Bokken was recently introduced in Inguma penetration toolkit (version 0.3 to be precise!). Now, it has also been released as a stand-alone tool for malware analysis. In actuality, Bokken is a GUI for the pyew tool. So, you know that it can do all that pyew can, with a nice user interface.
o, what is pyew and what all can it do? Pyew is like another tool we wrote about – radare. Pyew is a (command line) python tool mainly, to analyze malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it does code analysis the right way), following direct call/jmp instructions, OLE2 format, PDF format (limited) and more. It also supports plugins to add more features to the tool. Now that is quiet a lot of functions!
However, it should be known that Bokken is not an hexadecimal editor neither a full featured disassembler as yet. So it should not be used for deep code analysis or you might want to avoid modifying files with Bokken. It’s intended to be a *iew like oriented tool, mainly, to analyze malware. Actually Bokken can parse and help in the analysis of PE/Elf, PDF and websites; any other file can be also opened and studied but Bokken won’t analyze it. To be precise, Bokken can help you scan the following:
> PE/Elf files can be analyzed in hexacecimal and disassembly formats and further information can be gained with the plugins.
> Web sites can also be analyzed for malware or security issues.
PDF files are supported and some features can aid in it’s examination for malicious code.
> Finally all other files can be studied whether they are in binary or plain text format.
Bokken requirements are just a few and easy to install. In order to get Bokken working you will need:
> Pyew
> PyGtk
> GtkSourceview2
> TidyLib
> Psyco
Download Bokken 1.0 (bokken-1.0.tar.gz/bokken-1.0.zip) here.
tq pentestit.com because sharing.
No comments:
Post a Comment