Nexus: Fuzzer

SFTPfuzzer (Simple FTP Fuzzer) is a very simple software written in Python 2.7 (by 0x8b30cc), that allows you to easily fuzz username and password field in an FTP Server, looking for a buffer overflow vulnerability.

SFTPfuzzer is written in a very simple way, and the code is well commented, allowing you to easily understand what is going on and easily edit the software. The code is licensed under GNU General Public License (GPL v3), if you want to know more read here.

Usage:

You can use SFTPfuzzer.py in two ways, manual mode and arguments mode.

If you want to manually add target ip address (RHOST) and target port (RPORT), you just need to run:

$ python SFTPfuzzer.py

If you want to add command line arguments, then the usage will be like this:

$ python SFTPfuzzer.py -t  -p

For example:

$ python SFTPfuzzer.py -t 192.168.1.8 -p 21

Download SFTPfuzzer

[WinAppDbg 1.5] Python Debugger

By 0x000216

Read

0 Comments

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment.

It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows.

The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes.

Current features also include disassembling x86/x64 native code, debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing.

What’s new in this version?

In a nutshell…

full 64-bit support (including function hooks!)
added support for Windows Vista and above.
database code migrated to SQLAlchemy, tested on:
- MySQL
- SQLite 3
- Microsoft SQL Server
should work on other servers too (let me know if it doesn’t!)
added integration with more disassemblers:
- BeaEngine: http://www.beaengine.org/
- Capstone: http://capstone-engine.org/
- Libdisassemble: http://www.immunitysec.com/resources-freesoftware.shtml
- PyDasm: https://code.google.com/p/libdasm/
added support for postmortem (just-in-time) debugging
added support for deferred breakpoints
now fully supports manipulating and debugging system services
the interactive command-line debugger is now launchable from your scripts (thanks Zen One for the idea!)
more UAC-friendly, only requests the privileges it needs before any action
added functions to work with UAC and different privilege levels, so it’s now possible to run debugees with lower privileges than the debugger
added memory search and registry search support
added string extraction functionality
added functions to work with DEP settings
added a new event handler, EventSift, that can greatly simplify coding a debugger script to run multiple targets at the same time
added new utility functions to work with colored console output
several improvements to the Crash Logger tool
integration with already open debugging sessions from other libraries is now possible
improvements to the Process and GUI instrumentation functionality
implemented more anti-antidebug tricks
more tools and code examples, and improvements to the existing ones
more Win32 API wrappers
lots of miscellaneous improvements, more documentation and bugfixes as usual!

Download WinAppDbg 1.5

Nexus

Simple FTP Fuzzer - SFTPfuzzer

[WinAppDbg 1.5] Python Debugger

[DotDotPwn v3.0.1] The Directory Traversal Fuzzer

Recent Posts

Facebook