[Owasp-Malaysia] Python tools for penetration testers

Mohd Fazli Azran mfazliazran at gmail.com
Mon Jan 10 00:52:29 EST 2011


LOL.. pasal link pun nak bising2 dalam mailing list nie. Eden rasa eloknya
la Admin OWASP post jek apa2 yang patut tak kisah le ada link ke takde link
ke peduli apa... yang penting benda yang nak dikongsi tu sampai. Yang tukang
complaint link ni pulak kalau banyak ilmu kongsi2 kan kepada kawan2 yang
lain nie.. jangan nak tau komplen ja... :D

On Mon, Jan 10, 2011 at 1:45 PM, C0r3 Machin3gun
<c0r3machin3gun at gmail.com>wrote:

> you can use translate.google.com next time.. :) btw providing link to the
> original post is as:
>
> 1) select the url
> 2) Ctrl + C
> 3) Go to the end of your email post
> 4) Write : "Source: "
> 5) And paste the URL
>
>
> On 10 January 2011 13:41, OWASP Malaysia <admin at owasp.my> wrote:
>
>> Dear Core Machinegun a.k.a MK47
>>
>> Yes that was from there. We get this from OWASP project lead about this
>> Python and want us to post to OWASP Malaysia. It nothing just to share to
>> members. If you have another source of link or others project please do so.
>> We hope you can post every week and share what you know and sharing to us.
>> Don't just complaining.We thought you are mature but complaint about link it
>> not like professional but link childish :P. We will post every source that
>> we have to share to members without link or not it doesn't matter. Sharing
>> Is Caring :)
>>
>>
>> On Mon, Jan 10, 2011 at 12:45 PM, C0r3 Machin3gun <
>> c0r3machin3gun at gmail.com> wrote:
>>
>>> plagiarism!
>>>
>>> http://dirk-loss.de/python-tools.htm
>>>
>>> libemu is a small library written in C offering basic x86 emulation and
>>> shellcode detection using GetPC heuristics. <= libemu is written in C.. but
>>> yes.. there is a python binding for it.. but still.. libemu is written in C
>>>
>>>
>>> On 10 January 2011 11:50, najmi.zabidi at gmail.com <najmi.zabidi at gmail.com
>>> > wrote:
>>>
>>>> For me I like libemu for shellcode detection which was written in
>>>> Python (not listed).
>>>>
>>>> Thanks for the list Fazli, rajin hang compile semua ni. Aku save dalam
>>>> Springpad ni kot2 next time nak refer.
>>>>
>>>>
>>>> On Mon, Jan 10, 2011 at 10:10 AM, OWASP Malaysia <admin at owasp.my>
>>>> wrote:
>>>> > Dear all,
>>>> >
>>>> > This is for python Fan and if you are realy developer on it. Please
>>>> free to
>>>> > test it and if you have time please sent some report what your exactly
>>>> do
>>>> > for this tool.This is collection for who love python as their part of
>>>> life.
>>>> > Please FREE and use this as you know this is Open Source Software. if
>>>> you
>>>> > are involved in vulnerability research, reverse engineering or
>>>> penetration
>>>> > testing, We suggest to try out the Python programming language. It has
>>>> a
>>>> > rich set of useful libraries and programs.
>>>> >
>>>> > Most of the listed tools are written in Python, others are just Python
>>>> > bindings for existing C libraries, i.e. they make those libraries
>>>> easily
>>>> > usable from Python programs.
>>>> >
>>>> > Some of the more aggressive tools (pentest frameworks, bluetooth
>>>> smashers,
>>>> > web application vulnerability scanners, war-dialers, etc.) are left
>>>> out,
>>>> > because the legal situation of these tools is still a bit unclear not
>>>> at
>>>> > Malaysia. This list is clearly meant to help whitehats, and for now we
>>>> > prefer to on the safe side.
>>>> >
>>>> > Network
>>>> >
>>>> > Scapy: send, sniff and dissect and forge network packets. Usable
>>>> > interactively or as a library
>>>> > pypcap, Pcapy and pylibpcap: several different Python bindings for
>>>> libpcap
>>>> > libdnet: low-level networking routines, including interface lookup and
>>>> > Ethernet frame transmission
>>>> > dpkt: fast, simple packet creation/parsing, with definitions for the
>>>> basic
>>>> > TCP/IP protocols
>>>> > Impacket: craft and decode network packets. Includes support for
>>>> > higher-level protocols such as NMB and SMB
>>>> > pynids: libnids wrapper offering sniffing, IP defragmentation, TCP
>>>> stream
>>>> > reassembly and port scan detection
>>>> > Dirtbags py-pcap: read pcap files without libpcap
>>>> > flowgrep: grep through packet payloads using regular expressions
>>>> > httplib2: comprehensive HTTP client library that supports many
>>>> features left
>>>> > out of other HTTP libraries
>>>> >
>>>> > Debugging and reverse engineering
>>>> >
>>>> > Paimei: reverse engineering framework, includes PyDBG, PIDA, pGRAPH
>>>> > Immunity Debugger: scriptable GUI and command line debugger
>>>> > IDAPython: IDA Pro plugin that integrates the Python programming
>>>> language,
>>>> > allowing scripts to run in IDA Pro
>>>> > PyEMU: fully scriptable IA-32 emulator, useful for malware analysis
>>>> > pefile: read and work with Portable Executable (aka PE) files
>>>> > pydasm: Python interface to the libdasm x86 disassembling library
>>>> > PyDbgEng: Python wrapper for the Microsoft Windows Debugging Engine
>>>> > uhooker: intercept calls to API calls inside DLLs, and also arbitrary
>>>> > addresses within the executable file in memory
>>>> > diStorm64: disassembler library for AMD64, licensed under the BSD
>>>> license
>>>> > python-ptrace: debugger using ptrace (Linux, BSD and Darwin system
>>>> call to
>>>> > trace processes) written in Python
>>>> >
>>>> > Fuzzing
>>>> >
>>>> > Sulley: fuzzer development and fuzz testing framework consisting of
>>>> multiple
>>>> > extensible components
>>>> > Peach Fuzzing Platform: extensible fuzzing framework for generation
>>>> and
>>>> > mutation based fuzzing
>>>> > antiparser: fuzz testing and fault injection API
>>>> > TAOF, including ProxyFuzz, a man-in-the-middle non-deterministic
>>>> network
>>>> > fuzzer
>>>> > untidy: general purpose XML fuzzer
>>>> > Powerfuzzer: highly automated and fully customizable web fuzzer (HTTP
>>>> > protocol based application fuzzer)
>>>> > FileP: file fuzzer. Generates mutated files from a list of source
>>>> files and
>>>> > feeds them to an external program in batches
>>>> > SMUDGE
>>>> > Mistress: probe file formats on the fly and protocols with malformed
>>>> data,
>>>> > based on pre-defined patterns
>>>> > Fuzzbox: multi-codec media fuzzer
>>>> > Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems,
>>>> and file
>>>> > systems containing fuzzed files in order to test the robustness of
>>>> forensics
>>>> > tools and examination systems
>>>> > Windows IPC Fuzzing Tools: tools used to fuzz applications that use
>>>> Windows
>>>> > Interprocess Communication mechanisms
>>>> > WSBang: perform automated security testing of SOAP based web services
>>>> > Construct: library for parsing and building of data structures (binary
>>>> or
>>>> > textual). Define your data structures in a declarative manner
>>>> > fuzzer.py (feliam): simple fuzzer by Felipe Andres anzano
>>>> >
>>>> > Web
>>>> >
>>>> > ProxMon: processes proxy logs and reports discovered issues
>>>> > WSMap: find web service endpoints and discovery files
>>>> > Twill: browse the Web from a command-line interface. Supports
>>>> automated Web
>>>> > testing
>>>> > Windmill: web testing tool designed to let you painlessly automate and
>>>> debug
>>>> > your web application
>>>> > FunkLoad: functional and load web tester
>>>> >
>>>> > Forensics
>>>> >
>>>> > Volatility: extract digital artifacts from volatile memory (RAM)
>>>> samples
>>>> > SandMan: read the hibernation file, regardless of Windows version
>>>> > LibForensics: library for developing digital forensics applications
>>>> > TrIDLib, identify file types from their binary signatures. Now
>>>> includes
>>>> > Python binding
>>>> >
>>>> > Malware analysis
>>>> >
>>>> > pyew: command line hexadecimal editor and disassembler, mainly to
>>>> analyze
>>>> > malware
>>>> > Didier Stevens' PDF tools: analyse, identify and create PDF files
>>>> (includes
>>>> > PDFiD, pdf-parser and make-pdf and mPDF)
>>>> > Origapy: Python wrapper for the Origami Ruby module which sanitizes
>>>> PDF
>>>> > files
>>>> > Exefilter: filter file formats in e-mails, web pages or files. Detects
>>>> many
>>>> > common file formats and can remove active content
>>>> > pyClamAV: add virus detection capabilities to your Python software
>>>> >
>>>> > Misc
>>>> >
>>>> > InlineEgg: toolbox of classes for writing small assembly programs in
>>>> Python
>>>> > Exomind: framework for building decorated graphs and developing
>>>> open-source
>>>> > intelligence modules and ideas, centered on social network services,
>>>> search
>>>> > engines and instant messaging
>>>> > RevHosts: enumerate virtual hosts for a given IP address
>>>> > simplejson: JSON encoder/decoder, e.g. to use Google's AJAX API
>>>> >
>>>> > Other useful libraries and tools
>>>> >
>>>> > IPython: enhanced interactive Python shell with many features for
>>>> object
>>>> > introspection, system shell access, and its own special command system
>>>> > Beautiful Soup: HTML parser optimized for screen-scraping
>>>> > matplotlib: make 2D plots of arrays
>>>> > Mayavi: 3D scientific data visualization and plotting
>>>> > RTGraph3D: create dynamic graphs in 3D
>>>> > Twisted: event-driven networking engine
>>>> > Suds: lightweight SOAP client for consuming Web Services
>>>> > M2Crypto: most complete OpenSSL wrapper
>>>> > NetworkX: graph library (edges, nodes)
>>>> > pyparsing: general parsing module
>>>> > lxml: most feature-rich and easy-to-use library for working with XML
>>>> and
>>>> > HTML in the Python language
>>>> > Pexpect: control and automate other programs, similar to Don Libes
>>>> `Expect`
>>>> > system
>>>> > Sikuli, visual technology to search and automate GUIs using
>>>> screenshots.
>>>> > Scriptable in Jython
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > Regards,
>>>> > Admin Office
>>>> > OWASP Malaysia
>>>> >
>>>> > _______________________________________________
>>>> > Owasp-Malaysia mailing list
>>>> > Owasp-Malaysia at lists.owasp.org
>>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>> >
>>>> > OWASP Malaysia Wiki
>>>> > http://www.owasp.org/index.php/Malaysia
>>>> >
>>>> > OWASP Malaysia Wiki Facebook
>>>> >
>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>> >
>>>> _______________________________________________
>>>> Owasp-Malaysia mailing list
>>>> Owasp-Malaysia at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>
>>>> OWASP Malaysia Wiki
>>>> http://www.owasp.org/index.php/Malaysia
>>>>
>>>> OWASP Malaysia Wiki Facebook
>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-Malaysia mailing list
>>> Owasp-Malaysia at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>
>>> OWASP Malaysia Wiki
>>> http://www.owasp.org/index.php/Malaysia
>>>
>>> OWASP Malaysia Wiki Facebook
>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>
>>
>> Regards,
>> Admin Office
>> OWASP Malaysia
>>
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20110110/f65edce5/attachment-0001.html 


More information about the Owasp-Malaysia mailing list