{
"type" : "tool",
"content" : [
{
"title" : "tzsptap",
"text" : "A small tool receiving TZSP encapsulated data and forwarding it to a local tap interface. Very usefull for IDS systems.",
"links" : [
{
"link" : "tools/tzsptap.c.gz",
"name" : "source",
"check" : "a0ff8023164d01eb1cb7b3be69ea355c06232d4b"
}
]
},
{
"title" : "diameter_enum",
"text" : "Diameter Application and Message scanner, implementing some known Diameter attacks on 3GPP networks",
"links" : [
{
"link" : "tools/diameter_enum-v0.1.tar.bz2",
"name" : "source",
"check" : "054f994e35a0b8c6e7590978a6577909833f06cc"
}
]
},
{
"title" : "epmd_bf",
"text" : "Erlang portmapper daemon magic cookie bruteforcer.",
"links" : [
{
"link" : "tools/epmd_bf-0.1.tar.bz2",
"name" : "Source",
"check" : "7d71f3c9fa734b36c5a8e84ed8b2969603c231ac"
}
]
},
{
"title" : "ss7MAPer",
"text" : "SS7 MAP (pen-)testing toolkit using the osmo-ss7 stack.",
"links" : [
{
"link" : "tools/ss7MAPer-0.1.tar.gz",
"name" : "Source",
"check" : "2eddcdadd44150142821d27223fe2cd3267b1724"
}
]
},
{
"title" : "TiMOS_unpack",
"text" : "Unpacks Alcatel TiMOS image files for their components, like firmware binaries, FPGA images and support files.",
"links" : [
{
"link" : "tools/TiMOS_unpack.py.gz",
"name" : "Source",
"check" : "9f898b68988c8f0bf889d68cc7fae931dc06068e"
}
]
},
{
"title" : "s1ap_enum",
"text" : "The tool itself is written in erlang, as i found no other free ASN.1 parser that is able to parse those fancy 3GPP protocol specs. It connects to an MME on sctp/36412 and tries to initiate a S1AP session by sending an S1SetupRequest PDU. To establish a S1AP session with an MME the right MCC and MNC are needed in the PLMNIdentity. The tool tries to guess the right MCC/MNC combinations. It comes with a preset of known MCC/MNC pairs from mcc-mnc.com, but can try all other combinations as well.",
"links" : [
{
"link" : "tools/s1ap_enum_v0.1.tar.bz2",
"name" : "Source",
"check" : "0a755c9eb5df0f05fa52288f6b1841da576afd82"
}
]
},
{
"title" : "pytacle",
"text" : "pytacle is a tool inspired by tentacle. it automates the task of sniffing gsm frames of the air, extracting the key exchange, feeding kraken with the key material and finally decode/decrypt the voice data.",
"links" : [
{
"link" : "tools/pytacle-alpha2.tar.gz",
"name" : "Source",
"check" : "6a3483fef079e33c4d4e0400dcee28abdfb645a7"
}
]
},
{
"title" : "tftp-proxy",
"text" : "tftp-proxy is what it's named. it accepts connection on tftp and reloads requested content from an upstream tftp server. meanwhile modifications to the content can be done by pluggable modules. so this one's nice if your mitm with some embedded devices.",
"links" : [
{
"link" : "tools/tftp-proxy-0.1.tar.bz2",
"name" : "Source",
"check" : "0085bc99ee8b9c55cac4af0cf7964664ae8125c4"
}
]
},
{
"title" : "dizzy",
"text" : "dizzy is a python based fuzzing framework with features such as:
- Can send to L2 as well as to upper layers (TCP/UDP/SCTP)
- Ability to work with odd length packet fields (no need to match byte borders, so even single flags or 7bit long fields can be represented and fuzzed)
- Very easy protocol definition syntax
- Ability to do multi packet state-full fuzzing with the ability to use received target data in response.",
"links" : [
{
"link" : "tools/dizzy-2.0.tar.gz",
"name" : "Source",
"check" : "ac4d9f5dea75fe28cda4c73080b39d4ab82a9441"
}
]
},
{
"title" : "apnbf",
"text" : "I'm proudly releasing the first version of apnbf, a small python script designed for enumerating valid APNs (Access Point Name) on a GTP-C speaking device. It tries to establish a new PDP session with the endpoint via sending a createPDPContextRequest. This request needs to include a valid APN, so one can easily distinguish from a valid APN (which will be answered with a createPDPContextResponse) and an invalid APN (which will be answered with an error indication message). In addition the tool also parses the error indication and displays the reason (which should be \"Missing or unknown APN\" in case of an invalid APN).",
"links" : [
{
"link" : "tools/apnbf-0.1.tar.gz",
"name" : "Source",
"check" : "5a122f198ea35b1501bc3859fd7e87aa57ef853a"
}
]
},
{
"title" : "gtp_scan",
"text" : "gtp_scan is a small python script that scans for GTP (GPRS tunneling protocol) speaking hosts. To discover those hosts it uses the GTP build in PING mechanism, it sends a GTP packet of the type ECHO_REQUEST and listens for an incoming GTP ECHO_REPLY. Its capable of generating ECHO_REQUESTS for GTP version 1 and GTP version 2. Also the script can scan for both, GTP-C and GTP-U (the control channel and the user data channel), only the port differs here. In the output the received packet is displayed and the basic GTP header is dissected so one can see a GTP version 1 host answering a GTP version 2 ECHO_REQUEST with the 'version not supported' message. Tests have shown that there are some strange services around, which answer to an GTP ECHO_REQUEST with a lot of weird data, which leads to 'kind of' false positive results but they can easily be discovered by checking the output data with your brain ;) (eg. there is no GTP version 12)",
"links" : [
{
"link" : "tools/gtp_scan-0.9.tar.gz",
"name" : "Source",
"check" : "f589a674eccf2a71f328595428346d967198c032"
}
]
},
{
"title" : "snmpattack",
"text" : "SNMP scanner and attacking tool",
"links" : [
{
"link" : "tools/snmpattack-1.8.tar.gz",
"name" : "Source",
"check" : "d4433a67cf0cc6b44d1748360dcafa9557f8c545"
}
]
},
{
"title" : "bgp_cli",
"text" : "Commandline interface to the Border Gateway Protokoll",
"links" : [
{
"link" : "tools/bgp_cli.tar.gz",
"name" : "Source",
"check" : "15ccec390da59176ab59c6ab985c608db4c099c6"
}
]
},
{
"title" : "bgp_md5crack",
"text" : "RFC2385 password cracker",
"links" : [
{
"link" : "tools/bgp_md5crack.tar.gz",
"name" : "Source",
"check" : "320a317006258813d69861cc54f51bc98384c434"
}
]
},
{
"title" : "eigrp_cli",
"text" : "Commandline interface to the Enhanced Interior Gateway Routing Protokoll",
"links" : [
{
"link" : "tools/eigrp_cli.tar.gz",
"name" : "Source",
"check" : "f5c0fb9a4d29445271d3625dca6bf2e82f63c6f4"
}
]
},
{
"title" : "ldp_cli",
"text" : "Commandline interface to the Laber Distribution Protokoll",
"links" : [
{
"link" : "tools/ldp_cli.tar.gz",
"name" : "Source",
"check" : "d0b78962478f7aa914a4a7fcdc68dd935dc794c3"
}
]
},
{
"title" : "mpls_redirect",
"text" : "On-the-fly MPLS label modificator",
"links" : [
{
"link" : "tools/mpls_redirect.tar.gz",
"name" : "Source",
"check" : "1e27af42afe055112091ec3735f04ec32b39356b"
}
]
},
{
"title" : "mpls_tun",
"text" : "Virtual tunnel adapter for MPLS L2 and L3 VPNs",
"links" : [
{
"link" : "tools/mpls_tun.tar.gz",
"name" : "Source",
"check" : "164a7d5ceb8f51ecbbb57979a1b6f605473acb77"
}
]
}
]
}