Rinnegan is a tool that I wrote for greatly reducing my time in understanding and reversing complex distributed systems. Source available at https://github.com/tunnelshade/rinnegan.
Imagine a setup of Chef which has a server, message queues, distributed database, configuration system and many more processes running on each of servers that run core chef infrastructure. Now, finding bugs in Chef is a lot easier if you can understand how it works and sadly chef being a product that sells, all it's inner workings are not publicly documented for us to read and understand.
So, I needed a way to visualize what components are running and what communications are happening between those components. Enter Rinnegan, named after most powerul eyes from Naruto verse.
Rinnegan uses Grafana dashboards for visualizing and influxdb for storing data. A collection of scripts help in deploying/managing a small agent on all appliances of interest which help in collecting traces and do some basic tasks.
Let us use Rinnegan to start reversing HDFS working.
$ go get https://github.com/tunnelshade/rinnegan
$ cd $GOPATH/src/github.com/tunnelshade/rinnegan/infrastructure
$ make start
$ docker ps --format="{{.Names}}"
grafana
influxdb
admin:admin
to login. Navigate to rinnegan
dashboard and you should see something like below.$ git clone https://github.com/flokkr/runtime-compose.git
$ cd runtime-compose/hdfs/viewfs
$ docker-compose up -d
$ docker ps --format="{{.Names}}" | grep viewfs
viewfs_datanodex_1
viewfs_nny_1
viewfs_nnx_1
viewfs_datanodey_1
./bin/rinnegan.sh
is the right utility. To use it, we need to fix two files present in
samples/
directory. hosts
file is used to list one target per
line. variables
has some necessary environment variables set, fix
them accordingly.RINNEGAN_DOCKER
in variables to true and source it out.$ docker ps --format="{{.Names}}" > ./samples/hosts
$ source ./samples/variables
$ ./bin/rinnegan.sh --help
Usage: rinnegan <host_regex> [agent|deploy|list|stop|wipe|exec]
<host_regex> grep regex that will be applied to filter hosts
agent Interact with agents deployed on targets
deploy Deploy agents on to targets
list List all active agents
stop Stop all active agents
wipe Remove any file leftovers on targets, run after stopping
exec Run commands on targets directly, nothing fancy
make linux_agent
.$ ./bin/rinnegan.sh "." deploy
$ ./bin/rinnegan.sh "." list
$ ./bin/rinnegan.sh "." agent module run ps
$ ./bin/rinnegan.sh "nnx" exec apk add strace
strace
module. This way
rinnegan is quite verbose in telling what is missing, which in this
case is wrong ptrace_scope value. Let us start strace module as
well.$ ./bin/rinnegan.sh "." exec sysctl -w kernel.yama.ptrace_scope=0
$ ./bin/rinnegan.sh "nnx" agent module run strace 125 trace=desc
$ ./bin/rinnegan.sh "nnx" agent module list
$ ./bin/rinnegan.sh "nnx" agent module stop strace_trace=desc_125
$ ./bin/rinnegan.sh "nnx" agent module run netstat 125
$ ./bin/rinnegan.sh "nnx" agent module run strace 125 trace=desc
$ ./bin/rinnegan.sh "nodex" agent module run strace 68 trace=desc
What else is rinnegan capable of doing?
agent iptables --help
. A good http reverse
proxy is mitmproxy
.$ ./bin/rinnegan.sh "nnx" agent iptables --help
build/frida/
, adding a new script there
requires you to redeploy or get that script to target and then just
use script name without extension.$ ./bin/rinnegan.sh "nnx" exec apk add py-pip
$ ./bin/rinnegan.sh "nnx" exec pip install frida-tools
$ ./bin/rinnegan.sh "nnx" agent module run frida 125 ssl-bypass
Rinnegan is a very experimental software which gets feature as and when I need them, but it has been super helpful in reversing some complex blackbox systems. It was built to solve my constant frustration of having to check processes, trace them, redirect traffic and tamper with those.
If something seems to be not working