# Goal
To develop a framework of scripts that can read in pcap data (e.g. pdml) and output security scripts for use in bug hunting. 

# To Do
- Ability to apply filters into strings. Use case would be HTTP which each line is seperated using 0x0d 0x0a ("\r\n")
- sqlmap TODOs
-- support POST requests
-- support cookies
-- support useragent selection

# To Do Tools
- dirbuster or the like
- http method fuzzer
- python http library
- sqlninja
- web services tester? (bperry's tool)
- nmap check db?
-- given an input, what to check for in nmap, output a script to do that

# Known Bugs 
- some packets do not support a value field at the top of the tree which is used for the truth; there should be a workaround for this

# Example Usage 
The following example is how to create a sulley fuzzing file from giop traffic. 

1. Record traffic from BusinessObjects including CORBA traffic. This has been saved as pcap_samples/giop_sdk.pcap

2. Parse the traffic to one frame, storing it as a PDML file:

$. tshark -T pdml -r pcap_samples/giop_sdk.pcap "frame.number == 24" > pdml_samples/single_giop.pd
ml

This file is stored as pdml_samples/single_giop.pdml

3. Use stinkbug to output the sulley stub:

$. python stinkbug.py sulley pdml_samples/single_giop.pdml

>>
|+| Using /tmp/stinkbug_j231ehdi8w1ypirt6ya9.txt as a temporary file
#TOP:giop
#-GIOP Header
# TRUTH value:47494f50010100000000023c",pos:66,size:12
#--giop.magic
s_static("47494f50")
....
<<