Fuzzing

Fuzzing

tftp-fuzz.py

#!/usr/bin/env python
# -*- coding: latin-1 -*- # ####################################################
#                ____                     _ __                                 #
#     ___  __ __/ / /__ ___ ______ ______(_) /___ __                           #
#    / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // /                           #
#   /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, /                            #
#                                            /___/ nullsecurity team           #
#                                                                              #
# tftp-fuzz.py - Ftools TFTP                                                   #
#                                                                              #
# DATE                                                                         #
# 25/03/2012                                                                   #
#                                                                              #
# DESCRIPTION                                                                  #
# Master TFTP fuzzing script as part of the Ftools series of fuzzers           #
#                                                                              #
# AUTHOR                                                                       #
# TheXero - <a href="http://www.nullsecurity.net/" title="http://www.nullsecurity.net/">http://www.nullsecurity.net/</a>                                       #
#                                                                              #
################################################################################

ftp-fuzz.py

#!/usr/bin/env python
# -*- coding: latin-1 -*- # ###################################################
#                                                                             #
#         ~    .__ °.__   0       o                    ^   .__ °__  `´        #
#  °____) __ __|  | | °|   ______°____ 0 ____  __ _________|__|/  |_ ___.__.  #
#  /    \|  | °\  |°|  | °/  ___// __ \_/ ___\|  | °\_  __ \ o\   __<   |  |  #
# | o°|  \  |  /  |_|  |__\___ \\  ___/\ °\___| o|  /|  | \/  ||  |° \___ O|  #
# |___|  /____/|____/____/____ °>\___  >\___  >____/ |__|° |__||__|  / ____|  #
# `´´`´\/´`nullsecurity team`´\/`´´`´\/`´``´\/  ``´```´```´´´´`´``0_o\/´´`´´  #
#                                                                             #
# ftp-fuzzer.py - Master FTP fuzzer                                           #
#                                                                             #
# DATE                                                                        #
# 01/27/2012                                                                  #
#                                                                             #
# DESCRIPTION                                                                 #
# The master of all master fuzzing scripts specifically targeted towards      #
# FTP server sofware                                                          #
#                                                                             #
# AUTHOR                                                                      #
# TheXero - <a href="http://www.nullsecurity.net/" title="http://www.nullsecurity.net/">http://www.nullsecurity.net/</a>                                      #
#                                                                             #
###############################################################################

UniOFuzz

#!/usr/bin/env python
# -*- coding: latin-1 -*- # ###################################################
#                                                                             #
#         ~    .__ °.__   0       o                    ^   .__ °__  `´        #
#  °____) __ __|  | | °|   ______°____ 0 ____  __ _________|__|/  |_ ___.__.  #
#  /    \|  | °\  |°|  | °/  ___// __ \_/ ___\|  | °\_  __ \ o\   __<   |  |  #
# | o°|  \  |  /  |_|  |__\___ \\  ___/\ °\___| o|  /|  | \/  ||  |° \___ O|  #
# |___|  /____/|____/____/____ °>\___  >\___  >____/ |__|° |__||__|  / ____|  #
# `´´`´\/´`nullsecurity team`´\/`´´`´\/`´``´\/  ``´```´```´´´´`´``0_o\/´´`´´  #
#                                                                             #
# uniofuzz.py - UniOFuzz                                                      #
#                                                                             #
# DATE                                                                        #
# 01/16/2012                                                                  #
#                                                                             #
# DESCRIPTION                                                                 #
# UniOFuzz - the universal fuzzing tool for browsers, web services, files,    #
# programs and network services/ports                                         #
#                                                                             #
# FOUND BY UNIOFUZZ                                                           #
# <a href="http://www.exploit-db.com/exploits/18019" title="http://www.exploit-db.com/exploits/18019">http://www.exploit-db.com/exploits/18019</a>                                    #
# <a href="http://www.exploit-db.com/exploits/18008" title="http://www.exploit-db.com/exploits/18008">http://www.exploit-db.com/exploits/18008</a>                                    #
# <a href="http://www.exploit-db.com/exploits/18006" title="http://www.exploit-db.com/exploits/18006">http://www.exploit-db.com/exploits/18006</a>                                    #
#                                                                             #
# DEMONSTRATION                                                               #

hwk

hwk is an easy-to-use wireless authentication and deauthentication tool. Furthermore, it also supports probe response fuzzing, beacon injection flooding, antenna alignment and various injection testing modes. Information gathering is selected by default and shows the incoming traffic indicating the packet types.

/*******************************************************************************
 *                ____                     _ __                                *
 *     ___  __ __/ / /__ ___ ______ ______(_) /___ __                          *
 *    / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // /                          *
 *   /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, /                           *
 *                                            /___/ team                       *
 *                                                                             *
 * README                                                                      *
 *                                                                             *
 * DATE                                                                        *
 * 8/03/2013                                                                   *
 *                                                                             *
 * AUTHOR                                                                      *
 * atzeton - <a href="http://www.nullsecurity.net/" title="http://www.nullsecurity.net/">http://www.nullsecurity.net/</a>                                      *
 *                                                                             *
 * LICENSE                                                                     *
 * GNU GPLv2, see COPYING                                                      *
 *                                                                             *
 ******************************************************************************/

What is hwk?
===============
hwk is a collection of packet crafting/network flooding tools:

Grabber

Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website.
Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.

Contact
-------
author: Romain Gaucher
website: http://rgaucher.info/beta/grabber
email: r@rgaucher.info

Current features
Because it's a small tool, the set of vulnerabilities is small...
- Cross-Site Scripting
- SQL Injection (there is also a special Blind SQL Injection module)
- File Inclusion
- Backup files check
- Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters)
- Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT
- JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint
- Generation of a file [session_id, time(t)] for next stats analysis.

How do I use Grabber ?

You have a main script grabber.py which execute the modules (xss.py, sql.py, etc.).
Download Grabber
Download Grabber
The executable version produced by py2exe
Source code
Installation
For using Grabber you only need Python 2.4, BeautifulSoup and PyXML. You can download the packages on the websites given above.
Configuration
You can configure the run with a configuration file like this:

http://127.0.0.1/bank
1

Then launch the grabber.py script.
Or you can use the command line parameters:
$ python grabber.py --spider 1 --sql --xss --url http://127.0.0.1/bank

The two configuration are equivalents.
What you need to know ?

sira

1. Enable network proxy
2. Snapshot file system
3. Install App
4. Decrypt app
5. Snapshot file system
6. Binary analysis:
a. PIE enabled?
b. Stack smashing protection enabled?
c. Reference counting enabled?
d. Class-dump or class-dump-z
e. XML processors installed?
f. Jailbreak Detection?
ii. (if yes, disable)
7. Runtime Analysis:
a. Use the app and record data
b. Certificate enforcement
i. if yes, bypass (import cert, hook cert functions)
c. Snapshot file system
d. Analyze shanpshot diffs
i. Locate storage of sensitive data
1. Was it stored securely?
ii. Protocol handlers installed?
e. Locate transmission of sensitive data
i. Was it transmitted securely?
ii. Privacy Analysis
1. Did the app transmit Contacts?
2. Did the app transmit Calendar?
3. Did the app transmit Location?
4. Did the app store a location log?
a. What was the granularity of the location?
5. Did the app transmit UDID?
f. Abuse the app and record data
i. If protocol handlers in use, can they be abused?
ii UIWebView in use?
1. Attempt XSS
a. Attempt to exploit objc bridge
iii. XML in use?
1. Attempt local XML attacks
iv. Attempt buffer overflows
v. Attempt format string attacks
vi. Attempt local file traversal
vii. Attempt local SQLi
viii. Logic flaw abuse
ix. (If in scope - Server side analysis)
g. Snapshot file system
h. Analyze snapshot diffs
i. As findings are discovered, repeat any steps in 7. as needed

SiRA is able to automate or semi-automate many of the steps involved in an application
assessment. SiRA includes some assistance for all 7 of the major methodology steps outlined
above. Not all automatable substeps are currently implemented, but work is ongoing. In
addition, SiRA provides a convenient single location for a variety of manual and semi-automated
functionalities. Finally, SiRA can automate your automation by providing a step-by-step guided

Backfuzz

Backfuzz is a fuzzing tool for different protocols (FTP, HTTP, IMAP, etc) written in Python. The general idea is that this script has several predefined functions, so whoever wants to write their own plugin's (for another protocol) can do that in few lines.

# Installation: git clone https://github.com/localh0t/backfuzz
# Contact: mattdch0@gmail.com (suggerences, ideas, reviews)
# Follow: @mattdch
# Blog: www.localh0t.com.ar

GScrape

GScrape is a small perl script that uses Google's Ajax API (Google::Search) to find vulnerable websites.

GScrape is a simple tool, it will look for a file specified by the user containing a list of search terms, query google with those search terms and retrieve an array of websites, which are then tested for Local File Inclusion and SQL injection vulnerabilities, if any are found they are logged to the output file specified by the user.

Example:
perl gscrape.pl -f dork.lst -o gscrape.log

Note:
GScrape will not return any results unless your input file actually contains a list of search terms.

viproy-voipkit

Voice over IP penetration testing tookit providing SIP and NGN Services Testing Modules for Metasploit Framework

Viproy Voip Pen-Test Kit is developed to improve the quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 10 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.

Regex Fuzzer

SDL Regex Fuzzer is a verification tool to help test regular expressions for potential denial of service vulnerabilities. Regular expression patterns containing certain clauses that execute in exponential time (for example, grouping clauses containing repetition that are themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition. SDL Regex Fuzzer integrates with the SDL Process Template and the MSF-Agile+SDL Process Template to help users track and eliminate any detected regex vulnerabilities in their projects.

Syndicate content