lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 27 Nov 2003 19:38:47 -0300
From: CORE Security Technologies <>
Subject: [ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg

Core Security Technologies acknowledges the increasing interest on its 
products and technologies and therefore wants to share part of them with 
the developers out there in the spirit of creating an open user 
community around its key components and give back to the community the 
results of our ongoing development.
These are indeed primary components of our software, CORE IMPACT, and 
not the regular free giveaways you'd get somewhere else. As such they 
are being actively maintained by our team.

Python developers, network administrators, penetration testers, 
vulnerability researchers and information security practitioners in 
general may find this packages useful.

All the tools described in this announce are available at

Today we are announcing the public release of the following components:


And there is still more coming... enjoy!

OSS at

A brief description of the components and bundled tools is provided below

-OSS projects released November 27th, 2003-


Pcapy is a Python extension module that enables software written in 
Python to access the routines from the pcap packet capture library.

 From libpcap's documentation: Libpcap is a system–independent interface 
for user–level packet capture. Libpcap provides a portable framework for 
low–level network monitoring. Applications include network statistics 
collection, security monitoring, network debugging, etc.

Pcapy is most useful when used together with a packet handling package 
such as Impacket, a collection of Python classes for constructing and 
dissecting network packets.

What makes pcapy different from the others?

     * works with Python threads.
     * works both in UNIX with libpcap and Windows with WinPcap.
     * provides a simpler Object Oriented API.


Impacket is a collection of Python classes for working with network 
protocols. Impacket is mostly focused on providing low–level 
programmatic access to the packets, however some protocols (for instance 
NMB and SMB) are implemented in a higher level as a foundation for other 

Packets can be constructed from scratch, as well as parsed from raw 
data, and the object oriented API makes it simple to work with deep 
hierarchies of protocols.

Impacket is most useful when used together with a packet capture utility 
or package such as Pcapy, an object oriented Python extension for 
capturing network packets.

What protocols are featured?

     * Ethernet, Linux "Cooked" capture.
     * NMB and SMB (high–level implementations).
     * DCE/RPC versions 4 and 5, over different transports: UDP (version 
4 exclusively), TCP, SMB/TCP, SMB/NetBIOS and HTTP.
     * Portions of the following DCE/RPC interfaces: Conv, DCOM, EPM, 
SAMR, SvcCtl, WinReg.

What tools are included?

We bundle some tools with Impacket which are mostly intended for 
documentation purposes, but that are worth mentioning as they might be 
useful even for non–programmers and those who don't plan to develop with 
this library.

  An application that communicates with the Endpoint Mapper interface 
from the DCE/RPC suite and displays it in a more or less human readable 
form. This can be used to list services which are remotely available 
through DCE/RPC, such as the Windows Messenger.

  An application that communicates with the Security Account Manager 
Remote interface from the DCE/RPC suite and lists system user accounts, 
available resource shares and other sensitive information exported 
through this service.

  A grapher written using Tkinter that displays a parallel coordinates 
graph of captured traffic. It's very easy to find network usage patterns 
with this type of graphs, and therefore to detect unexpected variations. 
At the moment Tracer only supports TCP and UDP traffic, but can be 
easily extended to handle other protocols.

  A small tool that can split any pcap supported capture file into 
several smaller fires, separated by connection. This was developed to 
address the need to feed several hundred–megabyte captures to Ethereal 
in a way that didn't take too long to load. At the moment Split only 
supports TCP streams, but can be easily extended to handle other 
stream–oriented protocols.


InlineEgg is a Python module that provides the user with a toolbox of 
convenient classes for writing small assembly programs. Only that 
instead of having to remember confusing assembly mnemonics and requiring 
the developer to remember how to use complex tools like assemblers and 
linkers, everything is done the easy way: in Python. InlineEgg is 
oriented —but not limited— to developing shellcode (sometimes called 
eggs) for use in exploits.

InlineEgg started separately as a pretty simple idea to fulfill a pretty 
simple need, but today it's part of CORE IMPACT's egg creation 
framework. We are releasing it under an open source license for 
non-commercial use in the hope that you'll find it helpful for your own 


Powered by blists - more mailing lists