Berrettini is a CTF framework made with the intent to help exploit software. It provides features to simplify exploit development, extensive libraries for specific purposes, and documentation.
Berrettini Main Features
Berrettini’s main feature is sub-engines that allow one to easily deploy plugins that attack different targets or perform different tasks without having to put much effort into interoperability between them. This means it is easy to develop exploits targeting Android applications where each sub-engine can be tasked with fuzzing, cryptanalysis, etc… on its own and simply communicate with the rest of the system via standard protocols such as Filesystem, HTTP, and Network Socket protocols which guarantees interoperability among all ‘engines’. For example, you could use an engine that grabs screenshots of iOS apps while another engine intercepts all HTTP traffic in an android app. The engines are also designed to be autonomous so you could use them on the same target even if they don’t communicate amongst themselves at startup, they can simply access each other through a filesystem or network sockets later.
Another feature is that Berrettini comes with exploit development kits for different software vulnerabilities such as CVE-2011-2462 for JBoss, CVE-2015-1538 for Android, and CVE-2012-2825 for iOS. These kits contain source code of exploits for these vulnerabilities along with restricted shells to test your exploits against without having to install the actual apps/services etc…
The documentation contains a lot about information security concepts mostly about exploitation but also cryptography. The documentation is divided into different sections, each section contains a brief explanation about the concept and where applicable Python code to perform certain tasks.
Lightweight web By Berrettini
Berrettini also provides a lightweight web interface that acts as a launcher for all engines and a proxy between them and any services they communicate with. This gives the user visibility over which exploit is being executed, its process id, etc… The main purpose of this feature is to allow scripted tests for regression purposes or simply automate certain processes such as fuzz testing or exploit generation without having to use exploits against potentially unstable targets.
The framework is written in Python for flexibility and because it’s easy to write parsers (for generating exploits) since the language is highly expressive. I choose Python over Ruby or other languages due to flexibility, maturity of libraries, and the fact that people are more likely to know Python than any other scripting language, especially for exploit development. The included exploit kits are written in C/C++ for efficiency when putting an exploit together (i.e., sharing code between target engines).
Berrettini aims not only at security professionals but also beginners who want to learn about software vulnerabilities without having to worry about interoperability issues among toolsets. It tries to address this by providing documentation with information ranging from exploitation basics, cryptography concepts, shellcodes, etc…
Do with Berrettini
In general: you can exploit software vulnerabilities thanks to the exploit development kits that come along with it. You can also use Berrettini as a framework for coordinating tasks among different engines. For example, if you want to fuzz an Android app using multiple tools you need a tool that coordinates this process and runs them in parallel on your computer or on a cloud platform such as AWS EC2 etc…