[ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg

Discussion in 'Python' started by CORE Security Technologies, Nov 27, 2003.

  1. Core Security Technologies acknowledges the increasing interest on its
    products and technologies and therefore wants to share part of them with
    the developers out there in the spirit of creating an open user
    community around its key components and give back to the community the
    results of our ongoing development.
    These are indeed primary components of our software, CORE IMPACT, and
    not the regular free giveaways you'd get somewhere else. As such they
    are being actively maintained by our team.

    Python developers, network administrators, penetration testers,
    vulnerability researchers and information security practitioners in
    general may find this packages useful.

    All the tools described in this announce are available at
    http://oss.coresecurity.com/

    Today we are announcing the public release of the following components:

    Pcapy-0.10.2
    Impacket-0.9.4
    InlineEgg-1.02

    And there is still more coming... enjoy!

    OSS at coresecurity.com


    A brief description of the components and bundled tools is provided below

    -OSS projects released November 27th, 2003-

    Pcapy
    http://oss.coresecurity.com/projects/pcapy.html

    Pcapy is a Python extension module that enables software written in
    Python to access the routines from the pcap packet capture library.

    From libpcap's documentation: Libpcap is a system–independent interface
    for user–level packet capture. Libpcap provides a portable framework for
    low–level network monitoring. Applications include network statistics
    collection, security monitoring, network debugging, etc.

    Pcapy is most useful when used together with a packet handling package
    such as Impacket, a collection of Python classes for constructing and
    dissecting network packets.

    What makes pcapy different from the others?

    * works with Python threads.
    * works both in UNIX with libpcap and Windows with WinPcap.
    * provides a simpler Object Oriented API.

    Impacket
    http://oss.coresecurity.com/projects/impacket.html

    Impacket is a collection of Python classes for working with network
    protocols. Impacket is mostly focused on providing low–level
    programmatic access to the packets, however some protocols (for instance
    NMB and SMB) are implemented in a higher level as a foundation for other
    protocols.

    Packets can be constructed from scratch, as well as parsed from raw
    data, and the object oriented API makes it simple to work with deep
    hierarchies of protocols.

    Impacket is most useful when used together with a packet capture utility
    or package such as Pcapy, an object oriented Python extension for
    capturing network packets.

    What protocols are featured?

    * Ethernet, Linux "Cooked" capture.
    * IP, TCP, UDP, ICMP, IGMP, ARP.
    * NMB and SMB (high–level implementations).
    * DCE/RPC versions 4 and 5, over different transports: UDP (version
    4 exclusively), TCP, SMB/TCP, SMB/NetBIOS and HTTP.
    * Portions of the following DCE/RPC interfaces: Conv, DCOM, EPM,
    SAMR, SvcCtl, WinReg.

    What tools are included?

    We bundle some tools with Impacket which are mostly intended for
    documentation purposes, but that are worth mentioning as they might be
    useful even for non–programmers and those who don't plan to develop with
    this library.

    RPCDump
    An application that communicates with the Endpoint Mapper interface
    from the DCE/RPC suite and displays it in a more or less human readable
    form. This can be used to list services which are remotely available
    through DCE/RPC, such as the Windows Messenger.

    SAMRDump
    An application that communicates with the Security Account Manager
    Remote interface from the DCE/RPC suite and lists system user accounts,
    available resource shares and other sensitive information exported
    through this service.

    Tracer
    A grapher written using Tkinter that displays a parallel coordinates
    graph of captured traffic. It's very easy to find network usage patterns
    with this type of graphs, and therefore to detect unexpected variations.
    At the moment Tracer only supports TCP and UDP traffic, but can be
    easily extended to handle other protocols.

    Split
    A small tool that can split any pcap supported capture file into
    several smaller fires, separated by connection. This was developed to
    address the need to feed several hundred–megabyte captures to Ethereal
    in a way that didn't take too long to load. At the moment Split only
    supports TCP streams, but can be easily extended to handle other
    stream–oriented protocols.

    InlineEgg
    http://oss.coresecurity.com/projects/inlineegg.html

    InlineEgg is a Python module that provides the user with a toolbox of
    convenient classes for writing small assembly programs. Only that
    instead of having to remember confusing assembly mnemonics and requiring
    the developer to remember how to use complex tools like assemblers and
    linkers, everything is done the easy way: in Python. InlineEgg is
    oriented —but not limited— to developing shellcode (sometimes called
    eggs) for use in exploits.

    InlineEgg started separately as a pretty simple idea to fulfill a pretty
    simple need, but today it's part of CORE IMPACT's egg creation
    framework. We are releasing it under an open source license for
    non-commercial use in the hope that you'll find it helpful for your own
    projects.
     
    CORE Security Technologies, Nov 27, 2003
    #1
    1. Advertising

  2. CORE Security Technologies

    Jeff Wagner Guest

    The Pcapy Win32 binaries doesn't contain a setup.py file.

    On Thu, 27 Nov 2003 19:38:47 -0300, CORE Security Technologies <> wrotf:

    >
    >Core Security Technologies acknowledges the increasing interest on its
    >products and technologies and therefore wants to share part of them with
    >the developers out there in the spirit of creating an open user
    >community around its key components and give back to the community the
    >results of our ongoing development.
    >These are indeed primary components of our software, CORE IMPACT, and
    >not the regular free giveaways you'd get somewhere else. As such they
    >are being actively maintained by our team.
    >
    >Python developers, network administrators, penetration testers,
    >vulnerability researchers and information security practitioners in
    >general may find this packages useful.
    >
    >All the tools described in this announce are available at
    >http://oss.coresecurity.com/
    >
    >Today we are announcing the public release of the following components:
    >
    > Pcapy-0.10.2
    > Impacket-0.9.4
    > InlineEgg-1.02
    >
    >And there is still more coming... enjoy!
    >
    >OSS at coresecurity.com
    >
    >
    >A brief description of the components and bundled tools is provided below
    >
    >-OSS projects released November 27th, 2003-
    >
    >Pcapy
    >http://oss.coresecurity.com/projects/pcapy.html
    >
    >Pcapy is a Python extension module that enables software written in
    >Python to access the routines from the pcap packet capture library.
    >
    > From libpcap's documentation: Libpcap is a system–independent interface
    >for user–level packet capture. Libpcap provides a portable framework for
    >low–level network monitoring. Applications include network statistics
    >collection, security monitoring, network debugging, etc.
    >
    >Pcapy is most useful when used together with a packet handling package
    >such as Impacket, a collection of Python classes for constructing and
    >dissecting network packets.
    >
    >What makes pcapy different from the others?
    >
    > * works with Python threads.
    > * works both in UNIX with libpcap and Windows with WinPcap.
    > * provides a simpler Object Oriented API.
    >
    >Impacket
    >http://oss.coresecurity.com/projects/impacket.html
    >
    >Impacket is a collection of Python classes for working with network
    >protocols. Impacket is mostly focused on providing low–level
    >programmatic access to the packets, however some protocols (for instance
    >NMB and SMB) are implemented in a higher level as a foundation for other
    >protocols.
    >
    >Packets can be constructed from scratch, as well as parsed from raw
    >data, and the object oriented API makes it simple to work with deep
    >hierarchies of protocols.
    >
    >Impacket is most useful when used together with a packet capture utility
    >or package such as Pcapy, an object oriented Python extension for
    >capturing network packets.
    >
    >What protocols are featured?
    >
    > * Ethernet, Linux "Cooked" capture.
    > * IP, TCP, UDP, ICMP, IGMP, ARP.
    > * NMB and SMB (high–level implementations).
    > * DCE/RPC versions 4 and 5, over different transports: UDP (version
    >4 exclusively), TCP, SMB/TCP, SMB/NetBIOS and HTTP.
    > * Portions of the following DCE/RPC interfaces: Conv, DCOM, EPM,
    >SAMR, SvcCtl, WinReg.
    >
    >What tools are included?
    >
    >We bundle some tools with Impacket which are mostly intended for
    >documentation purposes, but that are worth mentioning as they might be
    >useful even for non–programmers and those who don't plan to develop with
    >this library.
    >
    >RPCDump
    > An application that communicates with the Endpoint Mapper interface
    >from the DCE/RPC suite and displays it in a more or less human readable
    >form. This can be used to list services which are remotely available
    >through DCE/RPC, such as the Windows Messenger.
    >
    >SAMRDump
    > An application that communicates with the Security Account Manager
    >Remote interface from the DCE/RPC suite and lists system user accounts,
    >available resource shares and other sensitive information exported
    >through this service.
    >
    >Tracer
    > A grapher written using Tkinter that displays a parallel coordinates
    >graph of captured traffic. It's very easy to find network usage patterns
    >with this type of graphs, and therefore to detect unexpected variations.
    >At the moment Tracer only supports TCP and UDP traffic, but can be
    >easily extended to handle other protocols.
    >
    >Split
    > A small tool that can split any pcap supported capture file into
    >several smaller fires, separated by connection. This was developed to
    >address the need to feed several hundred–megabyte captures to Ethereal
    >in a way that didn't take too long to load. At the moment Split only
    >supports TCP streams, but can be easily extended to handle other
    >stream–oriented protocols.
    >
    >InlineEgg
    >http://oss.coresecurity.com/projects/inlineegg.html
    >
    >InlineEgg is a Python module that provides the user with a toolbox of
    >convenient classes for writing small assembly programs. Only that
    >instead of having to remember confusing assembly mnemonics and requiring
    >the developer to remember how to use complex tools like assemblers and
    >linkers, everything is done the easy way: in Python. InlineEgg is
    >oriented —but not limited— to developing shellcode (sometimes called
    >eggs) for use in exploits.
    >
    >InlineEgg started separately as a pretty simple idea to fulfill a pretty
    >simple need, but today it's part of CORE IMPACT's egg creation
    >framework. We are releasing it under an open source license for
    >non-commercial use in the hope that you'll find it helpful for your own
    >projects.
    >
    >
     
    Jeff Wagner, Nov 28, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CORE Security Technologies
    Replies:
    0
    Views:
    297
    CORE Security Technologies
    Nov 27, 2003
  2. Replies:
    0
    Views:
    360
  3. billiejoex
    Replies:
    2
    Views:
    477
    billiejoex
    Aug 26, 2005
  4. billiejoex
    Replies:
    2
    Views:
    541
    billiejoex
    Aug 27, 2005
  5. billiejoex

    icmp sniffer with pcapy module

    billiejoex, Sep 9, 2005, in forum: Python
    Replies:
    0
    Views:
    848
    billiejoex
    Sep 9, 2005
Loading...

Share This Page