[Owasp-Malaysia] Python tools for penetration testers

C0r3 Machin3gun c0r3machin3gun at gmail.com
Mon Jan 10 00:45:30 EST 2011


you can use translate.google.com next time.. :) btw providing link to the
original post is as:

1) select the url
2) Ctrl + C
3) Go to the end of your email post
4) Write : "Source: "
5) And paste the URL

On 10 January 2011 13:41, OWASP Malaysia <admin at owasp.my> wrote:

> Dear Core Machinegun a.k.a MK47
>
> Yes that was from there. We get this from OWASP project lead about this
> Python and want us to post to OWASP Malaysia. It nothing just to share to
> members. If you have another source of link or others project please do so.
> We hope you can post every week and share what you know and sharing to us.
> Don't just complaining.We thought you are mature but complaint about link it
> not like professional but link childish :P. We will post every source that
> we have to share to members without link or not it doesn't matter. Sharing
> Is Caring :)
>
>
> On Mon, Jan 10, 2011 at 12:45 PM, C0r3 Machin3gun <
> c0r3machin3gun at gmail.com> wrote:
>
>> plagiarism!
>>
>> http://dirk-loss.de/python-tools.htm
>>
>> libemu is a small library written in C offering basic x86 emulation and
>> shellcode detection using GetPC heuristics. <= libemu is written in C.. but
>> yes.. there is a python binding for it.. but still.. libemu is written in C
>>
>>
>> On 10 January 2011 11:50, najmi.zabidi at gmail.com <najmi.zabidi at gmail.com>wrote:
>>
>>> For me I like libemu for shellcode detection which was written in
>>> Python (not listed).
>>>
>>> Thanks for the list Fazli, rajin hang compile semua ni. Aku save dalam
>>> Springpad ni kot2 next time nak refer.
>>>
>>>
>>> On Mon, Jan 10, 2011 at 10:10 AM, OWASP Malaysia <admin at owasp.my> wrote:
>>> > Dear all,
>>> >
>>> > This is for python Fan and if you are realy developer on it. Please
>>> free to
>>> > test it and if you have time please sent some report what your exactly
>>> do
>>> > for this tool.This is collection for who love python as their part of
>>> life.
>>> > Please FREE and use this as you know this is Open Source Software. if
>>> you
>>> > are involved in vulnerability research, reverse engineering or
>>> penetration
>>> > testing, We suggest to try out the Python programming language. It has
>>> a
>>> > rich set of useful libraries and programs.
>>> >
>>> > Most of the listed tools are written in Python, others are just Python
>>> > bindings for existing C libraries, i.e. they make those libraries
>>> easily
>>> > usable from Python programs.
>>> >
>>> > Some of the more aggressive tools (pentest frameworks, bluetooth
>>> smashers,
>>> > web application vulnerability scanners, war-dialers, etc.) are left
>>> out,
>>> > because the legal situation of these tools is still a bit unclear not
>>> at
>>> > Malaysia. This list is clearly meant to help whitehats, and for now we
>>> > prefer to on the safe side.
>>> >
>>> > Network
>>> >
>>> > Scapy: send, sniff and dissect and forge network packets. Usable
>>> > interactively or as a library
>>> > pypcap, Pcapy and pylibpcap: several different Python bindings for
>>> libpcap
>>> > libdnet: low-level networking routines, including interface lookup and
>>> > Ethernet frame transmission
>>> > dpkt: fast, simple packet creation/parsing, with definitions for the
>>> basic
>>> > TCP/IP protocols
>>> > Impacket: craft and decode network packets. Includes support for
>>> > higher-level protocols such as NMB and SMB
>>> > pynids: libnids wrapper offering sniffing, IP defragmentation, TCP
>>> stream
>>> > reassembly and port scan detection
>>> > Dirtbags py-pcap: read pcap files without libpcap
>>> > flowgrep: grep through packet payloads using regular expressions
>>> > httplib2: comprehensive HTTP client library that supports many features
>>> left
>>> > out of other HTTP libraries
>>> >
>>> > Debugging and reverse engineering
>>> >
>>> > Paimei: reverse engineering framework, includes PyDBG, PIDA, pGRAPH
>>> > Immunity Debugger: scriptable GUI and command line debugger
>>> > IDAPython: IDA Pro plugin that integrates the Python programming
>>> language,
>>> > allowing scripts to run in IDA Pro
>>> > PyEMU: fully scriptable IA-32 emulator, useful for malware analysis
>>> > pefile: read and work with Portable Executable (aka PE) files
>>> > pydasm: Python interface to the libdasm x86 disassembling library
>>> > PyDbgEng: Python wrapper for the Microsoft Windows Debugging Engine
>>> > uhooker: intercept calls to API calls inside DLLs, and also arbitrary
>>> > addresses within the executable file in memory
>>> > diStorm64: disassembler library for AMD64, licensed under the BSD
>>> license
>>> > python-ptrace: debugger using ptrace (Linux, BSD and Darwin system call
>>> to
>>> > trace processes) written in Python
>>> >
>>> > Fuzzing
>>> >
>>> > Sulley: fuzzer development and fuzz testing framework consisting of
>>> multiple
>>> > extensible components
>>> > Peach Fuzzing Platform: extensible fuzzing framework for generation and
>>> > mutation based fuzzing
>>> > antiparser: fuzz testing and fault injection API
>>> > TAOF, including ProxyFuzz, a man-in-the-middle non-deterministic
>>> network
>>> > fuzzer
>>> > untidy: general purpose XML fuzzer
>>> > Powerfuzzer: highly automated and fully customizable web fuzzer (HTTP
>>> > protocol based application fuzzer)
>>> > FileP: file fuzzer. Generates mutated files from a list of source files
>>> and
>>> > feeds them to an external program in batches
>>> > SMUDGE
>>> > Mistress: probe file formats on the fly and protocols with malformed
>>> data,
>>> > based on pre-defined patterns
>>> > Fuzzbox: multi-codec media fuzzer
>>> > Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems, and
>>> file
>>> > systems containing fuzzed files in order to test the robustness of
>>> forensics
>>> > tools and examination systems
>>> > Windows IPC Fuzzing Tools: tools used to fuzz applications that use
>>> Windows
>>> > Interprocess Communication mechanisms
>>> > WSBang: perform automated security testing of SOAP based web services
>>> > Construct: library for parsing and building of data structures (binary
>>> or
>>> > textual). Define your data structures in a declarative manner
>>> > fuzzer.py (feliam): simple fuzzer by Felipe Andres anzano
>>> >
>>> > Web
>>> >
>>> > ProxMon: processes proxy logs and reports discovered issues
>>> > WSMap: find web service endpoints and discovery files
>>> > Twill: browse the Web from a command-line interface. Supports automated
>>> Web
>>> > testing
>>> > Windmill: web testing tool designed to let you painlessly automate and
>>> debug
>>> > your web application
>>> > FunkLoad: functional and load web tester
>>> >
>>> > Forensics
>>> >
>>> > Volatility: extract digital artifacts from volatile memory (RAM)
>>> samples
>>> > SandMan: read the hibernation file, regardless of Windows version
>>> > LibForensics: library for developing digital forensics applications
>>> > TrIDLib, identify file types from their binary signatures. Now includes
>>> > Python binding
>>> >
>>> > Malware analysis
>>> >
>>> > pyew: command line hexadecimal editor and disassembler, mainly to
>>> analyze
>>> > malware
>>> > Didier Stevens' PDF tools: analyse, identify and create PDF files
>>> (includes
>>> > PDFiD, pdf-parser and make-pdf and mPDF)
>>> > Origapy: Python wrapper for the Origami Ruby module which sanitizes PDF
>>> > files
>>> > Exefilter: filter file formats in e-mails, web pages or files. Detects
>>> many
>>> > common file formats and can remove active content
>>> > pyClamAV: add virus detection capabilities to your Python software
>>> >
>>> > Misc
>>> >
>>> > InlineEgg: toolbox of classes for writing small assembly programs in
>>> Python
>>> > Exomind: framework for building decorated graphs and developing
>>> open-source
>>> > intelligence modules and ideas, centered on social network services,
>>> search
>>> > engines and instant messaging
>>> > RevHosts: enumerate virtual hosts for a given IP address
>>> > simplejson: JSON encoder/decoder, e.g. to use Google's AJAX API
>>> >
>>> > Other useful libraries and tools
>>> >
>>> > IPython: enhanced interactive Python shell with many features for
>>> object
>>> > introspection, system shell access, and its own special command system
>>> > Beautiful Soup: HTML parser optimized for screen-scraping
>>> > matplotlib: make 2D plots of arrays
>>> > Mayavi: 3D scientific data visualization and plotting
>>> > RTGraph3D: create dynamic graphs in 3D
>>> > Twisted: event-driven networking engine
>>> > Suds: lightweight SOAP client for consuming Web Services
>>> > M2Crypto: most complete OpenSSL wrapper
>>> > NetworkX: graph library (edges, nodes)
>>> > pyparsing: general parsing module
>>> > lxml: most feature-rich and easy-to-use library for working with XML
>>> and
>>> > HTML in the Python language
>>> > Pexpect: control and automate other programs, similar to Don Libes
>>> `Expect`
>>> > system
>>> > Sikuli, visual technology to search and automate GUIs using
>>> screenshots.
>>> > Scriptable in Jython
>>> >
>>> >
>>> >
>>> >
>>> > Regards,
>>> > Admin Office
>>> > OWASP Malaysia
>>> >
>>> > _______________________________________________
>>> > Owasp-Malaysia mailing list
>>> > Owasp-Malaysia at lists.owasp.org
>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>> >
>>> > OWASP Malaysia Wiki
>>> > http://www.owasp.org/index.php/Malaysia
>>> >
>>> > OWASP Malaysia Wiki Facebook
>>> >
>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>> >
>>> _______________________________________________
>>> Owasp-Malaysia mailing list
>>> Owasp-Malaysia at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>
>>> OWASP Malaysia Wiki
>>> http://www.owasp.org/index.php/Malaysia
>>>
>>> OWASP Malaysia Wiki Facebook
>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>
>>
>>
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>
> Regards,
> Admin Office
> OWASP Malaysia
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20110110/ccadb96f/attachment-0001.html 


More information about the Owasp-Malaysia mailing list