emonti-rbkb 0.6.1.1

data/README.rdoc

@@ -0,0 +1,39 @@
+
+= Ruby BlackBag (rbkb)
+
+A miscellaneous collection of command-line tools and ruby library helpers 
+related to pen-testing and reversing. 
+
+== Rationale
+
+    Disclaimer: 
+    Most of what's in the black bag came from a desire to do less typing.
+    But there might be a few clever things that were added by accident.
+
+
+RBkB is inspired by Matasano BlackBag (a set of similar tools written in C).
+
+See:
+* http://www.matasano.com/log/1048/blackbag-091-new-link-and-minor-fixes/
+* http://www.matasano.com/log/552/code-release-blackbag-09-binary-protocol-reversing-unix-thingies/
+
+Things go into the black bag as they are stolen (as a compliment!) or dreamed 
+up, usually based on simplifying some repetetive task or desire for a new tool.
+
+
+Along the way, some of tools in the blackbag spirit make their way into 'rbkb' 
+that may or may not make it to 'bkb' right away (or ever). Similarly some of
+the things in 'bkb' have not yet made it to 'rbkb' (and may not).
+
+=== More Info
+
+See usage.txt
+
+=== Requirements
+
+* For the plug based network stuff, you'll need EventMachine >= 0.12.0
+
+  $ gem install eventmachine
+
+* Some of the plug stuff also requires ruby pcap available from: http://raa.ruby-lang.org/project/pcap
+

data/bin/b64

@@ -0,0 +1,57 @@
+#!/usr/bin/env ruby
+# Author Eric Monti emonti at matasano
+#
+# b64 converts strings or raw data to base-64 encoding.
+#
+# Usage: b64 -h
+#
+require 'rbkb'
+require 'rbkb/command_line'
+require 'base64'
+
+include RBkB::CommandLine
+
+#-------------------------------------------------------------------------------
+# Init options and arg parsing
+OPTS = {}
+arg = bkb_stdargs(nil, OPTS)
+arg = bkb_inputargs(arg, OPTS)
+
+arg.banner += " <data | blank for stdin>"
+
+#------------------------------------------------------------------------------
+# Add local options
+arg.separator ""
+arg.separator "  Output options:"
+
+arg.on("-l", "--length LEN", Numeric, 
+  "Encode in lines of LEN characters") do |l|
+    (OPTS[:len] = l) > 15 or raise "length must be at least 16"
+end
+
+#------------------------------------------------------------------------------
+# Parse arguments
+arg.parse!(ARGV) rescue bail "Error: #{$!}\n#{arg}"
+
+# default string arg
+if OPTS[:indat].nil? and a=ARGV.shift
+	OPTS[:indat] = a.dup 
+end
+
+# catchall
+if ARGV.length != 0
+    bail "Error: bad arguments - #{ARGV.join(' ')}\n-h|--help for more info."
+end
+
+OPTS[:indat] ||= STDIN.read()
+
+#------------------------------------------------------------------------------
+# Do Stuff
+
+if OPTS[:len]
+    Base64.b64encode(OPTS[:indat], OPTS[:len])
+else
+    puts OPTS[:indat].b64
+end
+
+

data/bin/bgrep

@@ -0,0 +1,91 @@
+#!/usr/bin/env ruby
+# searches for a binary string in input
+# string is provided 'hexified'
+#
+# usage: bgrep 'deadbeef' file
+#
+# use -h for more info
+
+require 'rbkb'
+require 'rbkb/command_line'
+
+include RBkB::CommandLine
+
+#-------------------------------------------------------------------------------
+# Init options and arg parsing
+OPTS = {
+  :start_off => 0, 
+  :end_off => -1, 
+  :align => nil
+}
+
+arg = bkb_stdargs(nil, OPTS)
+
+arg.banner += " <subject> <file | blank for stdin>"
+
+arg.on("-x", "--[no-]hex", "Specify subject as hex (default: false)") do |x|
+  OPTS[:hex] = x
+end
+
+arg.on("-r", "--[no-]regex", "Specify subject as regex (default: false)") do |r|
+  OPTS[:rx] = r
+end
+
+arg.on("-a", "--align=BYTES", Numeric, 
+       "Only match on alignment boundary") do |a|
+  OPTS[:align] = a
+end
+
+arg.on("-n", "--[no-]filename", "Suppress prefixing of filenames.") do |n|
+  OPTS[:suppress_fname] = n
+end
+
+
+#------------------------------------------------------------------------------
+# Parse arguments
+begin
+  arg.parse!
+
+  unless find = ARGV.shift
+    raise "need subject argument"
+  end
+
+  if OPTS[:hex] and OPTS[:rx]
+    raise "-r and -x are mutually exclusive"
+  end
+
+  if OPTS[:hex]
+    raise "you specified -x for hex and the subject isn't" unless find.ishex?
+    find = find.unhexify
+  elsif OPTS[:rx]
+    find = Regexp.new(find, Regexp::MULTILINE)
+  end
+
+  align = OPTS[:align]
+
+  if fname=ARGV.shift
+    dat = File.read(fname)
+    fname = nil unless ARGV[0]  # only print filename for multiple files
+  else
+    fname = nil
+    dat = STDIN.read
+  end
+
+  loop do 
+    dat.bgrep(find, align) do |hit_start, hit_end, match|
+      print "#{fname}:" if fname and not OPTS[:suppress_fname]
+
+      puts("#{(hit_start).to_hex.rjust(8,"0")}:"+
+           "#{(hit_end).to_hex.rjust(8,"0")}:b:"+
+           "#{match.inspect}")
+    end
+
+    break unless fname=ARGV.shift
+    dat = File.read(fname)
+  end
+
+rescue
+  STDERR.puts $!, "  use -h for help"
+  exit 1
+end
+

data/bin/blit

@@ -0,0 +1,97 @@
+#!/usr/bin/env ruby
+#
+# blit is for use with any of the "plug" tools such as telson, feed, blitplug.
+# It is used to send data over a socket via their OOB blit listener.
+#
+# Usage: blit [options] <data | blank for stdin>
+#     -h, --help                       Show this message
+#     -v, --version                    Show version and exit
+#     -f, --file FILENAME              Input from FILENAME
+#     -t, --trans-protocol=PROTO       Blit transport protocol TCP/UDP
+#     -b, --blitsrv=ADDR:PORT          Where to send blit messages
+#     -i, --peer-index=IDX             Index for remote peer to receive
+#     -l, --list-peers                 Lists the peer array for the target
+#     -k, --kill                       Stops the remote event loop.
+# 
+
+require 'rbkb'
+require 'rbkb/plug'
+require 'rbkb/command_line.rb'
+
+require 'socket'
+
+include RBkB::CommandLine
+
+#------------------------------------------------------------------------------
+# Init options and arg parsing
+
+OPTS = {
+  :b_addr => Plug::Blit::DEFAULT_IPADDR,
+  :b_port => Plug::Blit::DEFAULT_PORT,
+  :bp_proto => :TCP,
+  :b_peeridx => 0,
+}
+
+blit_msg = nil
+
+arg = bkb_stdargs(nil, OPTS)
+arg = bkb_inputargs(arg, OPTS)
+
+arg.banner += " <data | blank for stdin>"
+
+
+#------------------------------------------------------------------------------
+# Add local options here
+
+arg.on("-t", "--trans-protocol=PROTO", "Blit transport protocol TCP/UDP") do |t|
+  OPTS[:b_proto] = t.upcase.to_sym
+end
+
+arg.on("-b", "--blitsrv=ADDR:PORT", "Where to send blit messages") do |b|
+  unless(m=/^(?:([\w\.]+):)?(\d+)$/.match(b))
+    bail "invalid blit address/port"
+  end
+  OPTS[:b_port] = m[2].to_i
+  OPTS[:b_port] = m[1] if m[1]
+end
+
+arg.on("-i", "--peer-index=IDX", Numeric, "Index for remote peer to receive") do |i|
+  OPTS[:b_peeridx] = i
+end
+
+arg.on("-l", "--list-peers", "Lists the peer array for the target") do
+  blit_msg = Plug::Blit.make_list_peers
+end
+
+arg.on("-k", "--kill", "Stops the remote event loop.") do
+  blit_msg = Plug::Blit.make_kill
+end
+
+#------------------------------------------------------------------------------
+# Parse arguments
+arg.parse!(ARGV) rescue bail "Error: #{$!}\nUse -h|--help for more info."
+
+unless blit_msg
+  if OPTS[:indat].nil?
+    OPTS[:indat] = (ARGV.length > 0)?  ARGV.join(" ") : STDIN.read()
+  end
+  blit_msg = Plug::Blit.make_sendmsg(OPTS[:b_peeridx], OPTS[:indat]) 
+end
+
+#------------------------------------------------------------------------------
+# Do stuff
+
+begin
+  Plug::Blit.blit_init(
+    :addr => OPTS[:b_addr],
+    :port => OPTS[:b_port],
+    :protocol => OPTS[:b_proto]
+  )
+
+  Plug::Blit.blit_raw(blit_msg)
+
+rescue
+  bail $!
+  exit 1
+end
+

data/bin/c

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+# Author Eric Monti (emonti at matasano)
+
+require 'rbkb'
+require 'rbkb/command_line'
+
+include RBkB::CommandLine
+
+if ARGV[0] !~ /[1-9][0-9]*/ or ARGV[1].nil? or ARGV.size > 2 
+    bail "Usage: #{$0} 100 A; # print 100 A's'\n"
+end
+
+print ARGV[1] * ARGV[0].to_i
+

data/bin/crc32

@@ -0,0 +1,60 @@
+#!/usr/bin/env ruby
+# (emonti at matasano) Matasano Security LLC
+#
+# crc32.rb : returns a crc32 checksum in hex from stdin or a file
+# 
+# Usage: crc32 [options]
+#     -h, --help                       Show this message
+#     -v, --version                    Show version and exit
+#     -f, --file FILENAME              Input from FILENAME
+#     -r, --range=START[:END]          Start and optional end range
+#     -x, --hexrange=START[:END]       same, but in hex
+
+require 'rbkb'
+require 'rbkb/command_line'
+
+include RBkB::CommandLine
+
+OPTS = {:first => 0, :last => -1}
+arg = bkb_stdargs(nil, OPTS)
+arg = bkb_inputargs(arg, OPTS)
+
+arg.on("-r", "--range=START[:END]", "Start and optional end range") do |r|
+
+  raise "-x and -r are mutually exclusive" if OPTS[:first]
+
+  unless m=/^(-?[0-9]+)(?::(-?[0-9]+))?$/.match(r)
+    raise "invalid range #{r.inspect}"
+  end
+
+  OPTS[:first] = $1.to_i
+  OPTS[:last] = $2.to_i if $2
+end
+
+arg.on("-x", "--hexrange=START[:END]", "same, but in hex") do |r|
+
+  raise "-x and -r are mutually exclusive" if OPTS[:first]
+
+  unless m=/^(-?[0-9a-f]+)(?::(-?[0-9a-f]+))?$/i.match(r)
+    raise "invalid range #{r.inspect}"
+  end
+
+  OPTS[:first]=($1[0,1] == '-')? ($1[1..-1]).hex_to_num * -1 : $1.hex_to_num
+  if $2
+    OPTS[:last]=($2[0,1] == '-')? ($2[1..-1]).hex_to_num * -1 : $2.hex_to_num
+  end
+end
+
+begin
+  arg.parse!
+
+  raise "bad arguments #{ARGV.join(" ").inspect}" unless (ARGV.length == 0)
+
+  OPTS[:indat] ||= STDIN.read()
+
+  puts OPTS[:indat][ OPTS[:first] .. OPTS[:last] ].crc32.to_hex
+
+rescue
+  bail "Error: #{$!}\n#{arg}"
+end
+

data/bin/d64

@@ -0,0 +1,41 @@
+#!/usr/bin/env ruby
+# Author Eric Monti (emonti at matasano)
+#
+# d64 converts a base-64 encoded string back to its orginal form.
+#
+# Usage: d64 -h
+#
+require 'rbkb'
+require 'rbkb/command_line'
+
+include RBkB::CommandLine
+
+#-------------------------------------------------------------------------------
+# Init options and arg parsing
+OPTS = {}
+arg = bkb_stdargs(nil, OPTS)
+arg = bkb_inputargs(arg, OPTS)
+
+arg.banner += " <data | blank for stdin>"
+
+#------------------------------------------------------------------------------
+# Parse arguments
+arg.parse!(ARGV) rescue bail "Error: #{$!}\n#{arg}"
+
+# default string arg
+if OPTS[:indat].nil? and a=ARGV.shift
+	OPTS[:indat] = a.dup 
+end
+
+# catchall
+if ARGV.length != 0 
+    bail "Error: bad arguments - #{ARGV.join(' ')}\n-h|--help for more info."
+end
+
+OPTS[:indat] ||= STDIN.read()
+
+#------------------------------------------------------------------------------
+# Do Stuff
+
+print OPTS[:indat].d64
+

data/bin/dedump

@@ -0,0 +1,53 @@
+#!/usr/bin/env ruby
+# Author Eric Monti (emonti at matasano)
+#
+# Reverses a hexdump back to raw data. Designed to work with hexdumps created 
+# by Unix utilities like 'xxd' as well as 'hexdump -C'.
+
+require 'rbkb'
+require 'rbkb/command_line'
+
+include RBkB::CommandLine
+
+#------------------------------------------------------------------------------
+# Init options and arg parsing
+OPTS = {:len => 16}
+arg = bkb_stdargs(nil, OPTS)
+
+arg.banner += " <input-file | blank for stdin>"
+
+#------------------------------------------------------------------------------
+# Add local options
+
+arg.on("-l", "--length LEN", Numeric, 
+  "Bytes per line in hexdump (default: #{OPTS[:len]})") do |l|
+    bail("Length must be greater than zero") unless (OPTS[:len] = l) > 0
+end
+
+#------------------------------------------------------------------------------
+# Parse arguments
+arg.parse!(ARGV) rescue bail "Error: #{$!}\nUse -h|--help for more info."
+
+if OPTS[:indat].nil? and a=ARGV.shift
+  OPTS[:indat] = File.open(a, "rb") rescue "Error: Can't open file '#{a}'"
+end
+
+# catchall
+if ARGV.length != 0 
+    bail "Error: bad arguments - #{ARGV.join(' ')}\n-h|--help for more info."
+end
+
+# Default to standard input
+OPTS[:indat] ||= STDIN.read() 
+
+#------------------------------------------------------------------------------
+# Do stuff
+
+exit 1 unless((OPTS[:len] ||= OPTS[:indat].length) > 0)
+
+OPTS[:indat].dehexdump(
+  :len => OPTS[:len], 
+  :out => STDOUT
+) rescue bail "Error: #{$!}"
+
+