Skip to content

Latest commit

 

History

History
97 lines (66 loc) · 3.95 KB

README.md

File metadata and controls

97 lines (66 loc) · 3.95 KB

This repository has been migrated to a new URL. Please visit the following link for the latest updates: new URL.

Micro-Id-Gym (MIG)

Micro-Id-Gym (MIG) aims to assist system administrators and testers in the deployment and pen-testing of IdM protocol instances.

Features

  • Setup and deploy a custom SSO solution based on SAML and OIDC/OAuth
  • Run automated tests to discover vulnerabilities in the implementation of SSO based on SAML and OIDC/OAuth
  • Graphically represents the authentication flow as message sequence chart and deeply inspect it
  • Access Cyber Threat Intelligence (CTI) information to assess how a vulnerability can be exploited and how severe it is

Dependencies

To be able to run MIG framework you will need to install:

Download

You can download MIG framework by cloning this git repository:

git clone https://github.com/stfbk/micro-id-gym/

Usage

Open a new terminal, reach the dashboard folder and install the necessary packages with the command:

npm install

Run then the dashboard with the command:

node app

Visit localhost:2020 to start using MIG framework webapp. A dashboard for the configuration is presented. Here you can customize the ports where the System Under Test (SUT) and the tools will run. At the end of the configuration, click on the button Download scenario and tools to generate a folder with the customized SUT and tools. Following the instructions provided by the webapp and available also in the README file inside the folder, you can run the testing environment.

The instructions to use the frontend components are available at the following links:
MSC Drawer:

STIX Visualizer:

Pentesting tools:

Credits

MIG framework exists thanks to the following projects:

References

[1] OASIS Cyber Threat Intelligence (CTI) TC
[2] Security Considerations OAuth (accessed june 23, 2020)
[3] Security Assertion Markup Language (SAML) V2.0 Technical Overview
[4] OpenID Connect

License

Copyright 2019-2020, Fondazione Bruno Kessler

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Developed within Security & Trust Research Unit at Fondazione Bruno Kessler (Italy)