In short, SCUTUM configures your personal computer automatically against malicious TCP/UDP traffic and ARP spoofing attacks. This software uses UFW to setup conventional firewall for you, determines and locks the gateway MAC address so you won’t get ARP-spoofed.
This software is designed to be compact and effective. Currently it can support only one interface at a time. Traffic will only be allowed on one interface. We are looking into possibilities of supporting multiple interfaces at once.
wgetis required for quick install
gitshould be installed
Example for a typical Ubuntu environment (18.04)
$ sudo apt install git python3-pip curl $ sudo pip3 install avalon_framework
Full SCUTUM Dependency list can be found in DEPENDENCIES.md
$ sudo sh -c "$(curl -fsSL https://raw.githubusercontent.com/K4YT3X/scutum/master/bin/quickinstall.sh)"
$ sudo sh -c "$(wget https://raw.githubusercontent.com/K4YT3X/scutum/master/bin/quickinstall.sh -O -)"
Long story short, ARP firewall. It automatically adds gateways to the whitelist on connect and blocks everthing else to avoid potential threat.
SCUTUM is an ARP firewall that prevents your computer from being ARP-spoofed by other computers on LAN. SCUTUM controls “arptables” in your computer so it accepts ARP packets only from the gateway. This way, when people with malicious intentions cannot spoof your arp table. SCUTUM also prevents other people from detecting your device on LAN if SCUTUM is used with properly configured TCP/UDP firewall.
SCUTUM is also capable of handling tcp/udp/icmp traffic with iptables. You can choose to enable this feature during installation. However, a more professional firewall controller like UFW is recommended. They can handle traffic with more precision.
You should run a installation before running it for the first time for setting up configuration files. I am not sure if portable version is necessary. If you think this should be changed, raise an issue and I will change it.
Quick install above is recommended
git clone https://github.com/K4YT3X/scutum.git cd SCUTUM/ sudo python3 scutum.py --install
ENABLE: Enable SCUTUM (Start spontaneously) DISABLE: Disable SCUTUM (Never start spontaneously) DISABLE (Temporarily): Disable SCUTUM until the next time connected to a network
SCUTUM starts automatically by itself after installation.
Full up-to-date usage can be found by executing:
$ scutum --help
$ sudo service scutum start # Start scutum service $ sudo service scutum stop # Stop scutum service $ sudo systemctl enable scutum # Start SCUTUM with system $ sudo systemctl disable scutum # Don't start SCUTUM with system $ sudo scutum # Start SCUTUM Normally $ sudo scutum --start # Start SCUTUM Manually for once even it it's disabled $ sudo scutum --enable # Enable SCUTUM (Start automatically on connect) $ sudo scutum --disable # Disable SCUTUM (Don't start automatically on connect) $ sudo scutum --reset # Reset SCUTUM (Allow ALL ARP packages temporarily) $ sudo scutum --purgelog # Purge SCUTUM logs $ sudo scutum --install # Run scutum installation wizard and install SCUTUM into system $ sudo scutum --uninstall # Remove SCUTUM from system completely $ sudo scutum --upgrade # Upgrade SCUTUM and AVALON Framework