WWW::Bugzilla. A simple API for creating, editing, and (soon) searching bugs in a bugzilla instance. The API is built on top of WWW::Mechanize. My simple bugzilla console client that uses this API. This was originally written by Matthew C. Vella. I took over development in 2006.

snortconfig. A rules modification system for snort that is generated from a configuration file. This allows a user to keep their ruleset updated without too much of a headache. Configuration is done using a basic INI style configuration. This contains the library, Net::Snort::Parser, a Perl snort rules parser.

Shmoocon Registration. I impelemented a shoping cart & registration system that is used for Shmoocon. At Shmoocon 4, during peak hours, we were checking in (on average) 1 person every 5 seconds. Have you ever been to a conference that registered that fast? Doubt it.

Metasploit. For a while, I had commit access to the Metasploit framework's SVN tree. My contributions were based mostly in code cleanup, unit tests, IDS evasions, and a few exploits. Once I have a bit more free time, I will start work on this project again.

honeysuckle. A simple Snort & Nessus correlation tool. At the time, someone was charging $40k for a product that I implemented in a few dozen lines of perl.

fake-rpc. A a portmap emulation service. I placed 3rd in the Honeyd Challenge with this tool.

wicap. "A captive portal that doesn't suck". Quite some time ago, I wrote this captive portal for a friend of mine's wireless ISP startup, Geekspeed Communications. At the time, all of the captive portals were awful. It worked well at the time. Someone took it and made a product out of it and I never saw a dime. Oh well.

fast uuid generation. It would be nice if the other UUID APIs were fast, but just using rand is by far the fastest.

uri-request.rb & index.asp.txt. A simple URI encoding verification tool, for knowing what a given webserver actually decodes. Uses the Metasploit ruby api.

unified.rb. A ruby API for parsing Snort binary log files.

unified-to-pcap.rb. A Snort binary log file to pcap converter, using the above ruby API.

add-delay.pl. A tool to add a set amount of delay between each packet in a given pcap file.

proxy-strip.pl. A regular expression stripping proxy, written to use as a socket based IPS.

Net::Analysis::Listener::HTTPDump. An additional API for Net::Analysis::Listener that extracts files downloaded via HTTP from pcap pcap files. perl -MNet::Analysis -e main HTTP HTTPDump http-file-transfer.pcap > /tmp/file.doc

fix-cksum.pl. A perl tool that uses NetPacket and Net::Pcap to fix checksums in a pcap file.

changetar.pl. A perl tool that uses Archive::Tar that sets file ownership to Root. Users & groups are leaked in normal tar files, this resets them to 0.

numbers.pl. A regular expression builder that builds a regular expression that looks for a number larger than a given size.

mime-forward. A tool that forwards attachments elsewhere, while passing just the plain text. Useful for forwarding email to your sidekick, which can't deal with the attachments anyway.

Org Chart Generator. At Sourcefire, the org chart was "classified" for a long time. Check it out. (Hint: Reload the org chart a few times to understand.)

mailman toast.pl. A tool to purge mailman moderator queues when you only have web access to the queue and you don't feel like reviewing all of the entries.

xdr.pl. A set of XDR string encode/decode functions.

scanf.pl. A simple scanf buffer overflow regex generation tool. For a given scanf string and a max string size, write a regular expression that detects an exploitation attempt.

web-chars.pl. Validate characters that a webserver ignores in various locations in a given web request. Add the file 'bad.html' with the contents "I am a bad bad man" on your target webserver, and you too can validate what your webserver actually handles in a given URI.

irssi-twitter.pl. A twitter plugin for irssi.