In the process of solving security problems for our clients, Casaba develops a diverse array of tools. Some are specific to a particular project, but others prove useful within the overall framework of code-assisted penetration testing.
Here are a few of the tools we have developed and made available for you to download and apply as you see fit.
DISCLAIMER: THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY.
Have you ever really wanted to put your file system to the test…or better yet, brutally test an application that reads folder and file names, and watch what crumbles? So have we. That’s why we created PathFuzz.
The current version of PathFuzz is Windows-only, but could easily be ported to Linux, BSD or Mac OS X. If you are interested in different version, drop us a line. PathFuzz is highly configurable and will generate loads of files, nested folders and Alternate Data Streams. It will also mutate names and file extensions with fuzzed strings, floating point integers, non-printable characters, illegal characters (< > : " / \ |), reserved names (COM1, AUX) and more.
CAUTION: You will have the option to print the output to the console, rather than actually creating the files and folders. If you do choose to create them, do so on a scrap test machine - you've been warned.
LineCount.exe will scan source code to estimate the total number of lines. This is most useful for estimating the time required for code review projects. LineCount will ignore whitespace, comments, ending statements and other syntax to get a more accurate count.