Archive | Programming

Advertisements


11 March 2008 | 6,582 views

Fusil Fuzzer 0.7 – Fuzzing Functions in Python

Fusil is a fuzzing framework written in Python and distributed under GNU GPLv2 license. Fusil allows you to easily write “Fuzzing Projects” from a set of functions such as: Create a process Compile a C program Watch a process Watch syslog and so on Fusil uses small “agents” which exchange messages to launch actions. e.g. […]

Continue Reading


29 February 2008 | 5,441 views

SCARE – Source Code Analysis Risk Evaluation Tool

The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary. This metric will not say that the binary will be exploited nor does it do […]

Continue Reading


22 February 2008 | 6,981 views

SWFIntruder – Analysis and Security Testing of Flash Applications

With a recent spate of attacks from banner ads (many of which are using flash) this might be a useful tool if you are using flash or more accurately flash applications on your website or portal. I did mention a Flash decompiler a while back, now we have SWFIntruder (pronounced Swiff Intruder), which is apparently […]

Continue Reading


18 February 2008 | 10,746 views

Apple iPhone Unlocked Again – 1.1.2 and 1.1.3 Firmware

Once again Apple iPhone has been unlocked by a determined youngster, the same who was amongst the first to unlock it last year winning himself a rather nice car and a few 8gb iPhones. It just shows nothing is infallible, all he needed to find was a writable memory address and he was pretty much […]

Continue Reading


18 December 2007 | 20,069 views

Pcapy – Python Interface to LibPcap

Pcapy is a Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets. Advantages of Pcapy […]

Continue Reading


10 November 2007 | 11,870 views

Skavenger – Source Code Auditing Tool!

Skavenger? Yes, because scavenger is already used?!? What is skavenger? Skavenger is a source code auditing tool, firstly though for php, but also used for any kind of source code file; as long as you know what to look for… Yes I thought is as a replacement tool for egrep/sed under Windows! because not everybody […]

Continue Reading


08 November 2007 | 4,009 views

untidy – XML Fuzzer

Seen as though untidy was mentioned again fairly recent, it sparked my memory that I have a fairly old draft regarding untidy the XML Fuzzer. Fuzzing is definitely becoming an important part of Pen Testing and especially application security – we’ve published about quite a few and I’m sure there are more in development. Anyway, […]

Continue Reading


06 November 2007 | 6,911 views

WSBang – Python Based SOAP Services Testing Tool

WSBang is designed to be a lightweight, open source fuzzer for web services. It takes as input the URL or file system location of a WSDL for the web service to be tested. Upon completion, a simple HTML view of the test results will be displayed. Method parameters are fuzzed based on their type as […]

Continue Reading


01 November 2007 | 6,373 views

Tutorial for Fuzzled – Writing a Fuzzer with the Fuzzled Framework

If you remember we mentioned Fuzzled a little while back, the PERL fuzzing framework. Apparently Fuzzled 1.1 should be coming out soon. Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them. […]

Continue Reading


21 September 2007 | 8,214 views

LORCON (Loss Of Radio CONnectivity) 802.11 Packet Library

The LORCON packet injection library provides a high level interface to transmit IEEE 802.11 packets onto a wireless medium. Written for Linux systems, this architecture simplifies the development of 802.11 packet injection through an abstraction layer, making the development of auditing and assessment tools driver- independent. Using LORCON, developers can write tools that inject packets […]

Continue Reading


Advertisements