Downloads

CryptoNark (cnark.pl)

Written in Perl. You can download the latest version of cryptonark below.  Initially a port of sslthing.sh, cryptonark is a perl script that can be used for PCI Compliance auditing of SSL Ciphers supported on a particular host.  In other words, if you want to know the ciphers supported by a remote server, this tool will tell you.  

CryptoNark now has it's own page on this site, where you can find more information on this useful SSL and PCI Compliance scan tool.

Latest Version (v0.5.7): Released October 2, 2016

cnark-v0.5.7.zip

Previous Version (v0.5.6): Released November 15, 2014

cnark-v0.5.6.tar.gz    cnark-v0.5.6.zip

 

SSL Certificate Validator (chkcert.pl)

Written in Perl. Validates SSL Certificates. Use to check whether the certificate is trusted or to validate certificate chains.

See the SSL Certificate Validator page for more information or my Validating SSL Certificates blog post for more background.

Download chkcert-v0.1.zip

 

Test for Trace and Track (test4trac.pl)

Written in Perl. Useful enough as a standalone script, test4trac.pl is a Perl and LWP::UserAgent-based script I wrote that does HTTP TRACE _AND_ HTTP TRACK testing against the host and port of your choice.  It takes this new feature introduced in cryptonark v0.3 and puts it into a standalone script.  It is intended to be run as a post-remediation change verification tool for vulnerabilities identified as "Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability".

This blog post has more information on it: Test for Trace and Track

Download test4trac.tar.gz    Download test4trac.zip

HTTP WebDAV PROPFIND Test (propfind.pl)

Written in Perl. This script gives the IIS web server administrator the ability to validate that a site is vulnerable to the "WebDAV HTTP Method PROPFIND Enabled" information disclosure vulnerability.  Use if before and after remediation activities have occurred.

More information can be found at my blog post: Verifying 'WebDAV HTTP Method PROPFIND Enabled' Remediation was Successful

Download propfind.tar.gz     Download propfind.zip

Get Cipher (getCipher.groovy)

Written in Groovy. This script will return the SSL Cipher used when connecting to a site.  There are three command line options, -h (--host), -p (--port), and -c (--cipher).  Only the 'host' parameter is required.  You can input any cipher you want available within your JDK installation to see if that host will support connectivity using that particular cipher with the 'cipher' parameter.  Written using Java 1.5.0_19 and Groovy 1.6.4.

See my blog post for more information: Groovy Script: Get SSL Cipher and CLIBuilder Example

Download getCipher.tar.gz    Download getCipher.zip

Bling (bling.groovy)

Written in Groovy. Bling is an xmlrpc-based blog pinger.  Currently it pings 19 different blog directories and also notifies 5 different search engines of web site updates via sitemap ping.  This version requires that you edit the file to change the values of blogTitle, blogURL and sitemapURL so that they match your own.

For more information, please refer to: Bling

Download v0.6 - Released December 22, 2009

Download bling.tar.gz    Download bling.zip

whichCiphers (whichCiphers.groovy)

Written in Groovy. Initially starting out as a port of CryptoNark to groovy, a lack of SSLv2 support in Sun-derived JVMs put the stop to this.  However, it is still pretty useful as is, so here it is.  This post on my blog contains more information on this script.

Download whichCiphers.tar.gz   Download whichCiphers.zip