Wednesday 7 December 2011

And finally... Bokken 1.5

Once the development has finished, radare2 0.9 has been released and the project site has been updated, the moment has arrived: Bokken 1.5 is here!

Take a look at the previous post to read some of the new features of this release and keep reading to see most of them in detail; for the rest... install Bokken and enjoy them!

As mentioned before, one of the most important features added is the support of radare2 as backend. So now Bokken can work with either Pyew or Radare, each one having its own advantages and drawbacks.

Most of the development efforts for this release have gone to improve the GUI in order to make it cleaner and easier to use.


The disassembly view has gained in interactivity, and now it features, among others:
  • Code navigation by clicking over: functions, basic blocks, address, section names, etc...
  • Add comments, view and follow xrefs or view opcode information by right-clicking on a code line.

The graph tab has been improved mainly if radare backend is used; if so, the graph will show flowgraph or callgraph and popup a xrefs menu if a node is right-clicked.


Even the hexdump has received some love and now has syntax highlighting and selected bytes will be disassembled.


If the radare backend is used, a new tab will be added with extended target information like entry points, symbols, imports, sections and strings.


Do you want to use Bokken to find the exploit of the latest patched vulnerability from your favorite vendor? Congrats! Bokken 1.5 features for the first time a binary diffing plugin that can be used with radare.


Other plugins added are:
  • Assembler/Disassembler: create and export assembly code snippets in many architectures.
  • Visual representation of binary sections.
  • Advanced calculator with many input and output formats.
  • File magic identification.
Finally, if you have problems with x86 assembly, stack inners or other issues, take a look at the RCE cheat sheet included.


There are many other new hidden features awaiting to be discovered on this release, too much to be mentioned here; take a look at the project documentation to discover and learn about them. Now it's time for you to download and install :-)

Windows installer and debian packages will be available soon but, meanwhile, manual installation is easy and straightforward.

We hope you enjoy this release as much as we did working on it and, as always, send us your feedback, bugs, and requests to our mailing list:

bokken-devel at inguma.eu

Special thanks for this release go to:

  • @trufae and @earada for radare2, their help and testing
  • @zxlain for the OSX testing and encouragement
  • @huahe for the incredible logo

Thanks and stay tuned (in @ingumito)!

Wednesday 26 October 2011

A new release is coming

Once again it's been a long time since our last update. The team has switched gears and now we are in a sprint to finish a new release of Bokken. As you probably know, Bokken is the RCE utility that we use in Inguma, and we have been very busy adding tons of features and polishing the interface.

If Bokken 1.0 had 39 commits, for the new release we are near 200, so expect lots of changes, bug fixes and improvements. Let's view some of the major ones.

The first thing you will notice is that the GUI has changed dramatically, not just to be adapted to the new features but we also have made many changes in order to make it clearer, more intuitive and easier to use. But a picture is worth a thousand words:


"Coming soon", "WIP" or "for the next release" are expressions that the Inguma team doesn't like, so another major feature of Bokken 1.5 has been to remove the "soon" regarding the radare backend! And yes, we made it.

Now Bokken can be used with all the power of radare and the ease of use of our GUI. Take a look at the radare website to learn about the features of this powerful backend.



Also almost all the views/tabs of Bokken have received some amount of love and have new features or improvements like:
  • The long-awaited code navigation.
  • Improved flowgraph view.
  • More interactive hexdump.
  • Many new features for working with URLs
  • New plugins like: (yes!) bindiffing, calculator, assembler, and more...
And that's all for now. Complete and detailed information of all the new features will be shown in the upcoming release post.

Don't forget to follow us on the project's twitter and send your ideas and comments to our mailing list:

bokken-devel (at) inguma.eu

Stay tuned.

Wednesday 14 September 2011

Inguma 0.4 is out!

Trying to follow a three months release cycle, today we are proud to announce the next version of the Inguma Project, in short Inguma v0.4. As always, let's see the new features we added this time:
  • The GUI has been modified and cleaned in order to give more space to the most active areas like the network map, the RCE interface or the exploits/fuzzing areas.
    • Last opened/saved KB are now easily accesible on the toolbar.
    • A warning icon appears in the "Logs" tab when new content is available.
    • The bottom status bar has gained more functionality showing information regarding KB in use and targets or vulnerabilities discovered.
  • We have updated Bokken subproject to the last stable version available, v1.0. It features an interactive mode, better code disassembly and analysis and better integration with Inguma's GUI. More information about Bokken can be found here.
  • The systray functionality allows now to hide the Inguma GUI while it's working and it will warn you once the running modules have finished.
  • A new fuzzing tab has been added to the Exploits workspace with two different fuzzers: Krash and Scapy.

    • Krash fuzzer has been part of Inguma project for a while but now it can be used directly from the GUI. Just select the target, the packet to be fuzzed and press start. Read more about Krash fuzzer here.
    • The Scapy fuzzer is a GUI wrapper to the scapy's fuzz function that makes network fuzzing very easy. It's fully drag-and-drop-driven and, in order to start, you just have to compose a packet by dropping layers, select the layers/fields to be fuzzed and select an output directory to save the sent and received packets.
  • The CLI interface has received some attention again and a few new shortcuts like '?' for help or '..' to go back to the main menu are now available in nearly all the modules.
    • Inguma CLI now works better on MacOS with autocompletion and key bindings.
    • All the fuzzing modules are now under the fuzzers category and have been fixed.
Inguma v0.4 Copyright (c) 2006-2008 Joxean Koret Copyright (c) 2009-2011 Hugo Teso
Type 'help' for a short usage guide. inguma> nmapscan inguma/nmapscan> ?
Inguma's Nmap Interface Help ------------------------------
help Show this help nmaphelp Show Nmap's help nmap Execute Nmap with options specified exit Exit from nmapscan interface
inguma/nmapscan> .. inguma> .. Exit.
  • Some additional minor changes include:
    • A new module to find subdomains is now available.
    • The option to automatically audit a new target has been added to the "New target" dialog.

    • Lots of code refactoring and bugs fixed.
Get the new release here while is hot, and stay tuned about the latest Inguma and Bokken developments at the project mailing lists or the Twitter profile.

Tuesday 16 August 2011

Rooted CON Inguma video available.

The Rooted CON media team have released the videos from the RootedForge event that happened in Madrid on March, 3rd 2011.  There Hugo Teso talked about the past, present and a bit of the future of the Inguma project.  It's only in Spanish, sorry!

Tuesday 5 July 2011

Bokken 1.0 has landed

Today we are releasing a new tool of the Inguma project: Bokken.

In Inguma 0.3, an early version of Bokken was included as the RCE tool of the project.

Now we are giving it as a standalone tool.

Bokken is a GUI for the Pyew tool, a *iew like tool for malware analysis, so with Bokken you can do almost the same as with Pyew but with a nice GUI :-). Actually Bokken can parse and help in the analysis of PE/Elf, PDF and websites; any other file can be also opened and studied but Bokken won't analyze it.

To get a full description of the project features, installation instructions or just get the code go to the project site.

Enjoy the new tool and don't forget to send us the bugs you find, feature requests or any other feedback that you consider can help improve the project.

Monday 13 June 2011

Welcome to Inguma version 0.3

The Inguma team is very proud to release version 0.3 of their pentesting and vulnerability research framework. The new release increases stability (mainly the GUI) thanks to lots of bugs fixed, offers a smoother experience and, of course, includes some awesome features:
  • Together with the new release we would like to introduce our project's new pet, Ingumito. He will keep all our users informed of the project news through his twitter account: @ingumito
  • A new module has been added to map the IP addresses using the GeoIP library from MaxMind:
  • By Ctrl + right clicking over a target a new menu entry will allow to remove the target and all its nodes from the map and the KB:
  • Additional information regarding a vulnerability can be obtained by right clicking over a vulnerability node:
  • The Add Target dialog must be improved to allow multiple IP addresses and other inputs but, meanwhile, the import dialog now supports a comma-separated CSV file to be used as multiple IP input.
  • The exploits download and load process has been simplified; download the exploits at the Preferences dialog and use the Search button to load the exploits. Once loaded, this button will search through the exploits DB.
  • The most important change of this new release is the complete rewrite of the RCE interface and core. OpenDis has been removed, and so the objdump dependency, and a new interface has been added that uses Pyew as backend:

This new interface offers most of the Pyew features in a easy-to-use GUI.  Analyzing almost any kind of file or web site is now easier with this new release!  This GUI for RCE is a new subproject of Inguma called Bokken and will be released soon in our website as an independent tool.  Stay tuned!

The RCE interface will analyze PE, ELF, PDF and web sites, and will open any other file in the hex editor. An image is worth a thousand words, so here you have two thousand of them:



Some minor features added are:
  • An icon has been added to graph nodes to show the OS of the target when available.
  • New autosave feature that will save the KB after every module execution to prevent data loss in case of GUI crash. This autosaved KB will be loaded at startup if the user wants.
  • Single host report option added to the node menu.
  • Improved performance of ping and scan modules.
  • More modules have been ported to the GUI, like "identify"; wich has also been added to the list of modules launched on adding a target.
  • We are now closer to full Windows compatibility as this screenshot demonstrate :-)

We hope you enjoy using this new release as much as we enjoyed making it!  Stay tuned of the project news with the Twitter account or the mailing lists. For more information, documentation, reporting bugs and, of course, download the release, visit the project's web site.

This release is dedicated to the hundreds of thousands of Spaniards that gathered on May 15th first in Madrid, then everywhere, to protest against political parties in the now-called #15M movement.

Monday 9 May 2011

Inguma server reachable over IPv6.

I just added AAAA records to the zones for inguma.eu and inguma-framework.org! I don't think I broke anything, but just for you to know.

Wednesday 27 April 2011

Mailing lists and more in place.

Since the last post we have been busy, not only fixing bugs in Inguma but also adding some pieces of infrastructure to the project to improve the available facilities to develop Inguma.
  • Two mailing lists are ready for use: inguma-announce and inguma-devel. Anyone familiar with OSS will infer their purpose.
  • Redmine has been upgraded to 1.1.2.
  • We are trying to import all the issues from the Google Code project into Redmine to avoid losing user reports. If you have any bug, report or suggestion, please create a Redmine account to add a new issue or contact our development list!
  • In the very near future we intend to publish updates also by Twitter to make people aware of our advancements. Keep tuned!

Also do not forget that we are available in #inguma on Freenode IRC network.

Monday 21 February 2011

Inguma keeps moving...

First of all we would like to thank you the great welcome you have given to the new release; we will do our best to keep improving the project.

Since the 0.2 release many improvements have been done to Inguma and we will try to show you some of them on this post.
  • Today we release a new project site and leave Google Code. The dev team has discussed a lot and finally decided to use our previous development site as the main one. You can find it at:

or, for the lazy ones (including ourselves), the shorter:

  • Lots of bugs have been fixed since 0.2 release and now Inguma should be fairly more stable, mainly the GUI.
  • As the GUI released at 0.2 had (and still has) many bugs and crashes quite frequently, we added a new Autosave feature. It will save automatically the KB after every module run and try to recover it at every application start. Unless you manually save the KB or reject to load at start it will be available to recover your work.
  • We have added autofill on targetDialog so you don't have to manually fill the module target, it will be filled automatically with the IP address of the node.
  • Added tooltips to confusing parameters of the gather dialog with a little description of the available options.
  • Added picture support on graphs. Actually it shows OS icon when possible or a generic icon when OS is uknown.
  • Right click on web vuln (OSVDB) at Vulns per port graph opens vulnerability info on browser.
  • Added more dependency checks (graphviz, Impacket, PySNMP) to help identify and manage start up problems.
Checking:
GTK UI dependencies... OK
WARNING: No route found for IPv6 destination :: (no default route?)
Scapy... OK
Network connectivity... OK
GtkSourceView2... OK
VTE Terminal... OK
Impacket library... OK
PySNMP library... OK
Graphviz binaries... OK
  • Improved performance of TCP, UCP and ICMP ping modules and "portscan" module (SYN and ACK). So now add target dialog has improved a lot the speed by using "portscan" instead of "tcpscan" and is more complete by using "identify" on opened ports.
  • Half of the users told us that they wanted module output on new dialogs and the other half prefered to have it on the "Logs" tab at the bottom. So finally we changed module output behavior using SHOW_MODULE_WIN at config.py. If set to true it will popup module ouput on a new dialog but if set to False it will drop it to the Logs Tab.

For more information do not hesitate to contact the team using any of the options listed on this wiki page.

Sunday 16 January 2011

We are back!

It's been a long time since our last post and most of the people thought that Inguma was dead, but we are back and we have some news for you. Let's see what has changed since our last post.

Today we launch a new site for the project hosted on Google Code. Almost all the documentation has been moved from the old site and many more has been added. There are still lots to be added but there is enough to get started using the software.

Of course many bugs have been fixed, some new modules added and even a few have been removed but the most exciting feature we have added to this release is a fancy new GUI.


The old Qt GUI has been removed and the new one is PyGtk based, of course the good command line one is still there. This new GUI can't be considered yet stable and not all the modules are actually working properly on it but it's stable enough to be released and to perform most of the basic functionalities.

If the command line one is like a toolbox with high scripting capabilities, the GUI is an attempt to integrate all those tools into a common workflow and add many data visualization aids. The main command line interface should work on the same platforms that before (Linux, Windows and MacOS) but the GUI isn't ready neither tested on other platform that Linux.

Instead of writing here all the new features or a deep description of the new GUI you can go directly to the Console or GUI quick start guides and read about them. The code can be downloaded packed in a tar.gz or from the mercurial repository if you prefer to have your code up to date with all the new features that we will keep adding.

That's all for the moment; thanks to all the people that has supported me during this time and I hope you enjoy using and, hopefully, improving this new release.

Contributors