Tool that retrieves (from Google) the geographical location of a mobile network base station from its identification numbers (MCC|MNC|LAC|CI).

TLSSLed is a Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the "openssl s_client" command line tool. The current tests include checking if the target supports the SSLv2 protocol, the NULL cipher, weak ciphers based on their key length (40 or 56 bits), the availability of strong ciphers (like AES), if the digital certificate is MD5 signed, and the current SSL/TLS renegotiation capabilities. More information in our blog.

New in version 1.2 (blog): Mac OS X support, an initial check to verify if the target service speaks SSL/TLS, a few optimizations, and new tests for TLS v1.1 & v1.2 (CVE-2011-3389 aka BEAST).

New in version 1.1 (blog): Certificate public key length, the certificate subject and issuer (CA), as well as the validity period. It also checks the existence of HTTP secure headers, such as Strict-Transport-Security and cookies with and without the "secure" flag set.

Windows distributable version of wireshark (development trunk, revision 36965), that includes the latest patch for our export-object-SMB functionality. The patch solves some bugs present in 1.5.1 version of Wireshark. Please be aware that this is a whireshark development version and, by definition, it is subject to errors. Once installed, we strongly recommend to only run it as a non-privileged user. Please refer to this article in our blog for more information.

md5: 9f8ac5475d673907416f46251e00ef00
sha1:58ab8f9930d32f34a5b837fcbd648c206339d78e

This freely available plugin for Wireshark provides the ability to save SMB files contained in a Wireshark trace, thus demonstrating that SMB traffic is a high-risk and high-impact vulnerability for the enterprise information security. This article in our blog and this white paper in our Lab contain all the details regarding the tool.

NOTE: from Wireshark development version 33229 on, Wireshark source code includes this functionality, so this patch should not be applied to the source code anymore before compiling.

RaDa is a small trojan binary we wrote a while ago in order to illustrate how easy it is to remotely control a system, even traversing through multiple proxies and firewalls, once the system has been infected. Besides that, RaDa was the core of the Scan of the Month #32 contest we organized for the Honeynet Project, where participants had to perform an in-depth forensic analysis of it and publish both the results and the techniques and methods used during the analysis, in community benefit.

The report containing the official answers and solution to the contest can be downloaded here. The original page for the contest, including all the participant's submissions, can be found here.

The nc2 program is a customized version of the well known netcat (nc) utility, slightly modified to get rid of two little annoyances available on the initial implementation. The nc2 Linux version, unlike its predecessor, adds the "-L" option, an option only available in the original Windows version. The nc2 Windows version, unlike its predecessor, stops its execution as soon as it finishes a file transfer, without forcing the user to press CTRL+C, a behaviour only available in the original Linux version.

For more information regarding nc2 refer to the post we published in our previous blog, RaDaJo, a while ago. Nevertheless, since we released the nc2 program, newer implementations of netcat have seen the light, not only solving these problems but also adding new functionality. We specially recommend the ncat tool, included in current Nmap versions.