bot] (2)
  • ferdinandjarisch (2)
  • peckto (2)
  • LeventCelik (1)
  • VeroSec (1)
Pull Request Authors
  • dependabot[bot] (258)
  • rumpelsepp (167)
  • ferdinandjarisch (76)
  • fkglr (36)
  • emedav (17)
  • peckto (16)
  • mich41v4294 (5)
  • polybassa (4)
  • reshma-vasudevan (3)
  • VeroSec (2)
  • emeisd (1)
Top Labels
Issue Labels
stale (24) bug (11) maint (6) enhancement (3) dependencies (3) documentation (2) help wanted (1) good first issue (1) github_actions (1) python (1)
Pull Request Labels
dependencies (258) python (177) python:uv (41) github_actions (40) bug (38) enhancement (18) stale (18) maint (3)

Packages

  • Total packages: 1
  • Total downloads:
    • pypi 286 last-month
  • Total dependent packages: 0
  • Total dependent repositories: 2
  • Total versions: 52
  • Total maintainers: 2
pypi.org: gallia

Extendable Pentesting Framework

  • Versions: 52
  • Dependent Packages: 0
  • Dependent Repositories: 2
  • Downloads: 286 Last month
Rankings
Stargazers count: 7.0%
Dependent packages count: 7.4%
Forks count: 8.1%
Average: 9.7%
Dependent repos count: 11.9%
Downloads: 14.2%
Maintainers (2)
peckto rumpelsepp
Last synced: 6 months ago

Dependencies

poetry.lock pypi
  • alabaster 0.7.12 develop
  • astroid 2.11.6 develop
  • atomicwrites 1.4.0 develop
  • babel 2.10.3 develop
  • binaryornot 0.4.4 develop
  • black 22.6.0 develop
  • boolean.py 4.0 develop
  • certifi 2022.6.15 develop
  • chardet 4.0.0 develop
  • click 8.1.3 develop
  • colorama 0.4.5 develop
  • dill 0.3.5.1 develop
  • docutils 0.17.1 develop
  • flake8 4.0.1 develop
  • imagesize 1.3.0 develop
  • importlib-metadata 4.11.4 develop
  • iniconfig 1.1.1 develop
  • isort 5.10.1 develop
  • jedi 0.18.1 develop
  • jinja2 3.1.2 develop
  • lazy-object-proxy 1.7.1 develop
  • license-expression 30.0.0 develop
  • lxml-stubs 0.4.0 develop
  • markdown-it-py 2.1.0 develop
  • markupsafe 2.1.1 develop
  • mccabe 0.6.1 develop
  • mdit-py-plugins 0.3.0 develop
  • mdurl 0.1.1 develop
  • mypy 0.961 develop
  • mypy-extensions 0.4.3 develop
  • myst-parser 0.18.0 develop
  • parso 0.8.3 develop
  • pathspec 0.9.0 develop
  • platformdirs 2.5.2 develop
  • pluggy 1.0.0 develop
  • py 1.11.0 develop
  • pycodestyle 2.8.0 develop
  • pyflakes 2.4.0 develop
  • pygments 2.12.0 develop
  • pylint 2.14.4 develop
  • pylsp-mypy 0.6.2 develop
  • pylsp-rope 0.1.9 develop
  • pytest 7.1.2 develop
  • pytest-asyncio 0.18.3 develop
  • python-debian 0.1.44 develop
  • python-lsp-black 1.2.1 develop
  • python-lsp-jsonrpc 1.0.0 develop
  • python-lsp-server 1.4.1 develop
  • pytz 2022.1 develop
  • pyyaml 6.0 develop
  • requests 2.28.0 develop
  • reuse 1.0.0 develop
  • rope 1.1.1 develop
  • snowballstemmer 2.2.0 develop
  • sphinx 5.0.2 develop
  • sphinx-rtd-theme 1.0.0 develop
  • sphinxcontrib-applehelp 1.0.2 develop
  • sphinxcontrib-devhelp 1.0.2 develop
  • sphinxcontrib-htmlhelp 2.0.0 develop
  • sphinxcontrib-jsmath 1.0.1 develop
  • sphinxcontrib-qthelp 1.0.3 develop
  • sphinxcontrib-serializinghtml 1.1.5 develop
  • toml 0.10.2 develop
  • tomli 2.0.1 develop
  • tomlkit 0.11.0 develop
  • types-aiofiles 0.8.8 develop
  • types-tabulate 0.8.11 develop
  • ujson 5.4.0 develop
  • urllib3 1.26.9 develop
  • zipp 3.8.0 develop
  • aiofiles 0.8.0
  • aiohttp 3.8.1
  • aiosignal 1.2.0
  • aiosqlite 0.17.0
  • argcomplete 2.0.0
  • async-timeout 4.0.2
  • attrs 21.4.0
  • cffi 1.15.0
  • charset-normalizer 2.0.12
  • construct 2.10.68
  • frozenlist 1.3.0
  • idna 3.3
  • msgpack 1.0.4
  • multidict 6.0.2
  • packaging 21.3
  • pycparser 2.21
  • pyparsing 3.0.9
  • python-can 4.0.0
  • pywin32 304
  • tabulate 0.8.10
  • typing-extensions 4.2.0
  • windows-curses 2.3.0
  • wrapt 1.14.1
  • yarl 1.7.2
  • zstandard 0.18.0
pyproject.toml pypi
  • Sphinx ^5.0.2 develop
  • black ^22.6.0 develop
  • flake8 ^4.0.1 develop
  • isort ^5.10.1 develop
  • lxml-stubs ^0.4.0 develop
  • mypy ^0.961 develop
  • myst-parser ^0.18.0 develop
  • pylint 2.14.4 develop
  • pylsp-mypy ^0.6.2 develop
  • pylsp-rope ^0.1.8 develop
  • pytest ^7.1.2 develop
  • pytest-asyncio ^0.18.0 develop
  • python-lsp-black ^1.1.0 develop
  • python-lsp-server ^1.3.3 develop
  • reuse ^1.0.0 develop
  • sphinx-rtd-theme ^1.0.0 develop
  • types-aiofiles ^0.8.8 develop
  • types-tabulate ^0.8.11 develop
  • aiofiles ^0.8.0
  • aiohttp ^3.8.1
  • aiosqlite ^0.17.0
  • argcomplete ^2.0.0
  • construct ^2.10.68
  • python >=3.9,<3.11
  • python-can ^4.0.0
  • tabulate ^0.8.9
  • zstandard >=0.17,<0.19
.github/workflows/codeql-analysis.yml actions
  • actions/checkout v3 composite
  • actions/setup-python v4 composite
  • github/codeql-action/analyze v2 composite
  • github/codeql-action/init v2 composite
.github/workflows/docs.yml actions
  • Gr1N/setup-poetry v8 composite
  • actions/cache v3 composite
  • actions/checkout v3 composite
  • actions/download-artifact v3 composite
  • actions/setup-python v4 composite
  • actions/upload-artifact v3 composite
  • crazy-max/ghaction-github-pages v3 composite
.github/workflows/linters.yml actions
  • Gr1N/setup-poetry v8 composite
  • actions/cache v3 composite
  • actions/checkout v3 composite
  • actions/setup-python v4 composite
.github/workflows/python-publish.yml actions
  • Gr1N/setup-poetry v8 composite
  • actions/cache v3 composite
  • actions/checkout v3 composite
  • actions/setup-python v4 composite
  • pypa/gh-action-pypi-publish release/v1 composite
.github/workflows/tests.yml actions
  • Gr1N/setup-poetry v8 composite
  • actions/cache v3 composite
  • actions/checkout v3 composite
  • actions/setup-python v4 composite
.github/workflows/upload-artifacts.yml actions
  • Gr1N/setup-poetry v8 composite
  • actions/cache v3 composite
  • actions/checkout v3 composite
  • actions/setup-python v4 composite