Complemento
Collection of tools.
|
:[ Menu ]: |
|
: [ Current Version 0.7 - 2009 ] : |
Acri Emanuele <crossbower@gmail.com>
Complemento is a collection of tools that I originally grokked up for my personal toolchain for solving some problems or just for fun. Now I have decided to release it to the public.
- LetDown is a tcp flooder that I have programmed
after reading Fyodor article "TCP Resource Exhaustion and Botched
Disclosure" (you can read it at http://insecure.org/stf/tcp-dos-attack-explained.html).
It has an (experimental) userland TCP/IP stack, and supports multistage payloads for complex protocols, fragmentation of packets and variable tcp window.
NOTE: LetDown is based on Fyodor NDos, it's not about vulnerabilities disclosed by Outpost24 team.
- ReverseRaider is a domain scanner that uses brute
force wordlist scanning for finding a target subdomains or
reverse resolution for a range of ip (thanks to Jeremy Brown and his
tool DomainScanner for the idea. His blog is: http://jbrownsec.blogspot.com/).
It supports permutation on wordlist, IPv6 and some DNS options.
- Httsquash
is an http server scanner, banner grabber and data retriever (there's a GUI interface for it). It can be used for scanning large
ranges of ip for finding devices or http servers.
It supports IPv6, various http requests and experimental fingerprint, based on httprecon signatures (http://www.computec.ch/projekte/httprecon/).
Note: From version 0.7 Complemento requires some new libraries. According to your situation may be more convenient downloading the source tarball and compiling the single required tools, instead of using a precompiled package.
Required libraries:
LetDown:
libnet (http://www.packetfactory.net/libnet/).
libpcap (http://www.tcpdump.org/).
python-dev (http://www.python.org/).
ReverseRaider:
c-ares (http://c-ares.haxx.se/).
HttSquash:
posix threads (pthread).
libcurl (http://curl.haxx.se/libcurl/).
Note2: anyone who wants to participate in the project feel free to contact me. Especially for the review of documentation, which requires a better English than mine...
LetDown
Usage:
LetDown 3wh+payload flooder v0.7 - Acri Emanuele (crossbower@gmail.com)
Usage:
letdown -d destination ip -p port [options]
Options:
-d destination ip address or dns name, target
-p destination port
-s source ip address
-x first source port (default 1025)
-y last source port (default 65534)
-l enables infinite loop mode
-i network interface
-t sleep time in microseconds (default 10000)
-a max time in second for waiting responses (default 40)
Extra options:
-v verbosity level (0=quiet, 1=normal, 2=verbose)
-f automagically set firewall rules for blocking
rst packet generated by the kernel
examples: -f iptables, -f blackhole (for freebsd)
-L special interaction levels with the target
s syn flooding, no 3-way-handshake
a send acknowledgment packets (polite mode)
f send finalize packets (include polite mode)
r send reset packets (check firewall rules...)
-W window size for ack packets (ex: 0-window attack)
-O enable ack fragmentation and set fragment offset delta
-C fragment counter if fragmentation is enabled (default 1)
-P payload file (see payloads directory...)
-M multistage payload file (see payloads directory...)
ReverseRaider
Usage:
ReverseRaider domain scanner v0.7 - Acri Emanuele (crossbower@gmail.com)
Usage:
reverseraider -d domain | -r range [options]
Options:
-r range of ipv4 or ipv6 addresses, for reverse scanning
examples: 208.67.1.1-254 or 2001:0DB8::1428:57ab-6344
-d domain, for wordlist scanning (example google.com)
-w wordlist file (see wordlists directory...)
Extra options:
-t requests timeout in seconds
-P enable numeric permutation on wordlist (default off)
-D nameserver to use (default: resolv.conf)
-T use TCP queries instead of UDP queries
-R don't set the recursion bit on queries
Usage:
reverseraider -d domain | -r range [options]
Options:
-r range of ipv4 or ipv6 addresses, for reverse scanning
examples: 208.67.1.1-254 or 2001:0DB8::1428:57ab-6344
-d domain, for wordlist scanning (example google.com)
-w wordlist file (see wordlists directory...)
Extra options:
-t requests timeout in seconds
-P enable numeric permutation on wordlist (default off)
-D nameserver to use (default: resolv.conf)
-T use TCP queries instead of UDP queries
-R don't set the recursion bit on queries
HttSquash
Usage:
HTTSquash scanner v0.7 - Acri Emanuele (crossbower@gmail.com)
Usage:
httsquash -r range [options]
Options:
-r range of ip addresses or target dns name
examples: 208.67.1.1-254, 2001::1428:57ab-6344, google.com
-p port (default 80)
Extra options:
-t time in seconds (default 3)
-m max scan threads (default 10)
-v full answer (include html data)
-j cookie jar separator ("%%")
-T request type (default get)
types: get, head, delete
-F enable fingerprinting (request type required)
Usage:
httsquash -r range [options]
Options:
-r range of ip addresses or target dns name
examples: 208.67.1.1-254, 2001::1428:57ab-6344, google.com
-p port (default 80)
Extra options:
-t time in seconds (default 3)
-m max scan threads (default 10)
-v full answer (include html data)
-j cookie jar separator ("%%")
-T request type (default get)
types: get, head, delete
-F enable fingerprinting (request type required)
