# Introduction Gallia is a comprehensive penetration testing toolchain for cars. The scope of the toolchain is conducting penetration tests from a single ECU up to whole cars, with the main focus on the UDS interface. ## Artifacts Folder Structure Gallia uses its own folder structure to store its scan results (called artifacts). The structure is as follows: ``` - run- - LATEST -> ``` Every scan run creates the following artifact files: | File | Description | |------------------------|----------------------------------------| | `OUTPUT.zstd` | Compressed log file | | `META.json` | Information about the executed Scanner | | `ecu_params_pre.json` | ECU parameters read before the scan | | `ecu_params_post.json` | ECU parameters read after the scan | | `*.pcap.gz` | Network capture | ## Discover Endpoints When physically connected to the ECU, we first need to identify all available endpoints on the DUT. Depending on the target protocol, different discover scanner are provided: * `gallia discover-can-ids` (UDS) * `gallia discover-endpoints` (UDS) * `gallia discover-iso-tp-addr` (UDS) * `discover-xcp` (XCP) The identified endpoints are stored in the `ECUs.txt` artifact file. ## UDS Scanner The following table shows the most important UDS scanner. For a compleat list, please have a look at the help page. | Scanner | Description | |--------------------|---------------------------------------------------------| | `scan-services` | Iterate sessions and services and find endpoints | | `scan-sessions` | Iterate Sessions (recursively) | | `scan-identifiers` | This scanner scans DataIdentifiers of various services. | ## Database Gallia can log all its scan result into a sqlite database. For more details see: [Database](database)