[ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg
From: CORE Security Technologies (oss_at_OSS.CORESECURITY.COM)
Date: 11/27/03
- Previous message: Nick FitzGerald: "Re: CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Nov 2003 19:38:47 -0300 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: quoted-printable
Core Security Technologies acknowledges the increasing interest on its=20
products and technologies and therefore wants to share part of them with=20
the developers out there in the spirit of creating an open user=20
community around its key components and give back to the community the=20
results of our ongoing development.
These are indeed primary components of our software, CORE IMPACT, and=20
not the regular free giveaways you'd get somewhere else. As such they=20
are being actively maintained by our team.
Python developers, network administrators, penetration testers,=20
vulnerability researchers and information security practitioners in=20
general may find this packages useful.
All the tools described in this announce are available at=20
http://oss.coresecurity.com/
Today we are announcing the public release of the following components:
Pcapy-0.10.2
Impacket-0.9.4
InlineEgg-1.02
And there is still more coming... enjoy!
OSS at coresecurity.com
A brief description of the components and bundled tools is provided below
-OSS projects released November 27th, 2003-
Pcapy
http://oss.coresecurity.com/projects/pcapy.html
Pcapy is a Python extension module that enables software written in=20
Python to access the routines from the pcap packet capture library.
From libpcap's documentation: Libpcap is a system=96independent interfac=
e=20
for user=96level packet capture. Libpcap provides a portable framework fo=
r=20
low=96level network monitoring. Applications include network statistics=20
collection, security monitoring, network debugging, etc.
Pcapy is most useful when used together with a packet handling package=20
such as Impacket, a collection of Python classes for constructing and=20
dissecting network packets.
What makes pcapy different from the others?
* works with Python threads.
* works both in UNIX with libpcap and Windows with WinPcap.
* provides a simpler Object Oriented API.
Impacket
http://oss.coresecurity.com/projects/impacket.html
Impacket is a collection of Python classes for working with network=20
protocols. Impacket is mostly focused on providing low=96level=20
programmatic access to the packets, however some protocols (for instance=20
NMB and SMB) are implemented in a higher level as a foundation for other=20
protocols.
Packets can be constructed from scratch, as well as parsed from raw=20
data, and the object oriented API makes it simple to work with deep=20
hierarchies of protocols.
Impacket is most useful when used together with a packet capture utility=20
or package such as Pcapy, an object oriented Python extension for=20
capturing network packets.
What protocols are featured?
* Ethernet, Linux "Cooked" capture.
* IP, TCP, UDP, ICMP, IGMP, ARP.
* NMB and SMB (high=96level implementations).
* DCE/RPC versions 4 and 5, over different transports: UDP (version=20
4 exclusively), TCP, SMB/TCP, SMB/NetBIOS and HTTP.
* Portions of the following DCE/RPC interfaces: Conv, DCOM, EPM,=20
SAMR, SvcCtl, WinReg.
What tools are included?
We bundle some tools with Impacket which are mostly intended for=20
documentation purposes, but that are worth mentioning as they might be=20
useful even for non=96programmers and those who don't plan to develop wit=
h=20
this library.
RPCDump
An application that communicates with the Endpoint Mapper interface=20
from the DCE/RPC suite and displays it in a more or less human readable=20
form. This can be used to list services which are remotely available=20
through DCE/RPC, such as the Windows Messenger.
SAMRDump
An application that communicates with the Security Account Manager=20
Remote interface from the DCE/RPC suite and lists system user accounts,=20
available resource shares and other sensitive information exported=20
through this service.
Tracer
A grapher written using Tkinter that displays a parallel coordinates=20
graph of captured traffic. It's very easy to find network usage patterns=20
with this type of graphs, and therefore to detect unexpected variations.=20
At the moment Tracer only supports TCP and UDP traffic, but can be=20
easily extended to handle other protocols.
Split
A small tool that can split any pcap supported capture file into=20
several smaller fires, separated by connection. This was developed to=20
address the need to feed several hundred=96megabyte captures to Ethereal=20
in a way that didn't take too long to load. At the moment Split only=20
supports TCP streams, but can be easily extended to handle other=20
stream=96oriented protocols.
InlineEgg
http://oss.coresecurity.com/projects/inlineegg.html
InlineEgg is a Python module that provides the user with a toolbox of=20
convenient classes for writing small assembly programs. Only that=20
instead of having to remember confusing assembly mnemonics and requiring=20
the developer to remember how to use complex tools like assemblers and=20
linkers, everything is done the easy way: in Python. InlineEgg is=20
oriented =97but not limited=97 to developing shellcode (sometimes called=20
eggs) for use in exploits.
InlineEgg started separately as a pretty simple idea to fulfill a pretty=20
simple need, but today it's part of CORE IMPACT's egg creation=20
framework. We are releasing it under an open source license for=20
non-commercial use in the hope that you'll find it helpful for your own=20
projects.
---- NTBugtraq subscribers save $103.00 off the TICSA exam by using promo code "NT1003" when registering to take the TICSA exam at www.2test.com. Prove to your employer and peers that you have the knowledge and abilities to be an active stakeholder in today's enterprise security. Become TICSA certified www.trusecure.com/ticsa. Promotion expires 12/31/03 and cannot be used in combination with other offers. ----
- Previous message: Nick FitzGerald: "Re: CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
