With Dagah, security analysts can design a campaign of penetration test attacks against targets, launch them, and review the results. Attacks simulate phishing, harvesting, iOS profile, and malicious application exploitations. Each attack can be delivered over Short Message Service (SMS), Quick Response (QR) Codes, Near-Field Communications (NFC), or messaging applications.
QR Code attacks
Messaging Apps attacks
Android Agent post exploitation
iOS Agent post exploitation
The software consists of four components:
An Android Application for the Penetration Tester that bridges the engine to the cellular network for sending SMS and broadcasting via NFC. A Twilio account can be substituted for the Android Application for sending SMS messages.
Android and/or iOS Agents (simulated malicious applications) for targeted phones
Server-based engine: which can be interfaced via command line interface (CLI)
A web-based GUI: which can be interfaced via a browser
A penetration tester designs CAMPAIGNs consisting of ATTACKs and runs them against TARGETs. Targets are phone numbers. Any number of attacks can be run within a campaign and a campaign can be run against a set of targets.
Attacks are of a type:
Basic Phishing: Simulating phishing to draw mobile users into following a link
Harverster: Simulating a phishing attack to draw mobile users to a fake website to harvest their user credentials
Agent: Simulating a phishing attack to trick users into side loading a “malicious” application containing a backdoor remote agent
Client Side: Exploiting mobile devices with client-side vulnerabilities
Agent: Simulating a phishing attack to trick users into side loading a settings profile or trust chain to the iPhone.
Each attack can be delivered via four methods:
SMS: Text messages
QR Codes: A graphic image that contains an encoded URI that can be printed and displayed
NFC: A broadcast message that can be received by nearby mobile devices taking them to a URI
Messaging Apps Text messages over messaging applications like Twitter or WhatsApp.
EXTERNAL: A message delivered outside of dagah such as via emails
A campaign is designed, staged, and then run against groups of targets. The same campaign can be run against another group of targets later for A/B testing. Results are reported per campaign.
For all attacks using SMS or NFC methods, a “modem” is used to bridge to the mobile network. The DagahModemBridge application will need to be installed on a penetration tester’s mobile device and configured to connect to the engine. All SMS and NFC methods will appear to be coming from the phone number of the mobile device running the modem application.