-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.atstake.com/research/tools/index.html#vulnerability_scanning SPIKE is a Fuzzer Creation Kit in C - basically an attempt to write a generic protocol API that is easy to use and reasonably complete. This version of SPIKE includes demonstration fuzzers that do web application and DCE-RPC (MSRPC) fuzzing. Also included is a web server NTLM Authentication brute forcer implemented with SPIKE, and a few example fuzzers that do nothing, but demonstrate how to use the API. The web application fuzzing is done by capturing client requests (a modified version of Dug Song's webmitm is included which works very well for SSL connections) and then running those through a perl script which generates .c files. When compiled, these programs will then iterate through all the variables in a request with various attack strings. The entire package is released under the GPL, version 2.0. Enjoy! And, as always, send questions, comments, flames, personal issues, dumb questions, and vicious ferrets muzzled with duct tape to: daitelat_private Dave Aitel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7y3L09iGGtHdhlgMRAu1OAJ0XUJLAvJhPKm3pkPIWw3Nt82xFCACeJJgK hovFcB2YFZz0iyx11hi+s+Y= =tQwS -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 21:39:31 PDT