Impost is a network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons. There's two different kinds of operating modes used by Impost; It can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the command-line arguments.
While running, Impost keeps a history of incoming buffers for every connection it has to deal with. These histories are normally dropped when a socket is closed or a TH_FIN|TH_ACK flagged packet is received. However, if at anytime during a live connection a 'suspicious' buffer is detected, Impost will use the history corresponding with the connection to create a log file containing all of the received data including the suspicious buffer.
A side from creating a log file, Impost will also try to analyze the buffer which had been thought of as suspicious. Impost will look for are machine codes, nop sleds, shellcode signatures and a lot of other junk.
Impost is still in early stages of development so there is a lot of work that needs to be done. Even in these early stages, Impost proves to be an extremely powerful multi-purpose network debugging tool. Whether you're a software developer, a security consultant, systems administrator or hacker - you'll find Impost very useful if applied properly to whatever it is you do.
What's New in This Release:
· src/impost.c: Discovered and fixed small bug.
· docs/: Updated several documents
· Updated some contact information
Product's homepage
Find us on Google+
