The main purpose of this section is to provide programs skeletons for research and beta or partial toolz.
Rarely updated and not intended for real usage or for the common users...
- Offbreak (offbreak)
useful tool to track the operations performed by a program on a file at a given offset (hosted on ReVuln).
- UDPSZ 0.3.4 (udpsz)
tool for sending UDP, TCP or any other type of packet with custom size, content, source port and IP address (spoofing, where possible).
its options are very useful for more specific tests but not much easy to use (chaotics), that's why the -d option is suggested to check if the output packets have really the desired format.
note that this tool has been written for myself so it acts mainly as a generic proof-of-concept for everything I want to test and prove.
- One file only web/ftp server 0.6.1 (onlywebs)
multi-thread web and FTP server written to provide ever the same file without writing/listing/indexing features of such protocols, but now it's able to do many interesting things useful for my tests.
it has various crazy options for testing purposes, so do NOT use it except if I specify it in my advisories.
partially compatible with the following protocols: HTTP, FTP, WebDav, RTSP.
- mygrep 0.1 (mygrep)
useful tool for scanning files and folders searching strings (C syntax supported) as binary patterns, utf16 unicode, base64, hex and other methods.
example: mygrep "\x08\x00\x00\x00mystring" file.txt folder\folder c:\path1
- Generic FTP PASV ports consumption 0.1 (ftpports)
simple tool for sending endless PASV commands to FTP servers, it has been created as PoC for a bug in Serv-U FTP 188.8.131.52.
- UDD files quick informations 0.1 (uddinfo)
quick and basic tool which show some information contained in the UDD files used in Ollydbg like the various breakpoints and the comments.
- Webservers char tester 0.1.1 (webtestchr)
a simple tool which has been very useful in all this time for the blind and quick testing of some vulnerabilities in software that uses the HTTP protocol.
practically it scans all the 255 ascii chars and put them in some particular locations of the URI like before and after the slash or at the end of the URI and so on.
usually the types of vulnerabilities which can be tested through this method are source disclosure (like for php and cgi files), security bypass (like folders or files which require specific rights or password), possible exceptions and others all dependent by the program to test.
one of the recent advisories in which this tool was helpful was the source disclosure in Ruby WEBrick.
- FindBits 0.2.2a (findbits)
simple and useful tool for analyzing a given file to search if exist text strings or bytes which are packed in bitstreams.
the tool can be even used to read and visualize a custom amount of bits, for example using the option -s "1 4 32 1000" the tool will visualize the hexadecimal, string, decimal and binary values of the first 1, 4 and 32 bits of the file and the hex dump of the subsequent 1000 bits.
some examples of game protocols which use the bitstreams are the Unreal engine and the Battlefield series.
- loDNS 0.1.1 (lodns)
simple tool I wrote for my tests which emulates a basic DNS server and logs all the hostnames in the received requests and then replies with a fixed IP address (A type).
it uses 127.0.0.1 as default IP address in which resolving the hostnames but it can be changed at command-line, if it's used the IP 0.0.0.0 the tool will not reply (monitoring only) while if you use 255.255.255.255 it will act like a proxy.
it's a good way for resolving unknown hostnames locally while testing a program, it's only needed to set 127.0.0.1 as primary DNS and launching loDNS.
- TFTP server tester 0.2a (tftpx)
nice tool that acts like TFTP client with some advanced feature.
- Generic custom HTTP file uploader 0.2a (myhttpup)
simple tool for uploading files (POST + mime) choosing the name of the destination file, useful for testing directory traversal vulnerabilities in web servers and components which allow to upload files.
- Unreal engine test server 0.1 (unrealts)
basic way for emulating an Unreal server and testing the sending of commands to a connected client
- Quake 3 engine "connect" modifier 0.2 (q3conmod_sudp)
plugin for sudppipe which allows a simple customization of the "connect" packet for the games which use the Quake 3 engine:
sudppipe -l q3conmod_sudp.dll -L "\parameter1\value1\parameter2\value2" IP PORT 1234
(use -L "" for the runtime help) then from the console of the game type: connect 127.0.0.1:1234
the following is an example for joining a server which uses PunkBuster with PB disabled (the client will be kicked after some seconds/minutes):
sudppipe -l q3conmod_sudp.dll -L "\cl_punkbuster\1" SERVER PORT 1234
then from the client:
- Dumproc 0.1.1 (dumproc)
simple process dumper for both Windows and Linux.
- Live for Speed demo/S1/S2 packets modifier example 0.1 (lfsanus)
useless and basic proxy tool for modifying the packets of this game, old stuff written just for fun.
- Tcpdump format UDP 2 TCP converter 0.1.1 (pcapu2t)
simple tool written for converting the UDP packets of a PCAP file in a TCP stream, useful for tracking the packets flow with Wireshark.
no longer needed because Wireshark implemented the following of the UDP packets various versions ago.
- WAVEhead 0.1 (wavehead)
experimental and useless tool for adding a wave header to raw files or for modifying existent wave headers (mainly for uncompressed files) or extracting the raw audio from wave files.
- Webpostmem 0.1 (webpostmem)
This tool can be used to check the POST attacks on webservers as for example memory and sockets that are not freed if the client sends less data than how much specified in Content-Lenght. It is the same proof-of-concept I have used for the bugs in Goahead webserver, NULLhttpd and WWW Fileshare Pro.
- Q3huffdecenc 0.2 (q3huffdecenc)
compress and uncompress the files containing the "connect" packets of the games that use the Quake 3 engine.
- Q3sendenc 0.2.1 (q3sendenc)
this tool gets a custom file specified by the user, compress it using the Huffman compression, sends it to a server based on the Quake 3 engine and then waits for a reply. It also calculates the challenge, the protocol and the punkbuster parameters just to make a successful login with the server.
it could be useful for who wants to test the Quake 3 engine and its possible flaws.
- Custom GIF creator 0.1 (gifbug)
a very simple tool to create GIF files with customized headers.
- HLspfed 0.1.1a (hlspfed)
Half-Life single-proxy forwarder with encoding/decoding functions. This tool is a packets forwarder (datapipe) for Half-Life that lets you to modify, manipulate and insert any type of data you want in the packets exchanged between the Half-Life server and the client.
- ut2003fits 0.1 (ut2003fits)
UT2003 fake information test server: this tool can be used to send custom information to the clients that search for multiplayer games (very funny if used when the real UT2003 server is running).
this simple tool can be used in a lot of modes. For example you can launch UT2003heartbeat and then launching UT2003fits you will see all the players that are online because every player that goes in the multiplayer section of UT2003 will automatically request information to all the servers available and you can log all these players (for example for statistical purposes).
- Half-Life testing server 0.1.2 (hlts)
this server answers to the Half-Life queries. It supports: ping, infostring, details, getchallenge, players, rules, challenge rcon and connect.
- UT2003 heartbeat emulator 0.1 (ut2003heartbeat)
heartbeat protocol emulator for UT2003. With this little code you can add your IP address to the official Epic UT2003 servers list (http://ut2003master.epicgames.com/serverlist/full-all.txt and demo-all.txt).
HERE there is the explanation of the protocol.
- Quake 3 testing server 0.3 (q3ts)
this server answers to the Quake 3 queries. It supports: getstatus, getinfo, getchallenge, connect (with real-time decompression), rcon and disconnect.
It supports the infoResponse of Quake 3 arena 1.32, Soldier of Fortune 2 1.03 GOLD, Return to Castle Wolfenstein 1.41, Medal of Honor: Allied Assault 1.11.
- Browser's headers viewer
simple unfiltered php script to see all the headers sent by your browser (useful to check the anonimity of a proxy for example).