Wednesday
Jun172009
Security Tools I'm Looking For Part I
Wednesday, June 17, 2009 at 11:14AM
There are a lot of tools that I find in my endeavors would be really helpful, but can’t find on the net for whatever reason.
I’ll leave it at that for now. Anyone interested in coding it ?
- A portable version of of tshark that has ARP spoofing capabilities. I want to be able to drop the file, issue the arguments and pull the pcap back.
- A application that can sniff traffic from a specific process. Metasploit’s keylogger is sort of there as it only pulls keys from the process of which it is attached (DLL is to ‘fault’ for this). And Process Hacker is also pretty close, (Process Explorer does a TCPVIew like show of the connections currently happening).
- An nmap script that sees port 445 open and tries pass the hash, and token passing to run a specified executable. I believe tebo was developing a psexec scanner for Metasploit, but it hasn’t been released as of yet.
- A meterpreter script that sets the a all user GPO setting for wallpaper and forces the update. (For calling-card notifications during pen-tests)
- A password list generator that would take URLs, and files (pulling metadata where applicable, strings in other cases). And churn out a dictionary, and also ask if you would like to start generating a Rainbow Table for that specific dictionary.
- A meterpreter module like “Echo Mirage” by the BeEF guys, sort of like an iptables injection that modifies/accepts/denys packets to a specific process
- This is Kevin Johnson’s idea but it should be posted: A standard XMLish format for all Web Application Scanners so that the tools interoperate. One spider session can be loaded into another tool and have it’s auditing system check it, instead of being confined too one tool.
- A screen saver that imitates the screen saver lockout event and has the user login (and has it fail twice by default for “Password Validation ;-)”) and then allows them back in, capturing those password. (Usually a user will try a couple different passwords so you might be able to glean other credentials to use). It could also have an option to state. “Account Locked, You must be an Administrator to login” so that they call an admin in to unlock it ;-)
I’ll leave it at that for now. Anyone interested in coding it ?
Reader Comments (2)
Just some ideas...
1. You could try VMWare Thin App (with a win2k and small Fat 32 HD)
((
2. (usure) http://www.diamondcs.com.au/portexplorer/" rel="nofollow">http://www.diamondcs.com.au/portexplorer/ - I think the feature is called socket spy
))
5. Didn't Larry Presce write something like that (from Pauldotcom)?
Re: #7 I think it would be extremely difficult to get sec tool developers to implement a standardized format for data import. However, getting a consensus to implement clearly defined interfaces (ex. Burp Suite's extender interface) might yield some success. Then a collaborative project can be created that's focus is simply to link the tools together, basically creating adapter for the tools.
As tools evolve significant changes to the architechture inevitably occur, and most developers will look to their primary user base or their own needs when implementing changes before considering the impact on a generalized import/export standard. Not that it's impossible but I think a "proxy" project supporting generic ideals would be more likely to succeed.