New tool release: SPIKE

[Dave Aitel <daitel () atstake com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


http://www.atstake.com/research/tools/index.html#vulnerability_scanning

SPIKE is a Fuzzer Creation Kit in C - basically an attempt to write a generic
protocol API that is easy to use and reasonably complete. This version of SPIKE

includes demonstration fuzzers that do web application and DCE-RPC (MSRPC)
fuzzing. Also included is a web server NTLM Authentication brute forcer
implemented with SPIKE, and a few example fuzzers that do nothing, but
demonstrate how to use the
API.

The web application fuzzing is done by capturing client requests (a modified
version of Dug Song's webmitm is included which works very well for SSL
connections) and then running those through a perl script which generates .c
files. When compiled, these programs will then iterate through all the
variables in a request with various attack
strings.

The entire package is released under the GPL, version 2.0. Enjoy! And, as
always, send questions, comments, flames, personal issues, dumb questions, and
vicious ferrets muzzled with duct tape
to:

daitel () atstake com
Dave Aitel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7y3L09iGGtHdhlgMRAu1OAJ0XUJLAvJhPKm3pkPIWw3Nt82xFCACeJJgK
hovFcB2YFZz0iyx11hi+s+Y=
=tQwS
-----END PGP SIGNATURE-----



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/