http://www.fyrmassociates.com/tools.html
 GuestStealer v1.1 [ Download ]
GuestStealer allows for the stealing of VMware guests from vulnerable hosts based on the Directory Traversal Vulnerability detailed in CVE-2009-3373 and VMSA-2009-0015. GuestStealer was released at ShmooCon 2010 during Tony Flick’s ‘Stealing Guests…The VMware Way‘ presentation.
Requirements
- Perl interpreter
- LWP::Simple perl module
- XML::Simple perl module
- Data::Dumper perl module
- Crypt::SSLeay perl module
Instructions
- perl gueststealer-v1.1.pl -h <Host> -p <Web Access UI Port> -s <SSL Web Access UI> -t <Server Type> -o <Output Directory>
- -h = The target host (IP Address or Host Name)
-p = Port for the Web Access UI (Defaults: ESX/ESXi = 80/443, Server = 8222/8333)
-s = Is the Web Access UI utilizing SSL (yes/no)
-t = Target type (server/esx/esxi)
-o = Output directory
- Example Usage:
perl gueststealer-v1.1.pl -h 192.168.1.2 -p 8333 -s yes -t server -o /tmp
NessusPBE [ Download ]
NessusPBE simplifies the process of understanding Nessus output by transforming the data into an actionable format. Specifically, NessusPBE reads in .nbe formatted Nessus reports and creates spreadsheets that can be opened by most office suites, including Microsoft Excel and OpenOffice Spreadsheet. NessusPBE creates three spreadsheets: a list of services identified by Nessus, a list of open ports whose service was not identified by Nessus, and a list of Nessus’ findings.
Requirements
- Perl interpreter
- Nessus output in the .nbe format
Instructions
- From a command line: ./NessusPBE.pl -i <input .nbe> -o <output prefix>
Example: ./NessusPBE.pl –i AcmeBank.nbe –o AcmeBankNessus
- Open the resulting output files: <output-prefix>-OpenPorts.csv <output-prefix>-UnknownPorts.csv <output-prefix>-VulnList.tsv
Example: AcmeBank-OpenPorts.csv AcmeBank-UnknownPorts.csv AcmeBank-VulnList.tsv
|
Advertisement
Like this:
Be the first to like this post.
~ by stevegoldsby on February 19, 2010.
Posted in Uncategorized
I.T. Security Newsfeed
