A new release is coming

Once again it's been a long time since our last update. The team has switched gears and now we are in a sprint to finish a new release of Bokken. As you probably know, Bokken is the RCE utility that we use in Inguma, and we have been very busy adding tons of features and polishing the interface.

If Bokken 1.0 had 39 commits, for the new release we are near 200, so expect lots of changes, bug fixes and improvements. Let's view some of the major ones.

The first thing you will notice is that the GUI has changed dramatically, not just to be adapted to the new features but we also have made many changes in order to make it clearer, more intuitive and easier to use. But a picture is worth a thousand words:

"Coming soon", "WIP" or "for the next release" are expressions that the Inguma team doesn't like, so another major feature of Bokken 1.5 has been to remove the "soon" regarding the radare backend! And yes, we made it.

Now Bokken can be used with all the power of radare and the ease of use of our GUI. Take a look at the radare website to learn about the features of this powerful backend.

Also almost all the views/tabs of Bokken have received some amount of love and have new features or improvements like:

• The long-awaited code navigation.
• Improved flowgraph view.
• More interactive hexdump.
• Many new features for working with URLs
• New plugins like: (yes!) bindiffing, calculator, assembler, and more...

And that's all for now. Complete and detailed information of all the new features will be shown in the upcoming release post.

Don't forget to follow us on the project's twitter and send your ideas and comments to our mailing list:

bokken-devel (at) inguma.eu

Stay tuned.

Inguma 0.4 is out!

Trying to follow a three months release cycle, today we are proud to announce the next version of the Inguma Project, in short Inguma v0.4. As always, let's see the new features we added this time:

• The GUI has been modified and cleaned in order to give more space to the most active areas like the network map, the RCE interface or the exploits/fuzzing areas.
• Last opened/saved KB are now easily accesible on the toolbar.
• A warning icon appears in the "Logs" tab when new content is available.
• The bottom status bar has gained more functionality showing information regarding KB in use and targets or vulnerabilities discovered.

• We have updated Bokken subproject to the last stable version available, v1.0. It features an interactive mode, better code disassembly and analysis and better integration with Inguma's GUI. More information about Bokken can be found here.

• The systray functionality allows now to hide the Inguma GUI while it's working and it will warn you once the running modules have finished.
• A new fuzzing tab has been added to the Exploits workspace with two different fuzzers: Krash and Scapy.

• Krash fuzzer has been part of Inguma project for a while but now it can be used directly from the GUI. Just select the target, the packet to be fuzzed and press start. Read more about Krash fuzzer here.
• The Scapy fuzzer is a GUI wrapper to the scapy's fuzz function that makes network fuzzing very easy. It's fully drag-and-drop-driven and, in order to start, you just have to compose a packet by dropping layers, select the layers/fields to be fuzzed and select an output directory to save the sent and received packets.

• The CLI interface has received some attention again and a few new shortcuts like '?' for help or '..' to go back to the main menu are now available in nearly all the modules.
• Inguma CLI now works better on MacOS with autocompletion and key bindings.
• All the fuzzing modules are now under the fuzzers category and have been fixed.

Inguma v0.4 Copyright (c) 2006-2008 Joxean Koret Copyright (c) 2009-2011 Hugo Teso
Type 'help' for a short usage guide. inguma> nmapscan inguma/nmapscan> ?
Inguma's Nmap Interface Help ------------------------------
help Show this help nmaphelp Show Nmap's help nmap Execute Nmap with options specified exit Exit from nmapscan interface
inguma/nmapscan> .. inguma> .. Exit.

• Some additional minor changes include:
• A new module to find subdomains is now available.
• The option to automatically audit a new target has been added to the "New target" dialog.


• Lots of code refactoring and bugs fixed.

Get the new release here while is hot, and stay tuned about the latest Inguma and Bokken developments at the project mailing lists or the Twitter profile.

Rooted CON Inguma video available.

The Rooted CON media team have released the videos from the RootedForge event that happened in Madrid on March, 3rd 2011.  There Hugo Teso talked about the past, present and a bit of the future of the Inguma project.  It's only in Spanish, sorry!

RootedForge - Proyecto Inguma - Hugo Teso (Rooted CON 2011) from rootedcon on Vimeo.

Bokken 1.0 has landed

Today we are releasing a new tool of the Inguma project: Bokken.

In Inguma 0.3, an early version of Bokken was included as the RCE tool of the project.

Now we are giving it as a standalone tool.

Bokken is a GUI for the Pyew tool, a *iew like tool for malware analysis, so with Bokken you can do almost the same as with Pyew but with a nice GUI :-). Actually Bokken can parse and help in the analysis of PE/Elf, PDF and websites; any other file can be also opened and studied but Bokken won't analyze it.

To get a full description of the project features, installation instructions or just get the code go to the project site.

Enjoy the new tool and don't forget to send us the bugs you find, feature requests or any other feedback that you consider can help improve the project.

Welcome to Inguma version 0.3

The Inguma team is very proud to release version 0.3 of their pentesting and vulnerability research framework. The new release increases stability (mainly the GUI) thanks to lots of bugs fixed, offers a smoother experience and, of course, includes some awesome features:

• Together with the new release we would like to introduce our project's new pet, Ingumito. He will keep all our users informed of the project news through his twitter account: @ingumito

• A new module has been added to map the IP addresses using the GeoIP library from MaxMind:

• By Ctrl + right clicking over a target a new menu entry will allow to remove the target and all its nodes from the map and the KB:

• Additional information regarding a vulnerability can be obtained by right clicking over a vulnerability node:

• The Add Target dialog must be improved to allow multiple IP addresses and other inputs but, meanwhile, the import dialog now supports a comma-separated CSV file to be used as multiple IP input.

• The exploits download and load process has been simplified; download the exploits at the Preferences dialog and use the Search button to load the exploits. Once loaded, this button will search through the exploits DB.

• The most important change of this new release is the complete rewrite of the RCE interface and core. OpenDis has been removed, and so the objdump dependency, and a new interface has been added that uses Pyew as backend:

This new interface offers most of the Pyew features in a easy-to-use GUI.  Analyzing almost any kind of file or web site is now easier with this new release!  This GUI for RCE is a new subproject of Inguma called Bokken and will be released soon in our website as an independent tool.  Stay tuned!

The RCE interface will analyze PE, ELF, PDF and web sites, and will open any other file in the hex editor. An image is worth a thousand words, so here you have two thousand of them:

Some minor features added are:

• An icon has been added to graph nodes to show the OS of the target when available.
• New autosave feature that will save the KB after every module execution to prevent data loss in case of GUI crash. This autosaved KB will be loaded at startup if the user wants.
• Single host report option added to the node menu.
• Improved performance of ping and scan modules.
• More modules have been ported to the GUI, like "identify"; wich has also been added to the list of modules launched on adding a target.
• We are now closer to full Windows compatibility as this screenshot demonstrate :-)

We hope you enjoy using this new release as much as we enjoyed making it!  Stay tuned of the project news with the Twitter account or the mailing lists. For more information, documentation, reporting bugs and, of course, download the release, visit the project's web site.

This release is dedicated to the hundreds of thousands of Spaniards that gathered on May 15th first in Madrid, then everywhere, to protest against political parties in the now-called #15M movement.

Inguma server reachable over IPv6.

I just added AAAA records to the zones for inguma.eu and inguma-framework.org! I don't think I broke anything, but just for you to know.

Mailing lists and more in place.

Since the last post we have been busy, not only fixing bugs in Inguma but also adding some pieces of infrastructure to the project to improve the available facilities to develop Inguma.

• Two mailing lists are ready for use: inguma-announce and inguma-devel. Anyone familiar with OSS will infer their purpose.
• Redmine has been upgraded to 1.1.2.
• We are trying to import all the issues from the Google Code project into Redmine to avoid losing user reports. If you have any bug, report or suggestion, please create a Redmine account to add a new issue or contact our development list!
• In the very near future we intend to publish updates also by Twitter to make people aware of our advancements. Keep tuned!

Also do not forget that we are available in #inguma on Freenode IRC network.