Project: Impost

2004-08-29: Latest release: 0.1rc1

MENU# SUMMARY | SCRIPTING | MANUAL | VIEWCVS | TESTING AND RESEARCH

DESCRIPTION

Impost is a network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons. There's two different kinds of operating modes used by Impost; It can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the command-line arguments.

While running, Impost keeps a history of incoming buffers for every connection it has to deal with. These histories are normally dropped when a socket is closed or a TH_FIN|TH_ACK flagged packet is received. However, if at anytime during a live connection a 'suspicious' buffer is detected, Impost will use the history corresponding with the connection to create a log file containing all of the received data including the suspicious buffer.

A side from creating a log file, Impost will also try to analyze the buffer which had been thought of as suspicious. Some of the things which Impost will look for are machine codes, nop sleds, shellcode signatures and a lot of other junk.

Impost is still in early stages of development so there is a lot of work that needs to be done. Even in these early stages, Impost proves to be an extremely powerful multi-purpose network debugging tool. Whether you're a software developer, a security consultant, systems administrator or hacker - you'll find Impost very useful if applied properly to whatever it is you do.

ANONYMOUS CVS ACCESS

You can download the latest Impost source code and updates via Impost's CVS respository hosted on sourceforge.net. To login in anonymously and check out the latest source, use the following steps:

1. Run the following command to login and when it askz you for a password just hit enter:

cvs -d:pserver:anonymous@cvs.sf.net:/cvsroot/impost login

2. After logging into the CVS repository, you can check out the latest source:

cvs -d:pserver:anonymous@cvs.sf.net:/cvsroot/impost checkout impost

Note: There's usually a 5 hour delay for the anonymous CVS server to update everytime something is committed. You can also browse the CVS repository with your web-browser thanx to SourceForge and ViewCVS by clicking here.

LATEST RELEASES

A side from the releases listed below, you have the option to download the `CVS-Current' release -- which is the project how it is today. impost-cvs-current.tar.gz. This is a lot less stable than the releases listed below, and is only intended for people that know exactly what they're doing.

(Online manual is available here)

impost-0.1rc2.tar.gz - (361,105 bytes)
- Released: 2004-10-04 - Version 0.1rc2
- MD5 Checksum: 1185fae3f103289f2d1bf29460aec311

impost-0.1rc1.tar.gz - (369,524 bytes)
- Released: 2004-08-29 - Version 0.1rc1
- MD5 Checksum: 41c2e3e9c2b19df1a0f2e20b7c6a565
- More translations for this version will be released in the near future

impost-0.1pre3.tar.gz - (249,360 bytes)
- Released: 2004-08-15 - Version 0.1pre3
- MD5 Checksum: fcf68ce7f3de06df1b77242fed58a682
- Fixes and Patches: 0.1pre3-solaris-fix.tar.gz

All files and releases for Impost

PLATFORMS

Impost has been tested on the following platforms:

Linux 2.6 [x86]
Linux 2.4 [x86]
Linux 2.4 [AMD64]
Solaris 9 [x86]
Solaris 9 [sparc]
OpenBSD 3.5 [x86]
OpenBSD 3.4 [x86]
FreeBSD 4.8 [x86]
FreeBSD 5.2.1 [x86]
Mac OS 10.3.4 (Panther) [ppc]

BUG REPORTING

Please submit bugs here: Bugs and Patches

Email: ziplock <ziplock@x86asm.org> or <sickbeatz@hotmail.com>

Last updated: $Date: Sun Aug 29 19:08:55 PDT 2004