Posts Tagged: tool

This is a python script for Immunity debugger that sets breakpoints on “interesting” APIs. Here is the list of APIs (in no particular order): “ZwRaiseHardError” “bind” “listen” “socket” “DeviceIoControl” “ZwCreateFile” “ZwCreateSection” “ZwQueryInformationFile” “ZwQueryAttributesFile” “ZwCreateUserProcess” “ZwOpenKeyEx” “ZwOpenKey” “ResumeThread” “CopyFileA” “CopyFileExW” “CopyFileW” “CreateDirectoryA” “CreateDirectoryW” “CreateMutexA” “CreateMutexW” “CreateFileA” “CreateFileW” “CreateProcessA” “CreateProcessW” “CreateProcessInternalA” “CreateRemoteThread” “WinExec” “OpenProcess” “Sleep” “IsDebuggerPresent” “WriteProcessMemory” “_write” “ZwWriteFile”… Read Article →

This is a python script designed to automatically find XSS (cross-site scripting), directory traversal/LFI (local file inclusion) and open redirect vulnerabilities. It uses a predefined dictionary for XSS/LFI attacks that can easily be extended. The open redirect vulnerabilities are checked against malwrforensics.com The tool is released for testing purposes ONLY! How to use: Just point and… Read Article →

ByteFUZZ is a file format fuzzer that can do blind fuzzing, by replacing bytes from the original/seed file. Once the files are generated, it will call the target program with the fuzzed files as arguments and check to see if there is a crash. Let’s see it in action 🙂 If you want to just… Read Article →

This is an IDA script that can do a memory dump. It’s useful to run it after you’ve gone past the obfuscation layer(s) and reached the decrypted code/data/strings. auto eax; auto start; auto end; auto f; f = fopen(“dump.bin”, “w”); start = 0x400000; end = 0x500000; eax = start; while ( eax < end ) {  … Read Article →

This is a script developed in python to extract forensic artefacts from a file/memory dump. It’s useful to run it after you’ve gone past the obfuscation layer(s) and reached the decrypted code/data/strings. It can extract filenames, registry keys, urls, e-mail addresses, IPs, etc. The data is logged to different text files, one for each category…. Read Article →

This script can generate fuzzing files with valid AVI/BMP/CUE/GIF/JPG/PDF/PNG headers. The body can be a constant set of characters or random characters (useful to determine the offset when the program crashes). The code is available on github. You can download it from here.

This script can be used to do fuzzing against an FTP server. It supports the following commands: ABOR ACCT ALLO APPE CWD DELE DIR FORM GET HELP LIST MACDEF MDELETE MDIR MGET MKD MLS MODE MODETIME MPUT NEWER NLST NMAP MTDM NTRANS PUT RECV REGET REMOTEHELP REMOTESTATUS REST RESTART RETR RMD RNFR RNTO QUOTE SEND… Read Article →

This script can be used to do fuzzing against an HTTP server. It supports the following commands: Request type Page Protocol Host Referrer Content type User agent Cookie Content length The code is available on github. You can find it here.

Scroll To Top