Overview
Our priorities are based on our core strengths in this key focus
area – research. We (The Net-Square team) are driven by our
potential to translate research efforts – our core strength – into
innovative, practical, effective solutions; solutions that impact
the information security industry. This focus is in keeping with our
vision to blaze trail in information security research. The team at
Net-Square has an enormous amount of experience in the information
security and are committed to bringing new and effective solutions
to the increasing need for securing information. Growing needs in
the area of information technology keeps us innovative.
Tools like httprint, wschess and nstools are the outcome of our
research activities. Various whitepapers have been published at
conferences and leading information technology media websites.
Net-Square has also publish advisories concerning security issues in
various products.
Whitepapers
Net-Square has published many whitepapers. Some of them became very popular, which are reproduced here
- One-Way Web Hacking – HTTP Based One Way Web Hacking Technique
Besides Whitepaper, Saumil Shah has also authored a book on Web Hacking.
Advisories
Net-square team has published advisories on following popular applications and teachnologies.
- NS-310107-GMAIL – Multiple problems in server-side session handling.
- NS-310107-ORKUT – Multiple problems in server-side session handling.
- NS-052005-ASPNET – Unhandled exception leads to file system disclosure and SQL injection.
- NS-012006-ASPNET-LDAP – Unhandled exception leads to LDAP injection disclosure.
Innovations
Powerful tools and backdoor programs have enabled hackers to
exploit information technology to gain access to unauthorized and
sensitive information. Net-Square has been diligently working to
develop specialized tools and applications to combat this threat.
Tools and application listed below have been developed by our team to assist you in defending your organization against attacks.
- httprint – Web Server Fingerprinting Tool
- datapipe_http – Raw/HTTP TCP Tunneling
- wsChess – Toolkit for Web Services Assessments and Defense
- nstools – Security ToolKit from Net-Square
- MSNPawn – Web application Footprinting, Profiling & Assessment tool using MSN Search web APIs
These tools and application are available for free for personal, educational and non-commercial use only. You can download those from download section on our website.
httprint – Web Server Fingerprinting Tool
One of our security tools released is httprint, a web server fingerprinting tool. httprint relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask.
datapipe_http – Raw/HTTP TCP Tunneling
The datapipe_http program essentially, software based on datapipe
port redirector originally written by Todd Vierling in 1995, , opens
up a connection with the HTTP proxy server, and uses the CONNECT
server:port HTTP/1.0 technique to open a plain bi-directional TCP
connection to the destination server. The TCP connection is then
handed off to the program that connects to the incoming datapipe
listener port.
wsChess – Toolkit for Web Services Assessments and Defense
A set of tools written C# for the .Net platform. This is a
prototype, released as beta with limited support at this point.It
has the following tools
wsPawn -Web services footprinting, discovery, search &
domain footprinting tools. If you are looking for registered web
services and their access points, this tool will help you in
retrieving information from public UDDI.
wsKnight - Web services profiling, proxy and audit tool.
This tool helps in profiling web services from its WSDL. It also
allows you to invoke methods and intercept them before they go on
the wire to the target, so that you can manipulate the SOAP envelope
if needed. The autoaudit feature allows you to inject characters and
attack strings for assessment work.
wsRook -This is a very simple technology demonstration for developers. This is a regular expression-based defense for web services input content. This is a hook in HTTP pipe using the HttpModule interface.
nstools -Net-Square Security ToolKit for Microsoft Windows Platform
As part of this security toolkit, following are the software tools
that can be used on Microsoft Windows platform to perform various
security related activities.
netexec - Remote Command Execution
The command shell is a method of directly
communicating with a remote system via an instruction, or command
line interface. Existing remote command execution tools besides
being difficult to set up, require client software to be installed
on the remote systems that you wish to access.netexec allows you to
execute a command on a remote machine without physically logging in
to that machine. Full interactivity for console applications is
provided. No client software installation is required. read more...
netps - Lists active processes
The execution of a command is known as a process. All multi-user
operating systems have to run more than one process at the same
time. netps is a unix-like process listing command ps,from
Net-Square, that provides you with detailed information about active
processes. Netps is part of the Net-Square suite of tools and will
work on the Windows family of products. read more...
netport - Port-to-process mapping tool
The ability to determine which processes own which
ports on your system. Existing Port-to-process mapping tools besides
being difficult to set up, require client software to be installed
on the remote systems that you wish to access.There are many times
you’ll look at the results of a port-to-process mapper and wish to
know the command-line arguments a particular process has been
started with. Surprisingly, none of the available port-to-process
mappers provide this capability. Only netport allows you to
determine the command line arguments of each process. NetPort also
allows you to take MD5 hashes of the running processes.
netservice - Service Management
Services in MS-Windows™ impact the functioning of a
system. With a default installation of MS-Windows™, many unnecessary
services are installed and are automatically enabled at startup. It
is a tedious job for administrators to stop or uninstall unnecessary
services on each individual computer.netservice allows you to manage
installed services on local and remote machines without physically
logging in to the machine. This tool helps system administrators in
performing housekeeping tasks and security auditors in checking the
services running on remote systems when direct access is not always
possible.
netxslt - XML to HTML Convertor
XML is now the most acceptable format for data representation as it
provides an efficient and structured method to handle data. But when
this data has to be presented as a report, a pure XML file is
insufficient. A better way to represent data is by using HTML. To
convert the XML data file to an HTML document, XSLT is used.netxslt
helps you to convert XML in to HTML with the help of correspoinding
XSL.
MSNPawn – Web application Footprinting, Profiling & Assessment tool
MSNPawn has been designed and developed on the .Net framework and
must be installed on the system. It is web application Footprinting,
Profiling & Assessment tool using MSN Search web APIs. It has
utilities like MSNHostFP, MSNDomainFP, MSNCrossDomainFP, MSNCrawler,
MSNFetch, Search.MSN. Whitepaper is included for better
understanding for all these utilities.