Skip to content

README.md

Latest commit

 

History

History
123 lines (91 loc) · 4.97 KB

README.md

File metadata and controls

123 lines (91 loc) · 4.97 KB
VoidProbe Logo

⬡ VoidProbe

IEC 62443 DRRM Runtime Resource Monitor for Industrial Control Systems

VoidProbe is a real-time monitoring and security assessment tool designed to evaluate Linux-based embedded systems against the IEC 62443-4-2 Denial of Service Resistance and Resilience to Resource Management (DRRM) requirements.

By deploying architecture-specific, zero-footprint agents, VoidProbe tracks system health during active security testing (penetration testing or fuzzing) to identify resource exhaustion, process crashes, and communication robustness failures.

🚀 Key Features (v1.0.0)

🌍 Multi-Architecture Support

  • Auto-Detection: On first run, VoidProbe detects the target's architecture (uname -m) and deploys the matching binary.
  • Pre-built agents: Support for AMD64, ARM64, ARMv7, ARMv6, MIPS, MIPSle, and RISC-V.

⚡ Persistent Session Management

  • Disk-Backed Store: Telemetry is persisted to an embedded bbolt database on the tool side. No longer limited by RAM.
  • Session Restore: Use the -restore flag to resume a previous monitoring session, preserving all historical data and baselines.
  • Live Export: Press F4 in the TUI to generate a full HTML report at any time without stopping the test.

🔒 Zero-Footprint & Resilient Agent

  • Self-Deletion: The agent binary deletes itself from the target disk (/tmp) immediately upon execution.
  • Local Buffering: If the connection to the tool is lost, the agent buffers telemetry locally and re-syncs upon reconnection.
  • Auto-Cleanup: Wipes its temporary database on graceful exit.

🖥️ Hacker-Themed TUI Dashboard

  • Real-time metrics visualization: CPU, Memory, Load, TCP connections, FDs.
  • F1: Configuration editor with live syntax highlighting and save support.
  • F2: Remote Process Viewer (ps aux via SSH).
  • F3: PTrace Debugger (read-only memory/register inspection).
  • F5: Clear logs.

📊 IEC 62443 DRRM Compliance Mapping

VoidProbe specifically addresses the Dynamic Runtime Resource Management (DRRM) requirements of IEC 62443-4-2:

Requirement (SR) VoidProbe Capability
SR 7.1 Resource Management Monitors memory/CPU consumption for specific processes during stress tests to prevent total system exhaustion.
SR 7.2 Resource Availability Detects process crashes and tracks restart counts to verify system resilience and watchdog effectiveness.
SR 7.8 Comm. Robustness Tracks SYN_RECV states and TCP connection rates to detect vulnerability to SYN/ACK floods and resource-based DoS.
SR 7.9 System Resource Usage Monitors per-process File Descriptors (FDs), handles, and thread counts against system limits.

🛠️ Usage

1. Build

Generate the tool and all architecture-specific agents:

make build VERSION=1.0.0

2. Configure

Copy the sample config and update your target details:

cp voidprobe_config.sample.yaml voidprobe_config.yaml

3. Run

Start a new session:

./build/voidprobe_tool

Or restore the latest session:

./build/voidprobe_tool -restore
Key Action
Q Quit and generate final HTML report
F4 Export report now (without quitting)
F1 Edit active configuration
F2 Show remote ps aux
F3 Open Debugger Stub

📈 HTML Reports

VoidProbe generates self-contained, interactive HTML reports featuring:

  • Interactive Timelines: Memory, Load Average, Open FDs, and TCP/SYN states using Chart.js.
  • Anomalies Section: Grouped and deduplicated summary of all detected spikes, crashes, and unauthenticated shared memory segments.
  • Dark/Light Mode: Toggleable theme for easy analysis.
  • Compliance Info: Direct mapping of session findings to IEC 62443 requirements.

🧪 Testing Environment (Docker)

To safely try VoidProbe, use the included Docker target:

  1. docker build -t voidprobe-test ./tests
  2. docker run -d -p 2222:22 --name vp-target voidprobe-test
  3. Launch voidprobe_tool targeting 127.0.0.1:2222.
  4. Trigger anomalies using stress-ng (see tests/TEST_COMMANDS.md).

📂 Architecture

internal/
├── store/       # bbolt persistent storage & session handling
├── report/      # HTML templating with Chart.js & IEC 62443 logic
├── tui/         # Terminal user interface & telemetry server
├── agent/       # Cross-platform monitoring core
├── monitor/     # /proc-based metric parsers
└── ssh/         # Encrypted transport & architecture detection

⚖️ License & Disclaimer

This tool is provided for authorized security testing and compliance auditing only. The authors are not responsible for misuse or damage caused by this software. Use only on systems you own or have explicit permission to test.