Results tagged “tools” from Just Another Hacker

Like most of my favourite tools halberd does one thing, and does it well. It tries to detect individual servers behind a load balancer. The idea behind it is not new, but this is the best put together tool that I have used. It even handles multiple A records right off the bat. It is a little short on documentation and the error messages could be better, but it's still a great reconnaissance/testing tools for pen testers and system administrators alike.

Grab your copy today from http://halberd.superadditive.com/

Bugle is a neat tool which uses google and regular expressions to detect security defects in code. It makes it super quick to find vulnerable code.

The downside is that the code is often old and the vulnerability has been found, disclosed and fixed. And checking all those hits take time. Still it is well worth a spin.

Disclaimer:
Bugle's use of regular expressions to locate code defects was what initially prompted me to organize my messy scripts into the open source script graudit

Fuzzman is a simple perl script from cipher.org.uk (the guys that brought you bugle). It is a simple perl script that inspects the man page for a command and enumerates through the combinations of command line options. It then creates a shell script that will run the commands with fuzzing data, such as buffer overflow or format strings. You then run the shell script and look for a crash. It's a simple automated script, with some simple changes you could even make it part of your automated testing suite.

For more information on fuzzman, examples and download go to:
http://www.cipher.org.uk/read/2007/04/18/fuzzman-man-pages-based-fuzzer/

Pros:
By generating the fuzzing script from man pages it can fuzz any binary that has a man page.

Cons:
Many binaries are missing or have inconsistent man pages.

What is graudit?
Graudit is a semantic static analys tool that highlights potential vulnerabilities in source code.


Who should use graudit?
System administrators, developers, auditors, vulnerability researchers and anyone else that cares to know if the application they develop, deploy or otherwise use is secure.

What languages are supported?
Version 1.5 Shipped with support for the following languages:

• ASP
• JSP
  
• Perl
• PHP
• Python
• Other (looks for suspicious comments, etc)

Can you add support for language x,y,z?
I can add support for almost any language, but if I don't program in the language myself it is likely to have a high false-positive or even false-negative rate. If you can point me to an existing set of rules for a language I can convert these to graudit.

Can I help?
Sure you can! I could use help with anything and everything, improved rulesets, documentation, packaging, testing, etc. And if you're unable to help with any of these you can tell someone else about graudit.