IntroductionThis page provides a few tools that may be of use to Information Security professionals. If you are a script-kiddie, or wannabe hacker then they Won't Be Of Any Use To You. If, however, you are a working security consultant (or similar) then you might find something of use here.ColumboThis simple perl script performs horizontal scanning. Why would you want horizontal scanning, I hear you ask? Well, if you perform vulnerability assessment in a professional capacity you may need to perform a standard set of information gathering tests against the target network; things like dig, snmpwalk, traceroute, etc.A number of consultants have commented in the past that one day they'll script these tests; well, I've done it to save you the bother. It's easily configurable, can scan for tcp or udp ports, or simply for an ICMP echo reply, and will run a chosen command against matching hosts. It's also got a batch mode with config file so that you can set it off to perform a whole load of tests while you do something more interesting. In the interests of providing information as it becomes available, all results are sent to separate files and all tests are run in parallel (through a massive set of forks). It requires perl and nmap. It is free to use and modify but I would rather it wasn't redistributed in modified form without changing the name. columbo.tar.gz - perl script and config file for Linux (but could easily be ported) Brian - "He's not the Messiah, he's a very naughty man!"Based on the ideas of ARP poisoning present in Ettercap, this program is a simple tool to effectively convert a switched network (or a part of it) into a shared network so that sniffing can take place.Ettercap (in it's current form) is very good at letting you poison the ARP caches of two or more computers to sniff a particular machine or perform man-in-the-middle attacks. It works in a one-to-one or one-to-many scenario but not many-to-many as in shared networks. I wasn't interested in man-in-the-middle attacks but was very interested in sniffing a group of computers on a switched network for penetration testing. It requires libpcap (0.6.2 or later) and libnet (1.1 or later) and is threaded for your pleasure. Some of the libpcap stuff was borrowed from code by Bastian ballmann. It was written for Red Hat 8 but should work on many Linux distributions. If you struggle to compile it, email me the errors and I'll do my best. It is free to use and modify but I would rather it wasn't redistributed in modified form without changing the name. brian.c - source code for Linux (but could easily be ported) brian.ppt - Powerpoint presentation on what/how/why for info only. Please do not redistribute. KevProxyEver wanted to proxy a TCP connection such that you can control the source port of the out-bound connection? I did, so I wrote KevProxy (I couldn't find another simple proxy that would do this job).My actual requirement was to attach to an X-Windows machine behind a screening router. The router was allowing ftp-data connections (doh!) so all I needed to do was to force my X traffic to appear to be coming from port 20. Unfortunately, almost all X apps use the native X libraries (as they should) which prohibited the choosing of the source port. To get around this, I ran KevProxy listening on port 6001 (X display 1) with the out-bound connection targetted at port 6000 (X display 0) on the target machine, originating from port 20. I then simply targetted all my X apps at display 1 on my machine instead of display 0 on the target. I'm thinking of re-writing this using libnet and libpcap to get around all the nasty port closing errors I'm getting. As I said, it's not big or clever, and fails on port closing a lot of the time, but suited my immediate purpose. STOP PRESS - While trying to fix kevproxy I looked into the idea of using iptables to do the job, possibly writing a mod for it. As it happens, there's already one there that does the job. If you want to achieve the above, simply enter the following in your Kernel 2.4 machine (with iptables loaded), replacing <your_ip> with your actual IP address. Caution is recommended if NATing is already taking place (see netfilter.org documentation): # iptables -t nat -A POSTROUTING -p TCP -m tcp \ --dport 6000 -j SNAT --to-source <your_ip>:20 kp.c - source code for Linux (but could easily be ported) xscan2This is a hack of xscan to allow you to select the target display number. It's not an amazing hack and requires other source from the xscan tool, but is here because it might be useful.xscan2.c - source code for Linux (but could easily be ported) IS1 for PalmIf you don't know what Infosec Standard No. 1 is or you don't have a Palm then this is pretty useless to you. If you do, please send me an email (from a legitimate work address with a phone number) and I'll send it on. Unfortunately, restrictions prevent me from supplying this as a download.There are two current versions of the tool, one for version 1 of the standard (is1_1.1) and one for version 2.1, including the 09/03 mods, (is1v2_1.1). I'm open to offers for paid Palm development work, such as in-house or industry specific tools that aren't generally available. |