duck

["n d" <trpz () broken org>]

this is sample code for a new block handling system called duck.
-------------------------------------------------------------

#!/usr/bin/perl
use Socket;
require 'block.pl';
@m = ("PROPFIND","PROPPATCH","MCOL","PUT","DELETE","LOCK","UNLOCK");
$h = $ARGV[0];

foreach $k (@m) {
  &d_start_block($k);
  &d_append_string($k,"$k /meep/duck.htm HTTP/1.0\r\n\r\n");
  #&d_print_block($k);
  $s = sockaddr_in(80, inet_aton($h)) || die "meep\n";
  socket (S, PF_INET, SOCK_STREAM, getprotobyname('TCP')) || die "meep\n";
  if(connect(S, $s)) {
    $j = \*S;
    &d_write_block_fh($k,$j);
    print "*** WRITTEN\n";
    @b = <$j>;
    foreach (@b) {
      print;
      if($_ =~ /Method/i || $_ =~ /Allowed/i || $_ =~ /Supported/i) {
        print "$k NEGATIVE\n";
      }
      print "$k WEBDAV ARE LOOKING GOOD\n";
    }
  } else {
    print "copuld not connect\n";
  }
  &d_end_block($k);
}

-------------------------------------------------------------------

duck allows you to build strings made up of binary data, unicode, integers and norml ascii strings as well as allows 
you to parse them to a wide range of filehandle handling code. the first version of duck should be completed by the end 
of the month, and the source will be released under a license that allows me to keep control of the source but allow 
worthy additions. if you would like the preliminary version feel free to contact me.

if you want to read more about this idea, www2.immunitysec.com and look for dave aitels paper about SPIKE and using 
blocks of data in fuzzing situations.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html