AttackAPI 0.5

AttackAPI provides simple and intuitive web programmable interface for composing attack vectors. The project was primary inspired by the JythonShell applet. At its very early stage AttackAPI was a single extensible web enabled python console with a few modules.

The 0.5 release of AttackAPI is purely JavaScript based. This is not a shift in the project ideologies but rather an extension. It all started with the JavaScript Port Scanner which was sort of proof of concept tool. The current release still implements the same Port Scanner but in much less code and with a lot more efficiency in mind. Among the port scanner there are a few other tools: HistoryDumper, NetworkSweeper, ExtensionScanner, to name a few.

A single module (194 lines of code) that contains the entire library set is available HERE.

Latest info is here:

AttackAPI

Labels: ,

TCPReplay suite 3.0.beta10

Another good tool updated! TCPReplay suite 3.0.beta10 has been released.

For those that don’t know Tcpreplay is a suite of BSD licensed tools written by Aaron Turner for *NIX operating systems which gives you the ability to use previously captured traffic in libpcap format to test a variety of network devices. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 headers and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS’s. Tcpreplay supports both single and dual NIC modes for testing both sniffing and inline devices.

Tcpreplay is used by numerous firewall, IDS, IPS and other networking vendors, enterprises, universities, labs and open source projects.

Beta10 contains a number of major enhancements as the code continues to stabilize for the 3.0 stable release. The big changes include removing Libnet as a requirement, tcpprep and tcprewrite no longer requiring root access and improved packet timings for tcpreplay. There are also a number of smaller enhancements and bug fixes.

Also a lot of time has been spent updating the online manual on the wiki which covers most if not all the features of tcpreplay, tcpprep and tcprewrite.

This should be the final beta release and it’s expected to have the first release candidate in a month or so. Please download and test!

You can download it here:

TCPReplay

The new Wikified manual is here.

Download: http://prdownloads.sourceforge.net/tcpreplay/tcpreplay-3.0.beta10.tar.gz?download

Labels:

Wapiti

Wapiti allows you to audit the security of your web applications.

It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.

Wapiti can detect the following vulnerabilities :

  • File Handling Errors (Local and remote include/require, fopen, readfile…)
  • Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
  • XSS (Cross Site Scripting) Injection
  • LDAP Injection
  • Command Execution detection (eval(), system(), passtru()…)
  • CRLF Injection (HTTP Response Splitting, session fixation…)

Wapiti is able to differentiate ponctual and permanent XSS vulnerabilities. Wapiti prints a warning everytime it founds a script allowing HTTP uploads. A warning is also issued when a HTTP 500 code is returned (useful for ASP/IIS). Wapiti does not rely on a vulnerability database like Nikto do. Wapiti aims to discover unknown vulnerabilities in web applications. It does not provide a GUI for the moment and you must use it from a terminal.

Efficiency

Wapiti is developed in Python and use a Python library I made called lswww. This web spider library does the most of the work.
Unfortunately, the html parsers module within Python only works with well formated html pages so lswww fails to extract informations from bad-coded webpages.

You can read more here:

Wapiti

Labels: ,

eEye Duster

Duster is the Dead/Uninitialized Stack Eraser, an injectable DLL that causes uninitialized stack and heap memory in its host process to be wiped over with a specific value. It is intended as a crude tool to assist in the run-time discovery of uninitialized memory usage problems by increasing the chances that the host process will raise an exception when a value in uninitialized memory is used. To use Duster, just inject it into the target process (using the DLLInject utility), or add it to AppInit_DLLs (possible but not recommended).

Duster is a quick and dirty implementation of its concept, and as such, it has a number of limitations:

Stack wiping is accomplished by overwriting all memory between the stack commit “ceiling” and ESP, whenever RtlAllocateHeap, RtlReAllocateHeap, or RtlFreeHeap is called, an exception occurs, or a system call is dispatched, which seriously limits the execution flow “granularity” with which stack wiping occurs. Additionally, system call dispatch hooking is accomplished by replacing specific “INT 2Eh” or “MOV EDX, 7FFE0300h” instructions, the first of which currently relies upon a two-byte privileged instruction which is handled specially by the exception handler hook, resulting in some overhead but mostly making it difficult to use a debugger in conjunction with Duster on Windows 2000.

Heap wiping, in addition to a limited amount of heap and argument validation, is performed whenever a heap block is allocated or freed. This is roughly a subset of the functionality provided by the Windows heap manager in debug mode, with the most significant deficiency on Duster’s part being that it does not wipe memory following a call to RtlReAllocateHeap.

You can download here:

Duster

Labels: ,

SpikeSource Spike PHP Security Audit Tool

Spike is an Open Source tool based on the popular RATS C based auditing tool implemented for PHP.

The tool Spike basically does static analysis of php code for security exploits, PHP5 and call-time pass-by-reference are currently required, but a PHP4 version is coming out this week.

This tool is especially welcomed by Darknet as there aren’t many static analysis tools out there that are free, and there are very few tools for auditing PHP code..which as we all known tends to be coded quite insecurely at times (just look at phpBB and PhpNUKE).

You can find the latest version here:

Spike PHP Audit Tool

Labels: ,
Subscribe to: Posts (Atom)