RESEARCH AND TOOLS



Our priorities are based on our core strengths in this key focus area – research. We (The Net Square team) are driven by our potential to translate research efforts – our core strength – into innovative, practical, effective solutions; solutions that impact the information security industry. This focus is in keeping with our vision to blaze trail in information security research. The team at Net-Square has an enormous amount of experience in the information security and are committed to bringing new and effective solutions to the increasing need for securing information. Growing needs in the area of information technology keeps us innovative.


Tools like httprint, wschess and nstools are the outcome of our research activities. Various whitepapers have been published at conferences and leading information technology media websites. Net-Square has also publish advisories concerning security issues in various products.

Whitepapers


Net Square's team has published many whitepapers and some of the popular whitepapers are mentioned in the below link.

One-Way Web Hacking – HTTP Based One Way Web Hacking Technique


Mr. Saumil Shah (C.E.O of Net Square) has authored a book 'Web Hacking Attacks and Defence '

Advisories


Net Square team has published advisories on following popular applications and technologies.
NS-310107-GMAIL – Multiple problems in server-side session handling.
NS-052005-ASPNET – Unhandled exception leads to file system disclosure and SQL injection.
NS-012006-ASPNET-LDAP – Unhandled exception leads to LDAP injection disclosure.

Innovations


Powerful tools and backdoor programs have enabled hackers to exploit information technology to gain access to unauthorized and sensitive information. Net-Square has been diligently working to develop specialized tools and applications to combat this threat.


Tools and Applications


Tools and application listed below have been developed by our team to assist you in defending your organization against attacks.

httprint  – Web Server Fingerprinting
Tool
datapipe_http – Raw/HTTP TCP Tool
Tunneling
wsChess – Toolkit for Web Services
Assessments and Defense
nstools – Security ToolKit from
Net-Square

MSNPawn – Web application Footprinting, Profiling & Assessment tool using MSN
Search web APIs
These tools and application are available for free for personal, educational and non-commercial use only. You can download those from download section on our website.

httprint – Web Server Fingerprinting Tool


One of our security tools released is httprint, a web server fingerprinting tool. httprint relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask.

Click here for more details

datapipe_http – Raw/HTTP TCP Tunneling


The datapipe_http program essentially, software based on datapipe port redirector originally written by Todd Vierling in 1995, , opens up a connection with the HTTP proxy server, and uses the CONNECT server:port HTTP/1.0 technique to open a plain bi-directional TCP connection to the destination server. The TCP connection is then handed off to the program that connects to the incoming datapipe listener port.

Click here for more details

wsChess – Toolkit for Web Services Assessments and Defense


A set of tools written C# for the .Net platform. This is a prototype, released as beta with limited support at this  point.It has the following tools.


wsPawn - Web services footprinting, discovery, search & domain footprinting tools. If you are looking for registered web services and their access points, this tool will help you in retrieving information from public UDDI.
wsKnight - Web services profiling, proxy and audit tool. This tool helps in profiling web services from its WSDL. It also allows you to invoke methods and intercept them before they go on the wire to the target, so that you can manipulate the SOAP envelope if needed. The autoaudit feature allows you to inject characters and attack strings for assessment work.

wsRook - This is a very simple technology demonstration for developers. This is a regular expression-based defense for web services input content. This is a hook in HTTP pipe using the HttpModule interface.

Click here for more details

nstools -Net-Square Security ToolKit for Microsoft Windows Platform


As part of this security toolkit, following are the software tools that can be used on Microsoft Windows platform to perform various security related activities.

netexec - Remote Command Execution


The command shell is a method of directly communicating with a remote system via an instruction, or command line interface. Existing remote command execution tools besides being difficult to set up, require client software to be installed on the remote systems that you wish to access.netexec allows you to execute a command on a remote machine without physically logging in to that machine. Full interactivity for console applications is provided. No client software installation is required. read more...

Click here for more details

netps - Lists active processes


The execution of a command is known as a process. All multi-user operating systems have to run more than one process at the same time. netps is a unix-like process listing command ps,from Net-Square, that provides you with detailed information about active processes. Netps is part of the Net-Square suite of tools and will work on the Windows family of products. read more...

Click here for more details

netport - Port-to-process mapping tool


The ability to determine which processes own which ports on your system. Existing Port-to-process mapping tools besides being difficult to set up, require client software to be installed on the remote systems that you wish to access.There are many times you'll look at the results of a port-to-process mapper and wish to know the command-line arguments a particular process has been started with. Surprisingly, none of the available port-to-process mappers provide this capability. Only netport allows you to determine the command line arguments of each process. NetPort also allows you to take MD5 hashes of the running processes.

Click here for more details

netservice - Service Management


Services in MS-Windows™ impact the functioning of a system. With a default installation of MS-Windows™, many unnecessary services are installed and are automatically enabled at startup. It is a tedious job for administrators to stop or uninstall unnecessary services on each individual computer.netservice allows you to manage installed services on local and remote machines without physically logging in to the machine. This tool helps system administrators in performing housekeeping tasks and security auditors in checking the services running on remote systems when direct access is not always possible. 

Click here for more details

netxslt - XML to HTML Convertor


XML is now the most acceptable format for data representation as it provides an efficient and structured method to handle data. But when this data has to be presented as a report, a pure XML file is insufficient. A better way to represent data is by using HTML. To convert the XML data file to an HTML document, XSLT is used.netxslt helps you to convert XML in to HTML with the help of correspoinding XSL.

Click here for more details

MSNPawn – Web application Footprinting, Profiling & Assessment tool


MSNPawn has been designed and developed on the .Net framework and must be installed on the system. It is web application Footprinting, Profiling & Assessment tool using MSN Search web APIs. It has utilities like MSNHostFP, MSNDomainFP, MSNCrossDomainFP, MSNCrawler, MSNFetch, Search.MSN. Whitepaper is included for better understanding for all these utilities.

Click here for more details