In other news, development on Hex 2.0 continues forward, we’re trying to get ports finished for inclusion in the ISO, (which is what spawns the flowtag porting), malware analysis took a backseat to sysadmin work due to a rather large project that just finished up. Hopefully I’ll have more time to post here soon, here’s what I’ve been working on:

– A simple C program to measure the index of coincidence of a file (for binary data instead of strings). This was going great until I tried it on a non-OSX OS, now I’m running into segfaults trying to get it to run on Linux (does read() behave differently or something?). I’ve also ported it to Windows (which works), but was a giant pain due to the fact that I don’t ever use Visual Studio.

– A binary file to hex string beautifier; basically, take binary data and print it in really nice strings for either a ruby or a C program. Why? Because I’m tired of manually formatting data for programs.

– A program to generate data with variable amounts of randomness (this is really used for work, but I might end up posting it here depending on whether I think it’s neat enough).

– Rewriting labview (our internal machine allocation management software). Okay, so Jon’s really doing most of the work, but that’s mostly because I don’t know how to do SQL “relations”, I’ll do more of the development soon enough.

– Biking to work. Yea, this isn’t technical, but I got a new bike so I’ve been trying to cut down on the commute, save gas, all that kind of stuff.

UPDATE: Just got an email the flowtag port has been committed, it should be showing up the next time you do a “cvsup”

Firstly, scholar01 has created a ‘flowtag’ module for NSM-Console to use Chris Lee’s  excellent Flowtag software for categorizing and tagging network flow for a packet capture. Thanks for the submission scholar01!

Secondly, JohnQPublic has created a ‘clamscan’ module to in order to scan the files extracted by either tcpxtract or foremost for viruses. The clamscan module uses the popular open-source antivirus ClamAV software. Thanks JohnQPublic!

Both of these modules have been committed into NSM-Console’s code, and while only flowtag is included in the 0.5 release, you can try them out by checking NSM-Console out of SVN with the following command:

svn co http://svn.security.org.my/trunk/rawpacket-root/usr/home/analyzt/rp-NSM/nsm-console nsm-console

Note that the majority of the code I commit to svn is stable enough for regular usage, it just doesn’t undergo the regular testing that the point-releases do before they are released.

Thanks to both authors for submitting modules, they’re now included in the ‘credits’ command.

• aimsnarf
• ngrep (gif/jpg/pdf/exe/pe/ne/elf/3pg/torrent)
• tcpxtract
• tcpflow
• chaosreader
• bro-IDS
• snort
• tcpdstat
• capinfos
• tshark
• argus
• ragator
• racount
• rahosts
• hash (md5 & sha256)
• ra
• honeysnap
• p0f
• pads
• fl0p
• iploc
  
• foremost – thanks shadowbq!
• flowgrep
• tcptrace
• tcpick
• flowtime
• flowtag
• harimau
• clamscan
  

Think of any other useful modules? Leave me a comment and let me know!

P.S. I’m also brainstorming for some pcap/real-time network visualization tools, stay tuned!