[Dailydave] Puppies.

Dave Aitel dave at immunityinc.com
Tue Sep 22 14:29:02 EDT 2015


HDM peeked out from behind his Internet scanning farm earlier today and
posted a tweet about Pupy
<https://github.com/n1nj4sec/pupy/tree/master/docs/screenshots>, which
is an injectable Python you can use for penetration testing saying that
it seemed similar to Meterpreter.

Last I checked Meterpreter was a big blob of C++ and the Ruby portions
ran client-side, which is pretty different from both Pupy and INNUENDO.

Here, as a small example, is the rabbit hole that the Pupy people are
starting to look into: https://github.com/n1nj4sec/pupy/issues/4

Another similar effort that does DNS C2 in Python (although as far as I
can tell it goes direct to the DNS server, and not through whatever DNS
server the client is supposed to use normally ?!?) is here:
http://lockboxx.blogspot.com/2015/01/python-reverse-dns-shell.html

Even though there's wildly different engineering efforts and goals for
these projects and INNUENDO, if I didn't have access to INNUENDO I would
definitely look into them! (But of course, I do, and YOU should!
sales at immunityinc.com for evals. ;)

-dave




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150922/6b2f86a5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150922/6b2f86a5/attachment.sig>


More information about the Dailydave mailing list