The Ruby Exploitation(rex) Core Gem contains the odds and ends of code that so
many other pieces of Rex rely upon, but that are too small to be put into their
own seperate gems. This include some of the ruby cross-platform compatibility
and file utility code.
This library provides the basis for all of the polymorphic encoders that
Metasploit uses for payload encoding. Encoders are used to try and create a
version of a payload that is free of bad characters as defined by the exploit.
pgpgpg is a wrapper around Gnu Privacy Guard which takes PGP 2.6
command line options, translates them, and calls GnuPG (Gnu Privacy
Guard) to perform the desired action.
WebScarab is a framework for analysing applications that communicate
using the HTTP and HTTPS protocols. In its most common usage,
WebScarab operates as an intercepting proxy, allowing the user to
review and modify requests created by the browser before they are
sent to the server, and to review and modify responses returned
from the server before they are received by the browser.
Webshag is a multi-threaded, multi-platform web server audit tool. Written in
Python, it gathers commonly useful functionalities for web server auditing like
website crawling, URL scanning or file fuzzing.
Wipe is a file and block device wiping utility.
Analyzes snort alert output and blocks ip addresses using pf for a specified
period of time. A whitelist is specified in CIDR format to exclude local and
trusted ip address from being blocked.
A SSLv3/TLS and SSLv2 proxy server that sniffs SSL/TLS packets and prints
out the contents of packets in stdout. It can also serve as a (not very
efficient) proxy server. Note that this tool does not decrypt or even
attempt to decrypt the traffic that is routed through it.
XORSearch is a program to search for a given string in an XOR or
ROL encoded binary file. An XOR encoded binary file is a file where
some (or all) bytes have been XORed with a constant value (the key).
A ROL (or ROR) encoded file has it bytes rotated by a certain number
of bits (the key). XOR and ROL/ROR encoding is used by malware
programmers to obfuscate strings like URLs.
XORSearch will try all XOR keys (0 to 255) and ROL keys (1 to 7)
when searching. I programmed XORSearch to include key 0, because
this allows to search in an unencoded binary file (X XOR 0 equals
X).
If the search string is found, XORSearch will print it until the 0
(byte zero) is encountered or until 50 characters have been printed,
which ever comes first. 50 is the default value, it can be changed
with option -l. Unprintable characters are replaced by a dot.