Click to return home
Site Map  |  Privacy Policy  |  Advisories

About Us

Services

News

Resources
s
Overview
Advisories
Tools
Publications


Contact

 
 greybar
Tools
 greybar
 

The following tools were developed by IOActive; for questions and comments, please contact tools at ioactive dot com.

  • DDS FUZZERS

    This collection of fuzzers can fuzz DHCP servers, iCalendar parsers, IRC clients, Socket system calls, UNIX system calls, and TFTP servers. It also includes mangle.c, a binary file dumb fuzzer that flips some bits. Written in C, Perl, and Python, most of these tools are straightforward and contain only a couple of hundred lines of code.

    Source (.zip)

  • NTLM WEB PROXY

    Simple and precise, this tool's functionality gives you a proxy that spoofs an NTLM request to a domain-joined request, and then forwards the NTLM challenge/response sequence to a targeted server. It works just like SMB Reflection, but over HTTP.

    Source (.zip)

  • JFUZZ 2 V1

    This patent-pending next-generation binary protocol analysis toolset assists with reverse engineering and fuzzing binary protocols and formats. Offering a lean, stripped-down footprint, the analysis GUI has been removed and each step of the process is a separate Test executable within the project. Installation requirements include WinPcap (included with download) and the .NET Framework 2.0.

    Source (.zip)

  • SIMPLE STUPID HTTP V1

    Tired of dealing with easy-to-own HTTP daemons? Don't want dynamic content or super-cool chunked threading? Just want to serve up static content? Stupid Simple V1 lives completely in memory after initial file upload and it performs no dynamic memory access after listening is initialized (unless you specify an interval re-load). Features include the ability to service only valid GET requests, no memory writes except during file load and kernel-level recv(), no dynamic content, no sub-directory support, and no dynamic headers except content-type.

    Source (.zip)

  • MEMSEARCH MEMORY SEARCHING TOOL

    This cross-platform (Linux and Win32) tool allows you to search for trampoline instructions in memory.

    Source (tar.gz)

  • DNSWHAT? SCANNING TOOL

    This tool's functionality is twofold: (1) scan the designated network segment for active DNS servers and (2) sniff off the wire to determine whether DNS servers (localhost or on the local segment) are vulnerable to the new DNS cache poisoning attack.

    Source (.zip)

  • LIBWIFI TOOL KIT

    The libWifi Tool Kit provides researchers with a framework in which to fuzz 802.11 protocols.

    Source (.tgz)

  • SNARK v0.16—HTTP INTERROGATION PROXY

    A so called "attack proxy", Snark allows a user to monitor and edit HTTP requests and responses. Snark can be configured to act as a web proxy, or in a tunnel mode which allows for proxy chaining, or use with other tools. Snark was written in perl and should run in any environment that is supported by perl, and wxWindows.

    Source (.zip)
    NEW! WIN32 Installer (.exe)

  • MORF v0.3—NINJA ENCODER

    Morf is the supreme ninja god of encodings. URL, HTTP, Base64, HEX, MD5, SHA1, UTF-7, the list goes on...

    Source (.zip)
    WIN32 Installer (.exe)

  • SECRET SQUIRREL v0.8—PASSWORD MANAGER

    Secret Squirrel is your basic password manager application written in Java. Runs on all platforms that support recent versions of Java. Uses blowfish and SHA-384, password generation using Java secure random object (fully configurable), password groups, etc.

    Source (.zip)
    Compiled Bits (.zip)
    WIN32 Installer (.exe)

  • CUSTOS v0.1b—DAPI WRAPPER

    This is a beta version of Custos that is a working example of using the DAPI API's to store secrets. The included Visual Studio 2003 project is both a COM object and Assembly, usable by both ASP and ASP.NET projects. Additionally a manager application is provided to help create the required Registry entries.

    Source and installer (.zip)

  • TABBY TUNNEL—SSL TUNNEL FOR WINDOWS

    An SSL tunnel that can make use of certificates in the Windows Certificate Store. This is usefull for creating tunnels to client certificate authenticated services. TabbyTunnel makes use of IOActive.SSL library.

    Source (.zip)
    Binary (WIN32) (.zip)

  • IOACTIVE.SSL—MICROSOFT .NET SSL LIBRARY

    Library to allow for easier use of SSL in .NET tools. Used by TabbyTunnel.

    Source (.zip)
    Binary (.zip)
 
 greybar

More Information
Need more information?
 Contact IOActive today.


IOActive Profile:
 Established: 1998
Headquarters: Seattle, WA and London, UK
Privately held and self-funded
 
IOActive Services:
 Application Security, SCADA and Smart Grid, PCI and Compliance, Security Development Lifecycle, Infrastructure Audit, Incident Response and Training.
 
Customers:
 Global 500 companies including power and utility, game, hardware, retail, financial, media, travel, aerospace, healthcare, high-tech, social networking, and software development organizations.
 

Visit our Facebook page Visit our Twitter page Visit our LinkedIn page Visit us on Flickr