Company

Technical Security Consulting

Managing Risk

Research & Development

Forensics

Security Management

Media Centre

PCI DSS

• Home
• Overview
• R&D Services
• Technology Focus
• Messaging Systems Security
• Embedded Systems Security
• Collaborative Research Projects
• Technical Whitepapers
• Research Briefings
• Publicly Released Tools
• Vendor Alerts - 0days
• Security Advisories

Publicly Released Tools

PGMfuzz
The PGM (Pragmatic General Multicast) protocol is a network protocol developed by a group of vendors including Cisco and TIBCO for reliably communicating data over multicast. PGMfuzz is a simple fuzzer that attempts to identify product implementation flaws associated with PGM option parsing. 

Taof
Taof is a Python generic network protocol fuzzing framework. It has been designed for minimizing set-up time during fuzzing sessions and employs a graphical user interface to make it intuitive and easy. Even though it is a generic protocol framework, it is not designed as a library and no programming skills are necessary. It is especially useful for fast testing of proprietary, undocumented or unknown network protocols.

HRS Tools
Python scripts implementing HTTP request smuggling techniques against Checkpoint FW1 and IIS configurations

dmzscan-0.2.pl
Simple PERL based port scanner that uses TCP connect calls

dominoaudit.pl -
Nikto-like auditor for domino server. Handles both types of domino authentication (HTTP / Form-Based)

mpls-tool-1.0.tar.bz2
'mpls-fwd' , a MPLS forwarding 'sniffer'. This tool obtains packets from e.g. a LSR's span port, encapsulates them in an UDP packet, attaches MPLS labels and re-injects them back into the network. The main purpose of this tool is to sit on the MPLS core and sniff traffic from one MPLS VPN, and forward it out to a listener on another VPN.

'mpls-lbf' , a MPLS label brute-forcer designed to enumerate the labels used along a Label Switching Path (LSP). currently, this tool is not provided with an integrated listener, so a 'friendly' host on the receiving end will need to be configured. This tool works from the inside of the MPLS core as well from a misconfigured outside network.

Smuggler v0.1
This tool demonstrates HTTP Request Smuggling techniques. Currently it only demonstrates the Microsoft IIS >48K Request Truncation flaw in order to poison caching web proxies. The next version will support other HRS techniques associated with different vulnerable products and the commanline interface will be improved.

Usage: smuggler <web server address> <proxy server address> <proxy server
port> <POST ASP script> <page to poison> <poisoning page>