Some tools
AirScan : a Nintendo DS Wi-Fi access point scanner
AirScan is a Wi-FI scanning utility for the Nintendo DS. It offers various
filtering features to facilitate access point discovery.
For example, it can be used to locate open access points in low WiFi density
areas thanks to its sensivity.
Interesting features include :
- Display only desired protection levels (open, WEP, WPA)
- Connectivity testing for open access points
- Easy scrolling
- Timeouts for out of range APs
Screenshot
History
- 20/02/2010 : 0.6 : fix for scrolling and timeouts
- 18/01/2010 : 0.5.1: mode selection bugfix
- 09/01/2010 : 0.5 : connectivity testing, many bugfixes.
- 02/03/2009 : 0.2 : timeouts.
- 26/06/2008 : 0.1a : first public release.
Download it here : airscan-v0.6.zip
MIPS (MIPS IDA PluginS)
IDA didn't understand (I think version 5.5 changed this) the so-called "old abi" of MIPS ELF binaries.
I wrote this IDAPython plugin which parses the ELF itself to resolve calls to external libraries.
It also handles switch tables and internal symbols. It helps a LOT while reversing embedded binaries.
It is partially based on the work of Julien Tinnes : mips.elf.external.resolution.txt.
It also includes two little Python scripts (ident_func.py and ident_func_le.py) to identify all functions in a binary, which helps a lot for cross references.
Screenshot
Usage
- Read the documentation on top of the source
- (optional) run ident_func.py
- Run the plugin in IDAPython, it will ask if you want to analyze the whole segment or just the current function.
- Click "yes" or "no"
- Enjoy !
History
- 26/02/2009 : 1.5.3 : Bugfix in switch table parsing (thx to the reporter)
- 18/09/2008 : 1.5.2 : Bugfix + ident_func_le.py
- 06/09/2008 : 1.5.1 : First public release.
Download
Download it here: mips-analyser-1.5.3.zipMBSA Extractor
MBSA is a tool from Microsoft used to verify if your systems
are up-to-date.
My tool uses MBSA's database to download specific updates, extract them, sort them on the disk, etc.
It can be very useful to download several versions of the same file.
Usage
The tool has been designed for flexibility and updates can be selected using many criterias : Some valid search expressions : CVE=CVE-2006-1234 SID=date(20041225,20060101) KBID=147258 xpath='//Update[./ExtendedProperties/SecurityBulletinID[text()='MS06-040']]'History
- 15/10/2008 : 1.0 : First public release.
Download
You'll need the ruby-xml-smart library : http://raa.ruby-lang.org/project/ruby-xml-smart/.Download it here: mbsa-1.0.taz.bz2
Debian OpenSSL vulnerability
We (Raphaël Rigo, Romain Raboin and Julien Tinnes) gave a short talk at SSTIC 08 about some of the tools we wrote after the OpenSSL/Debian advisory to remotely discover vulnerable keys in authorized_keys files, decipher SSH traffic and retrieve DSA private keys (even from non weak keys). We also wrote an article in french in this MISC issue.
The main page for those tools is there but you can find my tools (written with Yoann Guillot) to decrypt vulnerable OpenSSH session captures here : ssh_decoder-1.0.tar.bz2 and ssh_kex_keygen-1.1.tar.bz2.Arte+7 downloader
Arte offers a nice service to watch broadcastings you weren't able to see on TV. This little scripts makes
it easy to download and archive the videos.
Unfortunately, the service is limited to French and German residents.
Usage
$ ./arteget.rb karambolage Getting index Getting list page Getting video page Getting video XML desc Getting fr video XML desc Dumping video : XXXX.flv Video successfully dumpedHistory
- 13/06/2010 : 1.0 : first versionned release, supporting the new site.
- xx/xx/2008 : first release.
Download
Download it here: arteget-1.0.tar.gz. Yoann Guillot's HTTP libs from : http://guillot.iiens.net/softs/libhttp/ are included.Various stuff
If no licence is specified, consider it's GPL v3.