itsec.se
While data input remain a burden assiduously avoided in any system with the aspiration of maintaining a rudimentary level of security, it is not unexpected, and thus not beyond a measure of control.
tools & utilities
FUZZER
ftpfuzzer is a protocol fuzzer for FTP and associated extensions. Wrote it for a customer engagement in an attempt to provide improved compliance with FTP specification and to produce extended debugging output. Support RFC 959 and the following FTP extensions; RFC 2428, RFC 2389, RFC 3659, RFC 1639, RFC 2640, RFC 2228. FTPS (FTP over SSL/TLS) is not supported, only RFC 2228 commands. Version 2.0 (2012-11-01).
FUZZER
gzfuzz is a GZIP file format fuzzer in python based on RFC 1952, GZIP File Format Specification version 4.3. Uses a heavily modified version of gzip.py. Only support a limited number of payloads, please expand depending on your requirements. Version 1.0 (2010-06-19).
SNIFFER
eapol sniffer is a simple sniffer for capturing WPA handshakes. There are a number of similar tools but I needed to learn more about libpcap. Support sniffing against a targeted network or against all networks in range. Will require that you configure your wireless interface in monitor mode. Version 2.0 (2012-12-25).
IT-FORENSIC
exefinder is a utility for finding executable files based on their file signatures (magic number), rather than their filename extension. It has proven quite useful in investigations into malware infections and data compromises. Also able to detect file extension missrepresentation (file camouflaging). Other file formats are also supported, such as Java and Flash. Version 1.2 (2013-03-04).
IT-FORENSIC
findmalware is a generic malware scanner used to identify Windows portable executable (PE) files with "suspicious" attributes. The script is a modified version of pescanner.py by Michael Ligh and rely on basic heuristics detailed in the paper "Pimp my PE - Parsing Malicious and Malformed Executables" by Sunbelt Software. The script is designed to parse a large number of files and to list executables that warrant additional attention (use parameters --list or --top). It is suited for investigations where malware is suspected but where little else is known. Version 1.0b (2013-11-06).
ANTI-VIRUS
antivirus is a very basic anti-virus used to find known malware on a system. I wrote it to facilitate an analysis during a customer engagement. The script uses VirusTotal, an online service that aggregate the output of several different antivirus engines (requires you to register for an API key). This is an early alpha release. Version 0.1a (2016-06-06).
Copyright © 2005-2018 itsec.se. All rights reserved.
Contact: www.linkedin.com/in/gustavnordenskjold