New tool release: SPIKE

From: Dave Aitel (daitel@atstake.com)
Date: 10/16/01

Previous message: Jim Duncan: "Re: cracking cisco passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <3BCB7334.5676B54B@atstake.com>
Date: Mon, 15 Oct 2001 19:37:25 -0400
From: Dave Aitel <daitel@atstake.com>
To: secprog@securityfocus.com, pen-test@securityfocus.com, sectools@securityfocus.com
Subject: New tool release: SPIKE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.atstake.com/research/tools/index.html#vulnerability_scanning

SPIKE is a Fuzzer Creation Kit in C - basically an attempt to write a generic
protocol API that is easy to use and reasonably complete. This version of SPIKE

includes demonstration fuzzers that do web application and DCE-RPC (MSRPC)
fuzzing. Also included is a web server NTLM Authentication brute forcer
implemented with SPIKE, and a few example fuzzers that do nothing, but
demonstrate how to use the
API.

The web application fuzzing is done by capturing client requests (a modified
version of Dug Song's webmitm is included which works very well for SSL
connections) and then running those through a perl script which generates .c
files. When compiled, these programs will then iterate through all the
variables in a request with various attack
strings.

The entire package is released under the GPL, version 2.0. Enjoy! And, as
always, send questions, comments, flames, personal issues, dumb questions, and
vicious ferrets muzzled with duct tape
to:

daitel@atstake.com
Dave Aitel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7y3L09iGGtHdhlgMRAu1OAJ0XUJLAvJhPKm3pkPIWw3Nt82xFCACeJJgK
hovFcB2YFZz0iyx11hi+s+Y=
=tQwS
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Previous message: Jim Duncan: "Re: cracking cisco passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

New tool release: SPIKE
... Subject: New tool release: SPIKE ... includes demonstration fuzzers that do web application and DCE-RPC ... The web application fuzzing is done by capturing client requests (a modified ... always, send questions, comments, flames, personal issues, dumb questions, and ...
(SecProg)
SPIKE 2.6
... then using the default fuzzers I provide works pretty well. ... exercises for the reader is using the new SunRPC fuzzer to find old ... Also, if you find a vulnerability, or want help finding a vulnerability ... with SPIKE, subscribe to the SPIKE mailing list at ...
(Vuln-Dev)