// January 15th, 2012 // No Comments » // Atheneum, Projects
Name : SQLol
Category : SQL Injection
Author : Daniel Crowley
Download URL : https://github.com/SpiderLabs/SQLol
Description : SQLol is a configurable SQL injection testbed. SQLol allows
you to exploit SQL injection flaws, but furthermore allows
a large amount of control over the manifestation of the flaw.
// September 28th, 2011 // No Comments » // Atheneum, Projects
Name : PE Dumper
Category : PE File Analysis.
Author : Rashid Bhatt
Download URL : http://texe.codeplex.com
Description : Texe is Portable Executable Import and Exports Viewer And Disassembler for Microsoft Windows. It can view Symbols Imported and Exported by a portable Executable and can also disassembler the code section of executable. It generates output in form of a html report.
// July 3rd, 2011 // 1 Comment » // Projects
Name: Project Jugaad
Category: API (Linux)
Author/Owner: Aseem Jakhar
Source Code: https://github.com/aseemjakhar/jugaad
Download the project from github using git command:
$ git clone git://github.com/aseemjakhar/jugaad.git
Introduction:
Windows malware conveniently uses the CreateRemoteThread API to delegate critical tasks within
the context of other processes. However, there is no similar API on Linux to perform such operations.
This paper talks about my research on creating an API similar to CreateRemoteThread for the *nix
platform.
The aim of the research is to show, how a simple debugging functionality in *nix OSes can be
exploited by a piece of malware to hide itself and delegate the critical (malicious) operations to an
innocent process.
The presented Proof of Concept toolkit named “Jugaad” currently works on Linux. In order to achieve
its primary goal, it allocates the required memory space inside a specified process, creates a thread,
injects arbitrary payload and executes it in the context of the remote thread.
Whitepaper: http://null.co.in/2011/07/03/project-jugaad/
// March 18th, 2011 // 2 Comments » // Atheneum, Projects
Name: Malware Analyser
Category: Malware Analysis
Author/Owner: Beenu Arora
Download URL: http://www.malwareanalyser.com
Description:
Malware Analyzer aims to aid static and dynamic analysis of malwares.
The static analysis allows analyst to predict the behaviour of malware without actually executing it which in turns saves resources in terms of time and effort. It can be useful for string based analysis for Windows registry, API calls, IRC Commands, DLL’s called and anit-VMWare code detection. It can perform a full ASCII dump of the PE along with other options. It can also generate various section of a PE. Malware analyzer also assists on the code analysis of the malware. It can also perform an online malware check. Based on PeID signatures, it can also detect packers used to compress it. It also provides a tracer functionality that can be used to identify anti-debugging calls tricks, file system manipulation calls, Rootkit hooks, keyboard hooks, DEP setting changes, Hardware Breakpoints,Internet communication etc generally used by malwares. It also performs the CRC and timestamp based verification to detect any anomalies along with entropy based scan for identification of malicious sections. The tool can be used to create signatures of a malware which then can be exported as custom signature of AV or IDS. It also allows viewing modules of process along with complete process dumping
.
The Dynamic analysis allows predicting the actual behaviour of the malware at runtime. Currently malwareanalyser allows hooking to certain APIs File creation and Registry creation and more to come near future.
Screenshot:
// December 16th, 2010 // No Comments » // Projects
Name: metaPwn
Category: Metasploit Automater
Author/Owner: Prajwal Panchmahalkar
Download URL: http://metapwn.sourceforge.net/
Description:
It will combine the process of nmap scanning and uses the output of the nmap scans to perform an autopwn on the target machines.
// August 29th, 2010 // No Comments » // Projects
Name: n00bRAT
Category: Backdoor
Author/Owner: Abhishek Kumar
Download URL: http://n00brat.sourceforge.net/
Description:
An undetectable Remote Administration Tool -OR- trojan, an all new approach. Easily usable, Client just requires any Web Browser to control remote machine via WebPage. Fooling firewalls/ids/ips security solutions, as it operates like any web-site.
// June 8th, 2010 // No Comments » // Projects
Name: Spiderpig
Category: PDF Fuzzer
Author/Owner: cons0ul
Download URL: http://code.google.com/p/spiderpig-pdffuzzer/
Description:
Adobe and others uses javascript in pdfs to enhance standard workflow for example connecting to database ,spell checking,printing n viewing etc..when we open pdf in reader,it executes this javascript code(ya we all know that). so goal of spiderpig is to find bugs in pdf reader’s javascript engine. spiderpig reads methods prototype from an input file and creates pdf file. Most of the pdf fuzzers which are available on internet are file format fuzzers which tries to fuzz the adobe’s file format implementation.I didnt find one fuzzer which fuzzes adobe’s javascript imeplementaiton,so here we have spiderpig a javascript fuzzer for pdf file format which tries to screw up pdf reader using javascript methods.
spiderpig uses bruteforce method to abuse reader, it creates methods using all range of evil parameters.If you are aware of fuzzers like axman and dranzer,you know what I am talking about.spiderpig reads methods prototype from an input file and creates stream of javascript code and then this stream is then added into pdf file using makepdf module.
An example Input file is in spiderpig’s directory named as test.proto .
test.proto contains methods prototypes with (object/namespace scope)which helps spiderpig to understand the method and its parameters.Add prototypes of methods which are you going to test in this file.Each new method must be written on new line. For example if you want to test methods [alert] and [beep] methods from [app] object you can write prototype as follows
app.alert(nIcon,nType,cTitle,oDoc,oCheckbox)
app.beep(nType)
it will create 2 pdfs 1 for app.alert(app.alert.pdf) and another for app.beep(app.beep.pdf).
>>/parameters type:
spiderpig understands type of parameter(strin,number,boolean,object) by reading
the first character of parameter written in methods prototype.
spiderpig understands,
n for numbers
b for boolean
o for object
c for string
so while writing prototype add them as shown in above example.
spiderpig uses javascript console(console.println and console.show) functionality provided by adobe reader to create log.so you can see which method call is being called.see following screenshot
Here are the steps to use spiderpig:
1>download spiderpig
2>extract it to folder
3>create a file for example test.proto in this file write methods prototypes
4>open comand prompt and goto the folder.
4>type python sp.py <folder-path> test.proto
where <folder-path> is exsisting folder in which pdfs will be created.
5>open pdf reader.
6>attach debugger.
7>open pdf file in reader.
8>do reverse engineering 
// March 17th, 2010 // No Comments » // Projects
Name: wireplay
Category: Generic Fuzzer
Author/Owner: Abhisek Datta
URL: http://code.google.com/p/wireplay/
Description:
A minimalist approach to replay pcap dumped TCP sessions with modification as required.
user@linux$ ./wireplay Wireplay - The TCP Replay Tool v0.2 Options: -r --role [ROLE] Specify the role to play (client/server) -F --file [FILE] Specify the pcap dump file to read packets -t --target [TARGET] Specify the target IP to connect to when in client role -p --port [PORT] Specify the port to connect/listen -S --shost [SOURCE] Specify the source host for session selection -D --dhost [DEST] Specify the destination host for session selection -E --sport [SPORT] Specify the source port for session selection -G --dport [DPORT] Specify the destination port for session selection -n --isn [ISN] Specify the TCP ISN for session selection -c --count [NUMBER] Specify the number of times to repeat the replay -H --hook [FILE] Specify the Ruby script to load as hook -L --log Enable logging of data sent/receive -K --disable-checksum Disable NIDS TCP checksum verification -T --timeout [MS] Set socket read timeout in microsecond -Q --simulate Simulate Socket I/O only, do not send/recv In case the --shost && --dhost && --isn && --sport && --dport parameters are not supplied, the program will load all the TCP sessions from file and ask the user to select a session to replay
./wireplay -K --role client --port 80 --target 127.0.0.1 -L -F ./pcap/http.dump
./wireplay --role client -F ./pcap/dcedump.dump --target 172.16.34.129 --port 135
For a brief guide on writing Wireplay hooks in Ruby, read the Wireplay Hook Guide
Wireplay uses a modified version of libnids library for TCP session reassembly from pcap frames. Read the Compilation Guide for some pointers.
// August 13th, 2009 // No Comments » // Projects
Name: bsqlbf-v2
Category: Blind SQL injection
Author/Owner: Sumit Siddharth
URL: http://code.google.com/p/bsqlbf-v2/
Description:
This tool allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. Databases supported:
The tool supports 6 attack modes(-type switch):-
n|u Security Jobs – 5 recent posts
