Results tagged “software” from Just Another Hacker

Graudit 1.9 released

|
The next graudit version is already out! There were some serious issues with the 1.8 release that needed fixing.
  • Fixed php (php/xss.db) database which had a blank line at the end, causing everything to match. (Thx @jodymelbourne)
  • Added test case for blank lines in signature scripts
  • Added database validating aux script
  • Updated Makefile file manifest
  • Fixed bug in test script template (t/blank-test.sh)

Big thanks to the people who contributed with patches, bug reports and feedback. Keep them coming!

You can download the latest version from the graudit download page.

Benchmarking graudit

|
Benchmarking might not be the correct term as graudit does not have the capacity to determine if a signature match is in fact a vulnerability or not. It only highlights a potential problem area so you can pay closer attention to it. Like most signature based approaches it does stand a fairly good chance of catching low hanging fruit, but certain kind of vulnerabilities will remain impossible to detect. None-the-less I am aiming to improve the standard of the signature sets, so from now on graudit will be "benchmarked" on each release.

To avoid writing signatures for specific vulnerabilities I am using two vulnerable applications to benchmark graudit with;

* Multillidae
* Damn Vulnerable Web Application

My hope is to approximate 100% low and 75% medium detection rate by version 2.0. Now to find some non PHP equivalents for the other languages.

Graudit

|
graudit-1.1-screenshot.jpgGRAUDIT
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Graudit supports scanning code written in several languages; asp, jsp, perl, php and python.

USAGE
Graudit supports several options and tries to follow good shell practices. For
a list of the options you can run graudit -h or see below. The simplest way to use
graudit is;
graudit /path/to/scan

DEPENDENCIES
Required: bash, grep, sed

DOCUMENTATION
See the readme file and frequently asked questions.
DOWNLOAD
You can download the latest version from the graudit download page.

SOURCE
Graudit is available from github, you can check the github project page or check it out directly using git from git://github.com/wireghoul/graudit.git

Meatcloud research

|
Planning some meatcloud research using WWW::TamperData and a handful of people. If you have a shell account and firefox and you're interrested in participating please shoot me a message or leave a comment.

Also just gaming the TIOBE index: perl programming
As previously promised I have been working on porting some software to the Nokia N810 internet tablet, unfortunately the SDK is not available for 64 bit systems, so I have been working on getting amd64 versions of the packages available for Ubuntu. So far I have not been able to compile them all, but it yeilding some bug reports and progress is being made. Thus I present you with the following packages;

There is no guarantee that the compiled code will run, once I get all the needed packages compiled I will be able to attempt execution.

Nokia N810 hacking software

|
I am happy to announce that I will be starting a biweekly project. Porting useful applications to the Nokia N810 internet tablet on a fortnightly basis. It is my intention to release all the ported applications via http://garage.maemo.org. The N810 really suits my needs, but could clearly benefit from a helping hand in the penetration testing arena, something I hope to change.
No Clean Feed - Stop Internet Censorship in Australia
Creative Commons License
This weblog is licensed under a Creative Commons License.