[Owasp-Malaysia] Python tools for penetration testers

C0r3 Machin3gun c0r3machin3gun at gmail.com
Mon Jan 10 00:59:04 EST 2011


okay! i'm agree with this point [i'm not complaining ;)  ]

On 10 January 2011 13:57, Adnan bin Mohd Shukor <adnan.shukor at gmail.com>wrote:

> http://curl.haxx.se/mail/etiquette.html most of the item kat page nie
> relevant untuk dijadikan panduan..
>
> wallahua'lam
>
>
> On 10 January 2011 13:52, Mohd Fazli Azran <mfazliazran at gmail.com> wrote:
>
>> LOL.. pasal link pun nak bising2 dalam mailing list nie. Eden rasa eloknya
>> la Admin OWASP post jek apa2 yang patut tak kisah le ada link ke takde link
>> ke peduli apa... yang penting benda yang nak dikongsi tu sampai. Yang tukang
>> complaint link ni pulak kalau banyak ilmu kongsi2 kan kepada kawan2 yang
>> lain nie.. jangan nak tau komplen ja... :D
>>
>>
>> On Mon, Jan 10, 2011 at 1:45 PM, C0r3 Machin3gun <
>> c0r3machin3gun at gmail.com> wrote:
>>
>>> you can use translate.google.com next time.. :) btw providing link to
>>> the original post is as:
>>>
>>> 1) select the url
>>> 2) Ctrl + C
>>> 3) Go to the end of your email post
>>> 4) Write : "Source: "
>>> 5) And paste the URL
>>>
>>>
>>> On 10 January 2011 13:41, OWASP Malaysia <admin at owasp.my> wrote:
>>>
>>>> Dear Core Machinegun a.k.a MK47
>>>>
>>>> Yes that was from there. We get this from OWASP project lead about this
>>>> Python and want us to post to OWASP Malaysia. It nothing just to share to
>>>> members. If you have another source of link or others project please do so.
>>>> We hope you can post every week and share what you know and sharing to us.
>>>> Don't just complaining.We thought you are mature but complaint about link it
>>>> not like professional but link childish :P. We will post every source that
>>>> we have to share to members without link or not it doesn't matter. Sharing
>>>> Is Caring :)
>>>>
>>>>
>>>> On Mon, Jan 10, 2011 at 12:45 PM, C0r3 Machin3gun <
>>>> c0r3machin3gun at gmail.com> wrote:
>>>>
>>>>> plagiarism!
>>>>>
>>>>> http://dirk-loss.de/python-tools.htm
>>>>>
>>>>> libemu is a small library written in C offering basic x86 emulation and
>>>>> shellcode detection using GetPC heuristics. <= libemu is written in C.. but
>>>>> yes.. there is a python binding for it.. but still.. libemu is written in C
>>>>>
>>>>>
>>>>> On 10 January 2011 11:50, najmi.zabidi at gmail.com <
>>>>> najmi.zabidi at gmail.com> wrote:
>>>>>
>>>>>> For me I like libemu for shellcode detection which was written in
>>>>>> Python (not listed).
>>>>>>
>>>>>> Thanks for the list Fazli, rajin hang compile semua ni. Aku save dalam
>>>>>> Springpad ni kot2 next time nak refer.
>>>>>>
>>>>>>
>>>>>> On Mon, Jan 10, 2011 at 10:10 AM, OWASP Malaysia <admin at owasp.my>
>>>>>> wrote:
>>>>>> > Dear all,
>>>>>> >
>>>>>> > This is for python Fan and if you are realy developer on it. Please
>>>>>> free to
>>>>>> > test it and if you have time please sent some report what your
>>>>>> exactly do
>>>>>> > for this tool.This is collection for who love python as their part
>>>>>> of life.
>>>>>> > Please FREE and use this as you know this is Open Source Software.
>>>>>> if you
>>>>>> > are involved in vulnerability research, reverse engineering or
>>>>>> penetration
>>>>>> > testing, We suggest to try out the Python programming language. It
>>>>>> has a
>>>>>> > rich set of useful libraries and programs.
>>>>>> >
>>>>>> > Most of the listed tools are written in Python, others are just
>>>>>> Python
>>>>>> > bindings for existing C libraries, i.e. they make those libraries
>>>>>> easily
>>>>>> > usable from Python programs.
>>>>>> >
>>>>>> > Some of the more aggressive tools (pentest frameworks, bluetooth
>>>>>> smashers,
>>>>>> > web application vulnerability scanners, war-dialers, etc.) are left
>>>>>> out,
>>>>>> > because the legal situation of these tools is still a bit unclear
>>>>>> not at
>>>>>> > Malaysia. This list is clearly meant to help whitehats, and for now
>>>>>> we
>>>>>> > prefer to on the safe side.
>>>>>> >
>>>>>> > Network
>>>>>> >
>>>>>> > Scapy: send, sniff and dissect and forge network packets. Usable
>>>>>> > interactively or as a library
>>>>>> > pypcap, Pcapy and pylibpcap: several different Python bindings for
>>>>>> libpcap
>>>>>> > libdnet: low-level networking routines, including interface lookup
>>>>>> and
>>>>>> > Ethernet frame transmission
>>>>>> > dpkt: fast, simple packet creation/parsing, with definitions for the
>>>>>> basic
>>>>>> > TCP/IP protocols
>>>>>> > Impacket: craft and decode network packets. Includes support for
>>>>>> > higher-level protocols such as NMB and SMB
>>>>>> > pynids: libnids wrapper offering sniffing, IP defragmentation, TCP
>>>>>> stream
>>>>>> > reassembly and port scan detection
>>>>>> > Dirtbags py-pcap: read pcap files without libpcap
>>>>>> > flowgrep: grep through packet payloads using regular expressions
>>>>>> > httplib2: comprehensive HTTP client library that supports many
>>>>>> features left
>>>>>> > out of other HTTP libraries
>>>>>> >
>>>>>> > Debugging and reverse engineering
>>>>>> >
>>>>>> > Paimei: reverse engineering framework, includes PyDBG, PIDA, pGRAPH
>>>>>> > Immunity Debugger: scriptable GUI and command line debugger
>>>>>> > IDAPython: IDA Pro plugin that integrates the Python programming
>>>>>> language,
>>>>>> > allowing scripts to run in IDA Pro
>>>>>> > PyEMU: fully scriptable IA-32 emulator, useful for malware analysis
>>>>>> > pefile: read and work with Portable Executable (aka PE) files
>>>>>> > pydasm: Python interface to the libdasm x86 disassembling library
>>>>>> > PyDbgEng: Python wrapper for the Microsoft Windows Debugging Engine
>>>>>> > uhooker: intercept calls to API calls inside DLLs, and also
>>>>>> arbitrary
>>>>>> > addresses within the executable file in memory
>>>>>> > diStorm64: disassembler library for AMD64, licensed under the BSD
>>>>>> license
>>>>>> > python-ptrace: debugger using ptrace (Linux, BSD and Darwin system
>>>>>> call to
>>>>>> > trace processes) written in Python
>>>>>> >
>>>>>> > Fuzzing
>>>>>> >
>>>>>> > Sulley: fuzzer development and fuzz testing framework consisting of
>>>>>> multiple
>>>>>> > extensible components
>>>>>> > Peach Fuzzing Platform: extensible fuzzing framework for generation
>>>>>> and
>>>>>> > mutation based fuzzing
>>>>>> > antiparser: fuzz testing and fault injection API
>>>>>> > TAOF, including ProxyFuzz, a man-in-the-middle non-deterministic
>>>>>> network
>>>>>> > fuzzer
>>>>>> > untidy: general purpose XML fuzzer
>>>>>> > Powerfuzzer: highly automated and fully customizable web fuzzer
>>>>>> (HTTP
>>>>>> > protocol based application fuzzer)
>>>>>> > FileP: file fuzzer. Generates mutated files from a list of source
>>>>>> files and
>>>>>> > feeds them to an external program in batches
>>>>>> > SMUDGE
>>>>>> > Mistress: probe file formats on the fly and protocols with malformed
>>>>>> data,
>>>>>> > based on pre-defined patterns
>>>>>> > Fuzzbox: multi-codec media fuzzer
>>>>>> > Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems,
>>>>>> and file
>>>>>> > systems containing fuzzed files in order to test the robustness of
>>>>>> forensics
>>>>>> > tools and examination systems
>>>>>> > Windows IPC Fuzzing Tools: tools used to fuzz applications that use
>>>>>> Windows
>>>>>> > Interprocess Communication mechanisms
>>>>>> > WSBang: perform automated security testing of SOAP based web
>>>>>> services
>>>>>> > Construct: library for parsing and building of data structures
>>>>>> (binary or
>>>>>> > textual). Define your data structures in a declarative manner
>>>>>> > fuzzer.py (feliam): simple fuzzer by Felipe Andres anzano
>>>>>> >
>>>>>> > Web
>>>>>> >
>>>>>> > ProxMon: processes proxy logs and reports discovered issues
>>>>>> > WSMap: find web service endpoints and discovery files
>>>>>> > Twill: browse the Web from a command-line interface. Supports
>>>>>> automated Web
>>>>>> > testing
>>>>>> > Windmill: web testing tool designed to let you painlessly automate
>>>>>> and debug
>>>>>> > your web application
>>>>>> > FunkLoad: functional and load web tester
>>>>>> >
>>>>>> > Forensics
>>>>>> >
>>>>>> > Volatility: extract digital artifacts from volatile memory (RAM)
>>>>>> samples
>>>>>> > SandMan: read the hibernation file, regardless of Windows version
>>>>>> > LibForensics: library for developing digital forensics applications
>>>>>> > TrIDLib, identify file types from their binary signatures. Now
>>>>>> includes
>>>>>> > Python binding
>>>>>> >
>>>>>> > Malware analysis
>>>>>> >
>>>>>> > pyew: command line hexadecimal editor and disassembler, mainly to
>>>>>> analyze
>>>>>> > malware
>>>>>> > Didier Stevens' PDF tools: analyse, identify and create PDF files
>>>>>> (includes
>>>>>> > PDFiD, pdf-parser and make-pdf and mPDF)
>>>>>> > Origapy: Python wrapper for the Origami Ruby module which sanitizes
>>>>>> PDF
>>>>>> > files
>>>>>> > Exefilter: filter file formats in e-mails, web pages or files.
>>>>>> Detects many
>>>>>> > common file formats and can remove active content
>>>>>> > pyClamAV: add virus detection capabilities to your Python software
>>>>>> >
>>>>>> > Misc
>>>>>> >
>>>>>> > InlineEgg: toolbox of classes for writing small assembly programs in
>>>>>> Python
>>>>>> > Exomind: framework for building decorated graphs and developing
>>>>>> open-source
>>>>>> > intelligence modules and ideas, centered on social network services,
>>>>>> search
>>>>>> > engines and instant messaging
>>>>>> > RevHosts: enumerate virtual hosts for a given IP address
>>>>>> > simplejson: JSON encoder/decoder, e.g. to use Google's AJAX API
>>>>>> >
>>>>>> > Other useful libraries and tools
>>>>>> >
>>>>>> > IPython: enhanced interactive Python shell with many features for
>>>>>> object
>>>>>> > introspection, system shell access, and its own special command
>>>>>> system
>>>>>> > Beautiful Soup: HTML parser optimized for screen-scraping
>>>>>> > matplotlib: make 2D plots of arrays
>>>>>> > Mayavi: 3D scientific data visualization and plotting
>>>>>> > RTGraph3D: create dynamic graphs in 3D
>>>>>> > Twisted: event-driven networking engine
>>>>>> > Suds: lightweight SOAP client for consuming Web Services
>>>>>> > M2Crypto: most complete OpenSSL wrapper
>>>>>> > NetworkX: graph library (edges, nodes)
>>>>>> > pyparsing: general parsing module
>>>>>> > lxml: most feature-rich and easy-to-use library for working with XML
>>>>>> and
>>>>>> > HTML in the Python language
>>>>>> > Pexpect: control and automate other programs, similar to Don Libes
>>>>>> `Expect`
>>>>>> > system
>>>>>> > Sikuli, visual technology to search and automate GUIs using
>>>>>> screenshots.
>>>>>> > Scriptable in Jython
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > Regards,
>>>>>> > Admin Office
>>>>>> > OWASP Malaysia
>>>>>> >
>>>>>> > _______________________________________________
>>>>>> > Owasp-Malaysia mailing list
>>>>>> > Owasp-Malaysia at lists.owasp.org
>>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>>> >
>>>>>> > OWASP Malaysia Wiki
>>>>>> > http://www.owasp.org/index.php/Malaysia
>>>>>> >
>>>>>> > OWASP Malaysia Wiki Facebook
>>>>>> >
>>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>>> >
>>>>>> _______________________________________________
>>>>>> Owasp-Malaysia mailing list
>>>>>> Owasp-Malaysia at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>>>
>>>>>> OWASP Malaysia Wiki
>>>>>> http://www.owasp.org/index.php/Malaysia
>>>>>>
>>>>>> OWASP Malaysia Wiki Facebook
>>>>>>
>>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-Malaysia mailing list
>>>>> Owasp-Malaysia at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>>
>>>>> OWASP Malaysia Wiki
>>>>> http://www.owasp.org/index.php/Malaysia
>>>>>
>>>>> OWASP Malaysia Wiki Facebook
>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>>
>>>>
>>>> Regards,
>>>> Admin Office
>>>> OWASP Malaysia
>>>>
>>>> _______________________________________________
>>>> Owasp-Malaysia mailing list
>>>> Owasp-Malaysia at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>
>>>> OWASP Malaysia Wiki
>>>> http://www.owasp.org/index.php/Malaysia
>>>>
>>>> OWASP Malaysia Wiki Facebook
>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-Malaysia mailing list
>>> Owasp-Malaysia at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>
>>> OWASP Malaysia Wiki
>>> http://www.owasp.org/index.php/Malaysia
>>>
>>> OWASP Malaysia Wiki Facebook
>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>
>>
>>
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20110110/65cee4ca/attachment-0001.html 


More information about the Owasp-Malaysia mailing list