Infinite Lifetimes

All of the interesting technological, artistic or just plain fun subjects I'd investigate if I had an infinite number of lifetimes. In other words, a dumping ground...

Monday 8 September 2008

Open source root kit

These tools have been released under the GNU Public License by Immunity. By releasing tools, such as these, we hope to demonstrate our knowledge leadership, and give back to the security community as a whole.

DR RootKit
An IA32 Debug Register based rootkit (last updated: 9/4/2008 SHA1: 2048f537ab3459b21150c2d0b09a042737758d39)

Download Current Tarball

UpPriv 1.0
A Windows utility for letting users run programs as a high privilege if it matches a certain hash.

Download source and binaries

Ply 1.4 C
A modified version of ply version 1.4 (current is 2.2) used internally by MOSDEF.

Download current source tree

Unmidl
A Python utility for recovering typelib data, similar to Matthew Chapman's "muddle" program. Especially useful when a contractor has delivered a server but forgotten to include the interface file.

Download Current Tarball

libdisassemble
A Python library that will disassemble X86.

Download Current Tarball

SPIKE
When you need to analyze a new network protocol for buffer overflows or similar weaknesses, the SPIKE is the tool of choice for professionals. While it requires a strong knowledge of C to use, it produces results second to none in the field. SPIKE is available for the Linux platform only.
Download Current Tarball    |    Papers on SPIKE    |    Access SPIKE Mailing List

SPIKE Proxy
Not all web applications are built in the same ways, and hence, many must be analyzed individually. SPIKE Proxy is a professional-grade tool for looking for application-level vulnerabilities in web applications. SPIKE Proxy covers the basics, such as SQL Injection and cross-site-scripting, but it's completely open Python infrastructure allows advanced users to customize it for web applications that other tools fall apart on. SPIKE Proxy is available for Linux and Windows.

Note: that SPIKE Proxy requires a working install of Python and pyOpenSSL on Linux. This is included in the Windows distribution
Download for Linux    |    Download for Windows    |    Access SPIKE Mailing List

Unmask
Unmask was released in 2002 as a demonstration of how to fingerprint users based only on their emails or IRC postings.
Download

MOSDEF
MOSDEF is a next generation exploitation tool. As a pure-Python C compiler, it offers advantages other techniques don't.
Download    |    Papers    |    Mailing List

Sharefuzz
The original environment variable fuzzer for Unixes that support loading a shared library. (AUTHOR: Dave Aitel. License: GPL)
Download

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

tim's shared items

Add to Google Reader or Homepage