--- [ Projects ] ---


Ncrack is a high-speed network authentication cracking tool with a modularized architecture, a dynamic, highly-configurable and optimized timing engine and a lot of other unique features. I started developing it from scratch during the Google Summer of Code 2009 for the Nmap project under the mentorship of Fyodor. I continued extending and improving it in Google Summer of Code 2010 and in my spare time. The project is under constant development.



Nkiller2 is a major expansion of Nkiller which exploits the TCP Persist Timer to perform a generic DoS attack, completely statelessly and with almost no memory overhead, using packet-parsing techniques and virtual states. The analysis of the exploitation attack was published at Phrack #66 in the article Exploiting TCP and the Persist Timer Infiniteness.



PrimaVista is a startup project I co-founded, aiming to bridge the analog and the digital world of sheet music.



Nkiller is a tcp exhaustion/stressing tool that is based on an idea posted long ago at bugtraq but which still works more or less. It is actually an improvement of the demonstration tool used there, since it combines both the exploitation of the vulnerability inherent in all tcp implementations and the speed by using reverse syn cookies, an idea first introduced by Dan Kaminsky's scanrand.

nkiller.c.html   nkiller.c   README   nkiller.tar.gz  


pknf is a loadable kernel module which implements a port knocking mechanism for linux kernel >= 2.6.25 using netfilter hooks.

pknf.c.html   pknf.c


TAP - Tcpdump Analysing Parser is a parser to be used in conjunction with tcpdump's -X option (which prints the data of each packet along with all the headers, except for the link-layer one). It parses tcpdump's output and constructs a visualization of the headers, according to the RFC defined appearance. Colorised output is available too. It is a handy tool when your eye isn't trained enough to be able to quickly discern which field is which just from the raw hex data.

tap.c.html   tap.c   README  


CC - Covert Client is a simple program which demonstrates the idea of sending data through a covert chanel - cloaking the data inside the custom made fields of a TCP/IP packet. It uses raw sockets to implement the above. Note that by itself is easily detectable since the data is not encoded. You can however make some minor changes in the source and get a fairly robust masking ability.

cc.c.html   cc.c   README  


Creeper is a minimalistic port scanner which implements the syn stealth mode in a simple way using libpcap and raw sockets. It has been written mainly for educational purposes and the code is easy to study since it doesn't get over 600 sloc. It would be best to read the source along with the paper Coding a Syn Scanner which explains everything in detail.

creeper.c.html  creeper.c