Tools

InGuardians routinely creates tools in the course of action. We make many of these tools available for free, without warranty, to you. :-) Enjoy!

Tool: WeaponizedFlash.as
Download Link: WeaponizedFlash.as
Kevin Johnson and Mike Poor released this weaponized flash action script, as part of their presentation series.
Tool: ssh_decoder.rb
Download Link: ssh_decoder.rb
Josh Wright has an article on decrypting SSH sessions based on the 2008 Debian OpenSSH vulnerability, with helpful hints on how to do it, and some patches to publicly available tools to make them work even better.
Project: The Middler
Download Link: The Middler 1.0
Jay Beale released the Middler at ShmooCon with the help of now co-authors and InGuardians agents Justin Searle, Matt Carpenter and Tom Liston. The code is at version 1.0 now.
Tool: wlan2eth
Download Link: wlan2eth
Wlan2eth is a simple tool to convert packet captures in 802.11 format to Ethernet format. Lots of tools can only understand Ethernet link types, so I wrote this tool to convert captures to a format that they can understand. For each packet in an input 802.11 capture file, wlan2eth examines header values to ensure it is a data frame, then it creates a new output packet with an appropriate Ethernet header (source and destination address and embedded protocol field are preserved from the 802.11/802.2 header). Timestamps are also preserved from the original capture. This tool is really only useful for encrypted traffic, though you could use it with a tool such as airdecap-ng to decrypt an encrypted capture first, then convert the unencrypted output file to Ethernet format.
Tool: VistaRFMON
Download Link: vistarfmon
Monitor mode is a valued feature for both the wireless penetration tester and security analyst. It allows the penetration tester to disconnect from a network and capture all frames in the network with full IEEE 802.11 headers and associated detail. By cycling through multiple channels supported on the wireless adapter, it is possible to capture detailed information for wireless network discovery and analysis purposes. On Windows, this was previously limited to commercial drivers. vistarfmon uses Vista's Wireless LAN API (wlanapi) to help the penetration tester leverage all the power of monitor mode.
You can read more about vistarfmon in Josh Wright's "Vista Wireless Power Tools for the Penetration Tester" paper.
Tool: nm2lp (NetMon to LibPcap)
Download Link: nm2lp
While the NetMon UI has powerful features for analyzing packet captures, few attack tools include the ability to natively read from the NetMon stored capture file format. In order to leverage tools such as Aircrack-ng, coWPAtty and Cain for wireless analysis, the capture file format needs to be libpcap- compatible. Some tools such as Wireshark support reading and converting NetMon Ethernet captures, but do not correctly interpret NetMon wireless captures.
Fortunately, the NetMon API allows developers to write custom applications and interpret data from NetMon stored captures. Combined with the ability to create a libpcap capture file, it is possible to convert the NetMon file to a libpcap file. nm2lp converts NetMon wireless captures to libpcap format, making them useful in these other tools.
You can read more about nm2lp in Josh Wright's "Vista Wireless Power Tools for the Penetration Tester" paper.
External Tool: Microsoft's Wlsample tool for Windows Vista
Download Link: Wlsample
Microsoft included a tool called "wlsample.exe" with the Windows Software Development Kit (SDK) for Windows Server 2008. This program allows a penetration tester to connect to a network without generating a saved profile. Microsoft has released source code for this tool and cleared it for public redistribution.
Josh Wright references Wlsample in section 3.3 of his "Vista Wireless Power Tools for the Penetration Tester" paper.
Project: Yokoso
URL: yokoso.inguardians.com
Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is "so what can you do with XSS?" and we hope that Yokoso! answers that question.
We will create JavaScript and Flash objects that are able to be delivered via XSS attacks. These code payloads will contain the fingerprinting information used to map out a network and the devices and software it contains.
Project: Samurai
URL: samurai.inguardians.com
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Project: ServifyThis
URL: inguardians.com/servifythis
InGuardians' ServifyThis program takes any Windows executable and converts it into a form suitable for use as a Windows service.
Project: Spycar
URL: www.spycar.org
Spycar is a suite of tools designed to mimic spyware-like behavior, but in a benign form. InGuardians created Spycar so anyone could test the behavior-based defenses of an anti-spyware tool.
Spycar runs only on Windows, the same platform most targeted by spyware developers.