RubyGems - emonti-rbkb - Versions diffs - 0.6.1.3 → 0.6.2 - Mend

emonti-rbkb 0.6.1.3 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

data/README.rdoc CHANGED Viewed

@@ -1,74 +1,217 @@
+= rbkb
-= Ruby BlackBag (rbkb)
+* http://www.github.com/emonti/rbkb
+== DESCRIPTION:
+Ruby BlackBag (rbkb)
 A miscellaneous collection of command-line tools and ruby library helpers
 related to pen-testing and reversing.
-== Rationale
+=== Rationale
     Disclaimer:
     Most of what's in the black bag came from a desire to do less typing.
     But there might be a few clever things that were added by accident.
-RBkB is inspired by Matasano BlackBag (a set of similar tools written in C).
+rbkb is inspired by Matasano BlackBag (a set of similar tools written in C).
 See:
 * http://www.matasano.com/log/1048/blackbag-091-new-link-and-minor-fixes/
 * http://www.matasano.com/log/552/code-release-blackbag-09-binary-protocol-reversing-unix-thingies/
 Things go into the black bag as they are stolen (as a compliment!) or dreamed
-up, usually based on simplifying some repetetive task or desire for a new tool.
+up, usually for simplifying some repetetive task or a desire for a new tool.
 Along the way, some of tools in the blackbag spirit make their way into 'rbkb'
-that may or may not make it to 'bkb' right away (or ever). Similarly some of
+that may or may not make it to 'bkb' right away (if ever). Similarly some of
 the things in 'bkb' have not yet made it to 'rbkb' (and may not).
+== SYNOPSIS:
 === Command Line Tools
 The tools almost all support '-h', but I'll admit this only goes so far.
-See usage.txt for a bit of extra info on the various tools.
+See usage.txt for usage and a bit of extra info on the various tools.
 When I get some spare time, I'll try and do up some examples of using all
 the tools.
-== Installation
+=== Monkey Patches
+Most of rbkb is implemented as a bunch of monkeypatches to Array, String,
+Numeric and other base classes. If this suits your fancy (some people despise
+monkeypatches, this is not their fancy) then you can 'require "rbkb"' from
+your irb sessions and own scripts. This will let you do things like the
+following (just some samples, see rdoc for more).
+My dirty secret: I use IRB for like... everything
+Do stuff with strings:
+  ## sexify with hexify
+  foo = "helu foo"            #=> "helu foo"
+  foo.hexify                  #=> "68656c7520666f6f"
+  ## a little easier to read
+  foo.hexify(:delim => ' ')   #=> "68 65 6c 75 20 66 6f 6f"
+  # and back
+  _.unhexify                  #=> "helu foo"
+  ## break out your hexdump -C styles
+  foodump = "helu foo".hexdump(:out => StringIO.new)
+  #=> "00000000  68 65 6c 75 20 66 6f 6f  |helu foo|\n00000008\n"
+  puts foodump
+  # 00000000  68 65 6c 75 20 66 6f 6f  |helu foo|
+  # 00000008
+  # => nil
+  foo.hexdump(:out => $stdout)
+  # 00000000  68 65 6c 75 20 66 6f 6f  |helu foo|
+  # 00000008
+  # => nil
+  ## reverse a hexdump
+  foodump.dehexdump             #=> "helu foo"
+  ## 'strings' like /usr/bin/strings
+  dat = File.read("/bin/ls")
+  pp dat.strings
+  # [[4132, 4143, :ascii, "__PAGEZERO\000"],
+  #  [4188, 4195, :ascii, "__TEXT\000"],
+  # ...
+  #  [72427, 72470, :ascii, "*Apple Code Signing Certification Authority"],
+  #  [72645, 72652, :ascii, "X[N~EQ "]]
+  ## look for stuff in binaries
+  dat.bgrep("__PAGEZERO")         #=> [[4132, 4142, "__PAGEZERO"], [40996, 41006, "__PAGEZERO"]]
+  dat.bgrep(0xCAFEBABE.to_bytes)  #=> [[0, 4, "\312\376\272\276"]]
+Do stuff with numbers:
+  ## Do you have an irrational distaste for pack/unpack? I do.
+  0xff.to_bytes                     #=> "\000\000\000\377"
+  be = 0xff.to_bytes(:big)          #=> "\000\000\000\377"
+  le = 0xff.to_bytes(:little)       #=> "\377\000\000\000"
+  le16 = 0xff.to_bytes(:little,2)   #=> "\377\000"
+  ## Strings can go the other way too
+  [be, le, le16].map {|n| n.dat_to_num(:big) } # default
+  #=> [255, 4278190080, 65280]
+  [be, le, le16].map {|n| n.dat_to_num(:little) }
+  #=> [4278190080, 255, 255]
+  ## Calculate padding for a given alignment
+  10.pad(16)     #=> 6
+  16.pad(16)     #=> 0
+  30.pad(16)     #=> 2
+  32.pad(16)     #=> 0
+Web 2."oh no you di'int!":
-==== Pre-Requirements Note
+  xss="<script>alert('helu ' + document.cookie)</script"
-For the plug based network stuff, you'll need EventMachine >= 0.12.2
-Installing the rbkb gem usually takes care of this automatically, but
-if you're doing a manual installation, run:
+  # URL percent-encode stuff
+  xss.urlenc
+  #=> "%3cscript%3ealert%28%27helu%3a%20%27%20%2b%20document.cookie%29%3c%2fscript%3e"
-  gem install eventmachine
+  _.b64
+  #=> "JTNjc2NyaXB0JTNlYWxlcnQlMjglMjdoZWx1JTNhJTIwJTI3JTIwJTJiJTIwZG9jdW1lbnQuY29va2llJTI5JTNjJTJmc2NyaXB0JTNl"
+  ## And back
+  _.d64
+  #=> "%3cscript%3ealert%28%27helu%3a%20%27%20%2b%20document.cookie%29%3c%2fscript%3e"
+  _.urldec
+  #=> "<script>alert('helu: ' + document.cookie)</script>"
+Miscellaneous stuff:
+  # rediculous laziness!
+  0x41.printable?         #=> true
+  0x01.printable?         #=> false
+  # Make random gobbledygook and insults
+  "helu foo".randomize    #=> "ouofleh "
+  "helu foo".randomize    #=> "foul hoe"
+Pretend (badly) to be smart:
+  # Cletus say's he's "sneaky"
+  cletus = "my secrets are safe".xor("sneaky")
+  #=> "\036\027E\022\016\032\001\v\021\022K\030\001\vE\022\n\037\026"
+  # Only not really so sneaky
+  cletus.xor "my secrets"     #=> "sneakysnea&a!x qxzb"
+  cletus.xor "my secrets are" #=> "sneakysneakysn(k*ls"
+  cletus.xor "sneaky"         #=> "my secrets are safe"
+  # Now make Cletus feel worse. With... MATH!
+  # (ala entropy scores)
+  "A".entropy                               #=> 0.0
+  "AB".entropy                              #=> 1.0
+  "BC".entropy                              #=> 1.0
+  (0..255).map {|x| x.chr}.join.entropy     #=> 8.0
+  # "You see, Cletus, you might have done this..."
+  sdat = "my secrets are very secret "*60
+  require 'openssl'
+  c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
+  c.encrypt
+  c.key = Digest::SHA1.hexdigest("sneaky")
+  c.iv = c.random_iv
+  # "So, Cletus, when you say 'sneaky'... this is exactly how 'sneaky' you are"
+  c.update(sdat).entropy
+  #=> 7.64800383393901
+  sdat.xor("sneaky").entropy
+  #=> 3.77687372599433
+  sdat.entropy
+  #=> 3.07487577558377
+I do recommend the rdoc if you're interested in more of these little helpers.
+I'll to keep the comments useful and up to date.
+== REQUIREMENTS:
+* eventmachine >= 0.12.0
+== INSTALL:
 === Gem Installation
-RBkB is available as a gem from github:
+rbkb is available as a gem from github:
     gem sources -a http://gems.github.com #(you only have to do this once)
     gem install emonti-rbkb
-==== Install Note
+==== Gem Install Note
-Installing as root may be risky depending on your rubygems configuration so I
-don't really recommend using 'sudo gem install'. Worst case scenario I know
-of is I blew away my OS X shipped '/usr/bin/crc32' this way. It was written in
-perl, so I considered this providence and didn't look back. But you may feel
-differently about 'rubygems' arbitrarily clobbering your files.
+Installing the gem as root may be risky depending on your rubygems
+configuration so I don't really recommend using 'sudo gem install'.
+Worst case scenario I know of is I blew away my OSX-shipped '/usr/bin/crc32'
+this way. It was written in perl, so I considered this providence and didn't
+look back. But you may feel differently about 'rubygems' clobbering a file in
+/usr/bin.
 When installing as a regular user, however, rubygems may stick rbkb's
 executable bin/* files somewhere unexpected. To find out where these are and
-either add them to your PATH or copy/symlink them somewhere else (like
-/usr/local/bin/) do this:
+either add them to your PATH or copy/symlink them somewhere else like
+/usr/local/bin/ do this:
     gem contents emonti-rbkb
 === Manual installation:
 ... or ... you can also install manually without rubygems.
@@ -84,4 +227,28 @@ Run this to generate docs with rdoc the same way the gem would have:
   rdoc --main README.rdoc README.rdoc usage.txt lib
+== LICENSE:
+(The MIT License)
+Copyright (c) 2009 Eric Monti, Matasano Security
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/bin/b64 CHANGED Viewed

@@ -1,57 +1,5 @@
 #!/usr/bin/env ruby
-# Author Eric Monti emonti at matasano
-#
-# b64 converts strings or raw data to base-64 encoding.
-#
-# Usage: b64 -h
-#
-require 'rbkb'
-require 'rbkb/command_line'
-require 'base64'
-include RBkB::CommandLine
-#-------------------------------------------------------------------------------
-# Init options and arg parsing
-OPTS = {}
-arg = bkb_stdargs(nil, OPTS)
-arg = bkb_inputargs(arg, OPTS)
-arg.banner += " <data | blank for stdin>"
-#------------------------------------------------------------------------------
-# Add local options
-arg.separator ""
-arg.separator "  Output options:"
-arg.on("-l", "--length LEN", Numeric,
-  "Encode in lines of LEN characters") do |l|
-    (OPTS[:len] = l) > 15 or raise "length must be at least 16"
-end
-#------------------------------------------------------------------------------
-# Parse arguments
-arg.parse!(ARGV) rescue bail "Error: #{$!}\n#{arg}"
-# default string arg
-if OPTS[:indat].nil? and a=ARGV.shift
-	OPTS[:indat] = a.dup
-end
-# catchall
-if ARGV.length != 0
-    bail "Error: bad arguments - #{ARGV.join(' ')}\n-h|--help for more info."
-end
-OPTS[:indat] ||= STDIN.read()
-#------------------------------------------------------------------------------
-# Do Stuff
-if OPTS[:len]
-    Base64.b64encode(OPTS[:indat], OPTS[:len])
-else
-    puts OPTS[:indat].b64
-end
+require "rbkb/cli/b64"
+Rbkb::Cli::B64.run()

data/bin/bgrep CHANGED Viewed

@@ -1,91 +1,5 @@
 #!/usr/bin/env ruby
-# searches for a binary string in input
-# string is provided 'hexified'
-#
-# usage: bgrep 'deadbeef' file
-#
-# use -h for more info
-require 'rbkb'
-require 'rbkb/command_line'
-include RBkB::CommandLine
-#-------------------------------------------------------------------------------
-# Init options and arg parsing
-OPTS = {
-  :start_off => 0,
-  :end_off => -1,
-  :align => nil
-}
-arg = bkb_stdargs(nil, OPTS)
-arg.banner += " <subject> <file | blank for stdin>"
-arg.on("-x", "--[no-]hex", "Specify subject as hex (default: false)") do |x|
-  OPTS[:hex] = x
-end
-arg.on("-r", "--[no-]regex", "Specify subject as regex (default: false)") do |r|
-  OPTS[:rx] = r
-end
-arg.on("-a", "--align=BYTES", Numeric,
-       "Only match on alignment boundary") do |a|
-  OPTS[:align] = a
-end
-arg.on("-n", "--[no-]filename", "Suppress prefixing of filenames.") do |n|
-  OPTS[:suppress_fname] = n
-end
-#------------------------------------------------------------------------------
-# Parse arguments
-begin
-  arg.parse!
-  unless find = ARGV.shift
-    raise "need subject argument"
-  end
-  if OPTS[:hex] and OPTS[:rx]
-    raise "-r and -x are mutually exclusive"
-  end
-  if OPTS[:hex]
-    raise "you specified -x for hex and the subject isn't" unless find.ishex?
-    find = find.unhexify
-  elsif OPTS[:rx]
-    find = Regexp.new(find, Regexp::MULTILINE)
-  end
-  align = OPTS[:align]
-  if fname=ARGV.shift
-    dat = File.read(fname)
-    fname = nil unless ARGV[0]  # only print filename for multiple files
-  else
-    fname = nil
-    dat = STDIN.read
-  end
-  loop do
-    dat.bgrep(find, align) do |hit_start, hit_end, match|
-      print "#{fname}:" if fname and not OPTS[:suppress_fname]
-      puts("#{(hit_start).to_hex.rjust(8,"0")}:"+
-           "#{(hit_end).to_hex.rjust(8,"0")}:b:"+
-           "#{match.inspect}")
-    end
-    break unless fname=ARGV.shift
-    dat = File.read(fname)
-  end
-rescue
-  STDERR.puts $!, "  use -h for help"
-  exit 1
-end
+require "rbkb/cli/bgrep"
+Rbkb::Cli::Bgrep.run()

data/bin/blit CHANGED Viewed

@@ -1,97 +1,5 @@
 #!/usr/bin/env ruby
-#
-# blit is for use with any of the "plug" tools such as telson, feed, blitplug.
-# It is used to send data over a socket via their OOB blit listener.
-#
-# Usage: blit [options] <data | blank for stdin>
-#     -h, --help                       Show this message
-#     -v, --version                    Show version and exit
-#     -f, --file FILENAME              Input from FILENAME
-#     -t, --trans-protocol=PROTO       Blit transport protocol TCP/UDP
-#     -b, --blitsrv=ADDR:PORT          Where to send blit messages
-#     -i, --peer-index=IDX             Index for remote peer to receive
-#     -l, --list-peers                 Lists the peer array for the target
-#     -k, --kill                       Stops the remote event loop.
-#
-require 'rbkb'
-require 'rbkb/plug'
-require 'rbkb/command_line.rb'
-require 'socket'
-include RBkB::CommandLine
-#------------------------------------------------------------------------------
-# Init options and arg parsing
-OPTS = {
-  :b_addr => Plug::Blit::DEFAULT_IPADDR,
-  :b_port => Plug::Blit::DEFAULT_PORT,
-  :bp_proto => :TCP,
-  :b_peeridx => 0,
-}
-blit_msg = nil
-arg = bkb_stdargs(nil, OPTS)
-arg = bkb_inputargs(arg, OPTS)
-arg.banner += " <data | blank for stdin>"
-#------------------------------------------------------------------------------
-# Add local options here
-arg.on("-t", "--trans-protocol=PROTO", "Blit transport protocol TCP/UDP") do |t|
-  OPTS[:b_proto] = t.upcase.to_sym
-end
-arg.on("-b", "--blitsrv=ADDR:PORT", "Where to send blit messages") do |b|
-  unless(m=/^(?:([\w\.]+):)?(\d+)$/.match(b))
-    bail "invalid blit address/port"
-  end
-  OPTS[:b_port] = m[2].to_i
-  OPTS[:b_port] = m[1] if m[1]
-end
-arg.on("-i", "--peer-index=IDX", Numeric, "Index for remote peer to receive") do |i|
-  OPTS[:b_peeridx] = i
-end
-arg.on("-l", "--list-peers", "Lists the peer array for the target") do
-  blit_msg = Plug::Blit.make_list_peers
-end
-arg.on("-k", "--kill", "Stops the remote event loop.") do
-  blit_msg = Plug::Blit.make_kill
-end
-#------------------------------------------------------------------------------
-# Parse arguments
-arg.parse!(ARGV) rescue bail "Error: #{$!}\nUse -h|--help for more info."
-unless blit_msg
-  if OPTS[:indat].nil?
-    OPTS[:indat] = (ARGV.length > 0)?  ARGV.join(" ") : STDIN.read()
-  end
-  blit_msg = Plug::Blit.make_sendmsg(OPTS[:b_peeridx], OPTS[:indat])
-end
-#------------------------------------------------------------------------------
-# Do stuff
-begin
-  Plug::Blit.blit_init(
-    :addr => OPTS[:b_addr],
-    :port => OPTS[:b_port],
-    :protocol => OPTS[:b_proto]
-  )
-  Plug::Blit.blit_raw(blit_msg)
-rescue
-  bail $!
-  exit 1
-end
+require "rbkb/cli/blit"
+Rbkb::Cli::Blit.run()

data/bin/c CHANGED Viewed

@@ -1,14 +1,5 @@
 #!/usr/bin/env ruby
-# Author Eric Monti (emonti at matasano)
-require 'rbkb'
-require 'rbkb/command_line'
-include RBkB::CommandLine
-if ARGV[0] !~ /[1-9][0-9]*/ or ARGV[1].nil? or ARGV.size > 2
-    bail "Usage: #{$0} 100 A; # print 100 A's'\n"
-end
-print ARGV[1] * ARGV[0].to_i
+require "rbkb/cli/chars"
+Rbkb::Cli::Chars.run()

data/bin/crc32 CHANGED Viewed

@@ -1,60 +1,5 @@
 #!/usr/bin/env ruby
-# (emonti at matasano) Matasano Security LLC
-#
-# crc32.rb : returns a crc32 checksum in hex from stdin or a file
-#
-# Usage: crc32 [options]
-#     -h, --help                       Show this message
-#     -v, --version                    Show version and exit
-#     -f, --file FILENAME              Input from FILENAME
-#     -r, --range=START[:END]          Start and optional end range
-#     -x, --hexrange=START[:END]       same, but in hex
-require 'rbkb'
-require 'rbkb/command_line'
-include RBkB::CommandLine
-OPTS = {:first => 0, :last => -1}
-arg = bkb_stdargs(nil, OPTS)
-arg = bkb_inputargs(arg, OPTS)
-arg.on("-r", "--range=START[:END]", "Start and optional end range") do |r|
-  raise "-x and -r are mutually exclusive" if OPTS[:first]
-  unless m=/^(-?[0-9]+)(?::(-?[0-9]+))?$/.match(r)
-    raise "invalid range #{r.inspect}"
-  end
-  OPTS[:first] = $1.to_i
-  OPTS[:last] = $2.to_i if $2
-end
-arg.on("-x", "--hexrange=START[:END]", "same, but in hex") do |r|
-  raise "-x and -r are mutually exclusive" if OPTS[:first]
-  unless m=/^(-?[0-9a-f]+)(?::(-?[0-9a-f]+))?$/i.match(r)
-    raise "invalid range #{r.inspect}"
-  end
-  OPTS[:first]=($1[0,1] == '-')? ($1[1..-1]).hex_to_num * -1 : $1.hex_to_num
-  if $2
-    OPTS[:last]=($2[0,1] == '-')? ($2[1..-1]).hex_to_num * -1 : $2.hex_to_num
-  end
-end
-begin
-  arg.parse!
-  raise "bad arguments #{ARGV.join(" ").inspect}" unless (ARGV.length == 0)
-  OPTS[:indat] ||= STDIN.read()
-  puts OPTS[:indat][ OPTS[:first] .. OPTS[:last] ].crc32.to_hex
-rescue
-  bail "Error: #{$!}\n#{arg}"
-end
+require "rbkb/cli/crc32"
+Rbkb::Cli::Crc32.run()

data/bin/d64 CHANGED Viewed

@@ -1,41 +1,5 @@
 #!/usr/bin/env ruby
-# Author Eric Monti (emonti at matasano)
-#
-# d64 converts a base-64 encoded string back to its orginal form.
-#
-# Usage: d64 -h
-#
-require 'rbkb'
-require 'rbkb/command_line'
-include RBkB::CommandLine
-#-------------------------------------------------------------------------------
-# Init options and arg parsing
-OPTS = {}
-arg = bkb_stdargs(nil, OPTS)
-arg = bkb_inputargs(arg, OPTS)
-arg.banner += " <data | blank for stdin>"
-#------------------------------------------------------------------------------
-# Parse arguments
-arg.parse!(ARGV) rescue bail "Error: #{$!}\n#{arg}"
-# default string arg
-if OPTS[:indat].nil? and a=ARGV.shift
-	OPTS[:indat] = a.dup
-end
-# catchall
-if ARGV.length != 0
-    bail "Error: bad arguments - #{ARGV.join(' ')}\n-h|--help for more info."
-end
-OPTS[:indat] ||= STDIN.read()
-#------------------------------------------------------------------------------
-# Do Stuff
-print OPTS[:indat].d64
+require "rbkb/cli/d64"
+Rbkb::Cli::D64.run()

data/bin/dedump CHANGED Viewed

@@ -1,53 +1,5 @@
 #!/usr/bin/env ruby
-# Author Eric Monti (emonti at matasano)
-#
-# Reverses a hexdump back to raw data. Designed to work with hexdumps created
-# by Unix utilities like 'xxd' as well as 'hexdump -C'.
-require 'rbkb'
-require 'rbkb/command_line'
-include RBkB::CommandLine
-#------------------------------------------------------------------------------
-# Init options and arg parsing
-OPTS = {:len => 16}
-arg = bkb_stdargs(nil, OPTS)
-arg.banner += " <input-file | blank for stdin>"
-#------------------------------------------------------------------------------
-# Add local options
-arg.on("-l", "--length LEN", Numeric,
-  "Bytes per line in hexdump (default: #{OPTS[:len]})") do |l|
-    bail("Length must be greater than zero") unless (OPTS[:len] = l) > 0
-end
-#------------------------------------------------------------------------------
-# Parse arguments
-arg.parse!(ARGV) rescue bail "Error: #{$!}\nUse -h|--help for more info."
-if OPTS[:indat].nil? and a=ARGV.shift
-  OPTS[:indat] = File.open(a, "rb") rescue "Error: Can't open file '#{a}'"
-end
-# catchall
-if ARGV.length != 0
-    bail "Error: bad arguments - #{ARGV.join(' ')}\n-h|--help for more info."
-end
-# Default to standard input
-OPTS[:indat] ||= STDIN.read()
-#------------------------------------------------------------------------------
-# Do stuff
-exit 1 unless((OPTS[:len] ||= OPTS[:indat].length) > 0)
-OPTS[:indat].dehexdump(
-  :len => OPTS[:len],
-  :out => STDOUT
-) rescue bail "Error: #{$!}"
+require "rbkb/cli/dedump"
+Rbkb::Cli::Dedump.run()