Projects

Concepts and Ideas

Fuzzman script

Man Page Fuzzer [Example Page] Fuzzer generator based on unix man pages. Extracts offered options from a man page and creates a shell script that will execute a command using all possible combinations of options and arguments.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

JavaFuzz

Java Fuzzer [Manual Page]-[Example Bug]
Java classes fuzzer based on the the Java Reflection API. The reflection API represents, or reflects, the classes, interfaces, and objects in the current Java Virtual Machine. Using the reflection API it can contruct and invoke any given class (or list of classes). After getting the types that a class accepts will construct the classes using inappropriate values. JavaFuzz is also hosted at Google Projects with source code.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Packedelic

Traffic Monitoring Tool [Java/WinInstaller]- [Screenshot]

Packedelic is a Traffic monitoring tool. It is based on JPCAP (Java pcap) library. Youn can see traffic using CaptureTool (jpcap) and hear it using Java midi. The sound idea (very experimental at the moment) came to me from Pascal Cretain and the visual idea by the lack of free windows based etherape-like tools. You can use it in linux as well if you install the jpcap linux module. WinPcap is required Download Here

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Google Source Code Bug Finder

BUGLE- Google Source Code Bug Finder or use AutoBugle

Bugle is a collection of search queries which can help to identify software security bugs in source code available on the web. Source code review is not a straight forward operation , using the list you will get pinpoints and not definite results.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Subdomain enumeration

SubD [EXE] SubD can help you discover subdomains using brute-force. There are other ways to get Subdomains but if you are out of options it might be helpful. Note that there is not dicitionary capability at the moment.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Jipher v0.2a

Jipher v0.2a [JAR](JDK 1.5) Jipher is a simple cryptanalysis tool that can be used to attack old ciphers. An additional functionality is present to analyse cookies. (Many bugs at the moment so give me a shout if you want something special added or a bug fixed). It is multi-threaded but some delay is introduced if you analyse many cookies. A short tutorial will be added soon to help you use

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

JProbe v0.3a

JProbe v0.3a [JAR](JDK 1.5) JProbe will check remotely for supported cipher suites on a webserver. It will also check for redirections in case a cipher is supported but the client is then directed to a “not valid cipher” page. JProbe also will export the results to an HTML page. (Additionally you can set cookies)

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

WebAttack

WebAttack and Exploits - README

An application that allows testing of a website’s security by checking for known vulnerabilities. You can add your own checks in the exploits file. There is also an option if you want to use proxy server.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

HttpCheck

HttpCheck [JAR](JDK 1.4.2) HttpCheck helps in assessing IIS configuration remotely using HTTP raw requests. There are some predefined requests but for more try the ones in this paper : http://www.ngssoftware.com/papers/iisrconfig.pdf

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

MaxScanner

MaxScanner-Project on suspense

This tool has been created in order to check your Security w.r.t malicious ports or unkown services you may be running . It examines the top 118 Trojan threats and 16 different services. MaxScanner starts by informing you if whether or not your server/pc accepts ping request and then trace route you.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Remote Shell

Remote Shell - An application that allows automatic execution of shell scripts in remote machines through telnet which can be really fast providing you have a pre-written script.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

JoyStickCrypt

JoyStickCrypt v0.1.

A new idea on how to combine cryptography with external devices to approach personal file or application security in a different manner. -Only Analog Joystick-

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Image Crypt

Image Crypt/v0.1-Project on suspense Created with php/GD and additional php/mCrypt. The main idea is to convert text into bits then encrypt it with a cryptographic algorithm (RC4) and create an unrecognisable image with it. You can use it in order to send sensitive information via email or any other internet protocol and make it hard for any intruder/attacker to decode,decrypt and understand the meaning of the image.

maxMark

maxMark v0.1-Manual - An image watermarking tool created with Java and additional APIs such as JAI (Java Advanced Imaging). Many techniques can be applied in order to secure digital content for authentication and proof of ownership using it.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Vigenere Cracker

Vigenere Cracker/v0.1 Beta-Project on suspense

A new version of this will be here soon.