Open source tools I have developed. Comments, questions, and suggestions; send me an email. 
Subscribe to posts

incognito.py

posted Oct 19, 2012, 1:19 AM by Ramece Cave   [ updated Oct 19, 2012, 1:36 AM ]

Description
Incognito is a tool for downloading URLs via the TOR network. There are two modes of operation: CLI and class for customization in scripts.

Requirements
Python
TOR

Syntax
Incognito CLI

mece@funkenstein:~/development$ ./incognito.py 
Usage: incognito.py <option>
Options:
--url
--file
mece@funkenstein:~/development$

Using Incognito as a Class

>>> import incognito
>>> nito = incognito.Incognito()
>>> urlContent = nito.GetContent(url)

Download --> incognito.py

vtquery.py

posted Oct 18, 2012, 4:36 AM by Ramece Cave   [ updated Oct 18, 2012, 5:28 AM ]

Description
VTquery is a command line tool for search VirtusTotal. It has two input options for searching based on a SHA256 hash or the file itself.

Syntax
mece@strongbad:~/development$ ./vtquery.py
Usage: vtquery.py <option>
Options:
--hash <SHA256 HASH>
--file <BINARY>
mece@strongbad:~/development$ 

Requirements
Python

Sample Output
mece@strongbad:~/development$ ./vtquery.py --file video.exe
SHA256 SUM: 849ac0f4da20564c039e2311645cdd30aa859d3a5d142f7156ee696ae7e23983
File Name: N/A
Detect Ratio: 8 / 43
Analysis Date: 2010-09-20 18:27:53 UTC

CAT-QuickHeal: (Suspicious) - DNAScan
McAfee: FakeAlert-SpyPro.gen.ak
NOD32: Win32/Adware.SpywareProtect2009
F-Secure: Suspicious:W32/Malware!Gemini
TrendMicro: PAK_Generic.012
McAfee-GW-Edition: Heuristic.LooksLike.Trojan.Crypt.ZPACK.B
Prevx: High Risk Cloaked Malware
AhnLab-V3: Trojan/Win32.Zbot
mece@strongbad:~/development$

Download --> vtquery.py

peslice.py

posted Feb 4, 2012, 3:28 PM by Ramece Cave   [ updated Feb 9, 2012, 5:17 AM ]

Description
PEslice is a Windows PE32 Portable Executable (PE)  parser/analyzer/extractor. It can either be run from command line or imported as a class into another program. The goal of PEslice is to provide a quick method for extracting information from Windows executable files on the Linux platform.

Syntax
Usage: peslice.py <exe/dll> <option>

>>> import peslice
>>> pslice = peslice.peslice("putty.exe")
>>> pe = pslice.pe

help(peslice) lists all the available classes/functions and the required parameters.

Requirements
Python
PEfile

Sample Output
PE32 Headers:
        dos = DOS HEADER
        file = FILE HEADER
        nt = NT HEADERS
        optional = OPTIONAL HEADER

Options:
        --check = Check if binary is a DLL or EXE
        --data = List allocated and unallocated data directories
        --export = List Export Address Table (EAT)
        --field=HEADER = List all fields in header
        --get=HEADER <field> = Retrieve field value from header
        --import = List Import Address Table (IAT)
        --sections = List all sections
 
mece@strongbad:~/development$ ./peslice.py putty.exe --get=optional addressofentrypoint
AddressOfEntryPoint=0x49cdf
mece@strongbad:~/development$

Download --> peslice.py

geolocate.py

posted Jan 30, 2012, 2:09 PM by Ramece Cave   [ updated Feb 4, 2012, 3:29 PM ]

Description
Geolocate is a part of a project called Felix that I started working on a few years ago. It queries api.hostip.info for geographical information based on the provided IP address. 
 
Requirements
Python

Syntax
Usage: geolocate <option> ipaddress|file
Options:
--file = Read IP Addresses in a file

Sample Output
mece@strongbad:~/development/felix$ ./geolocate.py 202.69.89.2
202.69.89.2 HONG KONG HK
mece@strongbad:~/development/felix$

Download --> geolocate.py

ocquery.py

posted Jan 30, 2012, 12:25 PM by Ramece Cave   [ updated Jan 30, 2012, 2:12 PM ]

Description
Ocquery is a command line tool for querying Offensive Computing.

Requirements
Python
BeautifulSoup

Syntax
Usage: ocquery <md5sum>

Sample Output
MD5SUM: 0eecd17c6c215b358b7b872b74bfd800
Original Submitted Filename: 0eecd17c6c215b358b7b872b74bfd800 
Date Added: 2011-11-08 12:41:10.901192

Download --> ocquery.py

1-5 of 5