Tools
The following are recent tools published by MWR InfoSecurity.
Full TextVMware VI toolkit
Aug 15, 2008
This toolkit allows you to use the VMware VI API from within ruby to communicate with an ESX host.
The VI API is the same API that the virtual infrastructure client provided by VMware uses in order to talk to a host. This toolkit includes modules which allow you to perform actions against and retrieve information from an ESX server.
This makes things easily scriptable and also provides access to areas which are not available through the VI client, such as patch levels.
VMware VIX toolkit
Aug 15, 2008
This toolkit allows you to use the VMware VIX API within ruby scripts. This is essentially a shared object which provides methods that ruby scripts can call in order to interact with virtual machines or VMware servers. Some of the actions which can be performed with this include:
- transferring files to the virtual machine
- copying files from the virtual machine
- executing commands and scripts on the virtual machine
This functionality is beyond what can be performed from the console of a server.
SSID Script Injection
Jul 29, 2008
To assist the testing of SSID script injection a Python based tool for Atheros chipsets was developed, which acts as a wrapper of iwconfig and wlanconfig creating two different wireless interface instances in Access Point mode with the desired SSIDs. This is a proof of concept script to assist the testing of potential SSID script injection conditions.
DHCP Script Injection
Jul 29, 2008
To assist the testing of DHCP script injection a Python based tool was developed, which uses the Scapy packet generation library and allows users to send specially crafted DHCPREQUEST packets to the target DHCP server. This is a proof of concept script to assist the testing of potential DHCP script injection conditions.
Windows Access Tokens: Incognito Tool
Aug 13, 2007
Incognito tool available at: http://sourceforge.net/projects/incognito/.