Portcullis Labs - Ian

Sun Patch Check | Content

Wed, 02 Apr 2008 10:49:02 GMT

Sun Patch Check is a tool that does exactly what it says on the tin. Sun Patch Check compares the output from the Sun Solaris showrev command to that from the Sun recommended patch list.

Requirements

Sun Patch Check only requires the GNU C compiler.

Download

The latest version of Sun Patch Check can be downloaded from here.

Compiling

Sun Patch Check can be compiled from source using the following command:

gcc -o sunpatchcheck sunpatchcheck.c

Running

Before you can use Sun Patch Check to check the patches of any Sun Solaris system you will need to update the patch list from the Sun web site. This can be done with the following command:

sunpatchcheck --update

You may want to update the patch list on a regular basis otherwise there may be more recent patches missing from the database.

You will need to collect a patch list from a Sun Solaris system you want to check. This can be done with the following Solaris command:

showrev -p >patchlist.txt

Sun Patch Check needs to know what version of Solaris you are comparing the patches from, this is specified on the command line when running Sun Patch Check. To check the patches from a Solaris 10 Sparc system using the file extracted in the previous example:

sunpatchcheck --check=patchlist.txt --solaris=10

Online help for all options is available using:

sunpatchcheck --help

License

Sun Patch Check is covered by the GPL v3 license, but you will also need to agree to the Sun Solve license.

Banner Grab | Content

Wed, 02 Apr 2008 12:36:30 GMT

BannerGrab is a tool that performs connection, trigger-based and basic information collection from network services. The program has two modes of operation; simple connection banner grabbing and the default mode which makes use of service triggers to enumerate additional information.

BannerGrab can connect to TCP services, UDP services and can connect to SSL services. SSL service banner grabbing will also return the SSL connection details.

Requirements

BannerGrab requires the GNU C compiler and has been tested on Linux, but should work on other UNIX type systems. It has even been known to run from an iPhone.

BannerGrab has an optional requirement of the OpenSSL library to perform SSL-based grabs. However, SSL support can be disabled.

Download

BannerGrab can be downloaded from the Source Forge project site at sourceforge.net/projects/bannergrab.

Compiling

BannerGrab includes a Makefile, so it can be built in the usual way:

make
make install (as root)

However, it can be manually compiled as follows:

gcc -lssl -o bannergrab bannergrab.c

On Mac OS-X systems it can be compiled as follows:

gcc -lssl -lcrypto -o bannergrab bannergrab.c

It can be compiled without OpenSSL support as follows:

gcc -DNOSSL -o bannergrab bannergrab.c

Running

BannerGrab can be run in its simplest form by specifying a host and port as the parameters. For example:

bannergrab 127.0.0.1 80

More advanced options can be shown using the online help with the following command:

bannergrab --help

License

BannerGrab is covered by the GPL v3 license with the following exception:

In addition, as a special exception, the copyright holders give
permission to link the code of portions of this program with the
OpenSSL library under certain conditions as described in each
individual source file, and distribute linked combinations
including the two.
You must obey the GNU General Public License in all respects
for all of the code used other than OpenSSL. If you modify
file(s) with this exception, you may extend this exception to your
version of the file(s), but you are not obligated to do so. If you
do not wish to do so, delete this exception statement from your
version. If you delete this exception statement from all source
files in the program, then also delete it here.

viewstate | Content

Wed, 02 Apr 2008 10:50:25 GMT

Viewstate is an ASP.Net viewstate decoder, checker, parser and encoder. It supports both old and new types of viewstate and the data can be extracted directly from the web.

Requirements

Viewstate is platform independent and can be downloaded in source code or Windows binary formats. If you are building viewstate from source you will need the GNU C compiler (under Windows you can use MinGW).

Downloads

Viewstate can be downloaded from the Source Forge project page sourceforge.net/projects/viewstate.

Compiling

A Makefile is provided to provide the usual compilation process of:

make
make install (as root)

However, you can compile it manually with the following:

gcc -o viewstate viewstate.c

Running

If viewstate is run with no options, the online help is displayed. But a simple decode of the viewstate data held by the Acme company web site would be:

viewstate --decode --url=http://www.acme.fake/main.asp

License

Viewstate is covered by the GPL v3 license.