[ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg
- To: impact-usr@xxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, pen-test@xxxxxxxxxxxxxxxxx, exploit-dev@xxxxxxxxxxxxxxxxx, ntbugtraq@xxxxxxxxxxxxxxxxxxxxxx, sectools@xxxxxxxxxxxxxxxxx, python-list@xxxxxxxxxx, winpcap-users@xxxxxxxxxxxxxxxxx, vuln-dev@xxxxxxxxxxxxxxxxx
- Subject: [ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg
- From: CORE Security Technologies <oss@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 27 Nov 2003 19:38:47 -0300
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Core Security Technologies acknowledges the increasing interest on its
products and technologies and therefore wants to share part of them with
the developers out there in the spirit of creating an open user
community around its key components and give back to the community the
results of our ongoing development.
These are indeed primary components of our software, CORE IMPACT, and
not the regular free giveaways you'd get somewhere else. As such they
are being actively maintained by our team.
Python developers, network administrators, penetration testers,
vulnerability researchers and information security practitioners in
general may find this packages useful.
All the tools described in this announce are available at
http://oss.coresecurity.com/
Today we are announcing the public release of the following components:
Pcapy-0.10.2
Impacket-0.9.4
InlineEgg-1.02
And there is still more coming... enjoy!
OSS at coresecurity.com
A brief description of the components and bundled tools is provided below
-OSS projects released November 27th, 2003-
Pcapy
http://oss.coresecurity.com/projects/pcapy.html
Pcapy is a Python extension module that enables software written in
Python to access the routines from the pcap packet capture library.
From libpcap's documentation: Libpcap is a system–independent interface
for user–level packet capture. Libpcap provides a portable framework for
low–level network monitoring. Applications include network statistics
collection, security monitoring, network debugging, etc.
Pcapy is most useful when used together with a packet handling package
such as Impacket, a collection of Python classes for constructing and
dissecting network packets.
What makes pcapy different from the others?
* works with Python threads.
* works both in UNIX with libpcap and Windows with WinPcap.
* provides a simpler Object Oriented API.
Impacket
http://oss.coresecurity.com/projects/impacket.html
Impacket is a collection of Python classes for working with network
protocols. Impacket is mostly focused on providing low–level
programmatic access to the packets, however some protocols (for instance
NMB and SMB) are implemented in a higher level as a foundation for other
protocols.
Packets can be constructed from scratch, as well as parsed from raw
data, and the object oriented API makes it simple to work with deep
hierarchies of protocols.
Impacket is most useful when used together with a packet capture utility
or package such as Pcapy, an object oriented Python extension for
capturing network packets.
What protocols are featured?
* Ethernet, Linux "Cooked" capture.
* IP, TCP, UDP, ICMP, IGMP, ARP.
* NMB and SMB (high–level implementations).
* DCE/RPC versions 4 and 5, over different transports: UDP (version
4 exclusively), TCP, SMB/TCP, SMB/NetBIOS and HTTP.
* Portions of the following DCE/RPC interfaces: Conv, DCOM, EPM,
SAMR, SvcCtl, WinReg.
What tools are included?
We bundle some tools with Impacket which are mostly intended for
documentation purposes, but that are worth mentioning as they might be
useful even for non–programmers and those who don't plan to develop with
this library.
RPCDump
An application that communicates with the Endpoint Mapper interface
from the DCE/RPC suite and displays it in a more or less human readable
form. This can be used to list services which are remotely available
through DCE/RPC, such as the Windows Messenger.
SAMRDump
An application that communicates with the Security Account Manager
Remote interface from the DCE/RPC suite and lists system user accounts,
available resource shares and other sensitive information exported
through this service.
Tracer
A grapher written using Tkinter that displays a parallel coordinates
graph of captured traffic. It's very easy to find network usage patterns
with this type of graphs, and therefore to detect unexpected variations.
At the moment Tracer only supports TCP and UDP traffic, but can be
easily extended to handle other protocols.
Split
A small tool that can split any pcap supported capture file into
several smaller fires, separated by connection. This was developed to
address the need to feed several hundred–megabyte captures to Ethereal
in a way that didn't take too long to load. At the moment Split only
supports TCP streams, but can be easily extended to handle other
stream–oriented protocols.
InlineEgg
http://oss.coresecurity.com/projects/inlineegg.html
InlineEgg is a Python module that provides the user with a toolbox of
convenient classes for writing small assembly programs. Only that
instead of having to remember confusing assembly mnemonics and requiring
the developer to remember how to use complex tools like assemblers and
linkers, everything is done the easy way: in Python. InlineEgg is
oriented —but not limited— to developing shellcode (sometimes called
eggs) for use in exploits.
InlineEgg started separately as a pretty simple idea to fulfill a pretty
simple need, but today it's part of CORE IMPACT's egg creation
framework. We are releasing it under an open source license for
non-commercial use in the hope that you'll find it helpful for your own
projects.