Downloads
CryptoNark (cnark.pl)
You can download the latest version of cryptonark here. Initially a port of sslthing.sh, cryptonark is a perl script that can be used for PCI Compliance auditing of SSL Ciphers supported on a particular host. In other words, if you want to know the ciphers supported by a remote server, this tool will tell you. CryptoNark now has it's own page on this site, where you can find more information on this useful PCI Compliance scan tool.
Latest Version (v0.4.7): Released March 8, 2012
cnark-v0.4.7.tar.gz cnark-v0.4.7.zip
Previous Version (v0.4.6): Released July 31, 2011
cnark-v0.4.6.tar.gz cnark-v0.4.6.zip
SSL Certificate Validator (chkcert.pl)
Validates SSL Certificates. Use to check whether the certificate is trusted or to validate certificate chains are valid. See the SSL Certificate Validator page for more information or my Validating SSL Certificates blog post for more background.
Test for Trace and Track (test4trac.pl)
Useful enough as a standalone script, test4trac.pl is a Perl and LWP::UserAgent-based script I wrote that does HTTP TRACE _AND_ HTTP TRACK testing against the host and port of your choice. It takes this new feature introduced in cryptonark v0.3 and puts it into a standalone script. It is intended to be run as a post-remediation change verification tool for vulnerabilities identified as "Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability".
This blog post has more information on it: Test for Trace and Track
Download test4trac.tar.gz Download test4trac.zip
HTTP WebDAV PROPFIND Test (propfind.pl)
This script gives the IIS web server administrator the ability to validate that a site is vulnerable to the "WebDAV HTTP Method PROPFIND Enabled" information disclosure vulnerability. Use if before and after remediation activities have occurred.
More information can be found at my Verifying 'WebDAV HTTP Method PROPFIND Enabled' Remediation was Successful blog post
Download propfind.tar.gz Download propfind.zip
Get Cipher (getCipher.groovy)
This script will return the SSL Cipher used when connecting to a site. There are three command line options, -h (--host), -p (--port), and -c (--cipher). Only the 'host' parameter is required. You can input any cipher you want available within your JDK installation to see if that host will support connectivity using that particular cipher with the 'cipher' parameter. Written using Java 1.5.0_19 and Groovy 1.6.4.
See my blog post for more information: Groovy Script: Get SSL Cipher and CLIBuilder Example
Download getCipher.tar.gz Download getCipher.zip
Bling (bling.groovy)
Bling is an xmlrpc-based blog pinger. Currently it pings 19 different blog directories and also notifies 5 different search engines up site updates via sitemap ping. This version requires that you edit the file to change the values of blogTitle, blogURL and sitemapURL so that they match your own.
Download version 0.6 - Released December 22, 2009
Download bling.tar.gz Download bling.zip
whichCiphers (whichCiphers.groovy)
Initially starting out as a port of CryptoNark to groovy, a lack of SSLv2 support in Sun-derived JVMs put the stop to this. However, it is still pretty useful as is, so here it is. This post on my blog contains more information on this script.
Download whichCiphers.tar.gz Download whichCiphers.zip
