11027442 2003-11-27 19:38 -0300 /141 rader/ CORE Security Technologies <oss@oss.coresecurity.com>
Importerad: 2003-11-28 01:47 av Brevbäraren
Extern mottagare: impact-usr@coresecurity.com
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: pen-test@securityfocus.com
Extern mottagare: exploit-dev@securityfocus.com
Extern mottagare: ntbugtraq@listserv.ntbugtraq.com
Extern mottagare: sectools@securityfocus.com
Extern mottagare: python-list@python.org
Extern mottagare: winpcap-users@winpcap.polito.it
Extern mottagare: vuln-dev@securityfocus.com
Mottagare: Bugtraq (import) <30088>
Mottagare: NTBugTraq (import) <5860>
    Sänt:     2003-11-28 09:29
Ärende: [ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg
------------------------------------------------------------
From: CORE Security Technologies <oss@oss.coresecurity.com>
To: impact-usr@coresecurity.com, bugtraq@securityfocus.com,
 pen-test@securityfocus.com, exploit-dev@securityfocus.com,
 ntbugtraq@listserv.ntbugtraq.com, sectools@securityfocus.com,
 python-list@python.org, winpcap-users@winpcap.polito.it,
 vuln-dev@securityfocus.com
Message-ID: <3FC67CF7.50602@oss.coresecurity.com>


Core Security Technologies acknowledges the increasing interest on
its  products and technologies and therefore wants to share part of
them with  the developers out there in the spirit of creating an open
user  community around its key components and give back to the
community the  results of our ongoing development.  These are indeed
primary components of our software, CORE IMPACT, and  not the regular
free giveaways you'd get somewhere else. As such they  are being
actively maintained by our team.

Python developers, network administrators, penetration testers, 
vulnerability researchers and information security practitioners in 
general may find this packages useful.

All the tools described in this announce are available at 
http://oss.coresecurity.com/

Today we are announcing the public release of the following
components:

  Pcapy-0.10.2
  Impacket-0.9.4
  InlineEgg-1.02

And there is still more coming... enjoy!

OSS at coresecurity.com


A brief description of the components and bundled tools is provided
below

-OSS projects released November 27th, 2003-

Pcapy
http://oss.coresecurity.com/projects/pcapy.html

Pcapy is a Python extension module that enables software written in 
Python to access the routines from the pcap packet capture library.

 From libpcap's documentation: Libpcap is a system–independent
interface  for user–level packet capture. Libpcap provides a
portable framework for  low–level network monitoring. Applications
include network statistics  collection, security monitoring, network
debugging, etc.

Pcapy is most useful when used together with a packet handling package 
such as Impacket, a collection of Python classes for constructing and 
dissecting network packets.

What makes pcapy different from the others?

     * works with Python threads.
     * works both in UNIX with libpcap and Windows with WinPcap.
     * provides a simpler Object Oriented API.

Impacket
http://oss.coresecurity.com/projects/impacket.html

Impacket is a collection of Python classes for working with network
protocols. Impacket is mostly focused on providing low–level
programmatic access to the packets, however some protocols (for
instance  NMB and SMB) are implemented in a higher level as a
foundation for other  protocols.

Packets can be constructed from scratch, as well as parsed from raw 
data, and the object oriented API makes it simple to work with deep 
hierarchies of protocols.

Impacket is most useful when used together with a packet capture
utility  or package such as Pcapy, an object oriented Python
extension for  capturing network packets.

What protocols are featured?

     * Ethernet, Linux "Cooked" capture.
     * IP, TCP, UDP, ICMP, IGMP, ARP.
     * NMB and SMB (high–level implementations).
     * DCE/RPC versions 4 and 5, over different transports: UDP
(version  4 exclusively), TCP, SMB/TCP, SMB/NetBIOS and HTTP.
     * Portions of the following DCE/RPC interfaces: Conv, DCOM, EPM, 
SAMR, SvcCtl, WinReg.

What tools are included?

We bundle some tools with Impacket which are mostly intended for
documentation purposes, but that are worth mentioning as they might
be  useful even for non–programmers and those who don't plan to
develop with  this library.

RPCDump
  An application that communicates with the Endpoint Mapper interface
from the DCE/RPC suite and displays it in a more or less human
readable  form. This can be used to list services which are remotely
available  through DCE/RPC, such as the Windows Messenger.

SAMRDump
  An application that communicates with the Security Account Manager
Remote interface from the DCE/RPC suite and lists system user
accounts,  available resource shares and other sensitive information
exported  through this service.

Tracer
  A grapher written using Tkinter that displays a parallel
coordinates  graph of captured traffic. It's very easy to find
network usage patterns  with this type of graphs, and therefore to
detect unexpected variations.  At the moment Tracer only supports TCP
and UDP traffic, but can be  easily extended to handle other
protocols.

Split
  A small tool that can split any pcap supported capture file into
several smaller fires, separated by connection. This was developed to
address the need to feed several hundred–megabyte captures to
Ethereal  in a way that didn't take too long to load. At the moment
Split only  supports TCP streams, but can be easily extended to
handle other  stream–oriented protocols.

InlineEgg
http://oss.coresecurity.com/projects/inlineegg.html

InlineEgg is a Python module that provides the user with a toolbox of
convenient classes for writing small assembly programs. Only that
instead of having to remember confusing assembly mnemonics and
requiring  the developer to remember how to use complex tools like
assemblers and  linkers, everything is done the easy way: in
Python. InlineEgg is  oriented —but not limited— to developing
shellcode (sometimes called  eggs) for use in exploits.

InlineEgg started separately as a pretty simple idea to fulfill a
pretty  simple need, but today it's part of CORE IMPACT's egg
creation  framework. We are releasing it under an open source license
for  non-commercial use in the hope that you'll find it helpful for
your own  projects.
(11027442) /CORE Security Technologies <oss@oss.coresecurity.com>/(Ombruten)