2013-07-23 16:30:38 -06:00
|
|
|
The Fluffy Suite
|
|
|
|
============
|
|
|
|
|
|
|
|
Fluffy was begun in April 2011 in Tennessee,
|
|
|
|
as a replacement for the aging "dirtbags.ip" codebase.
|
|
|
|
It is comprised of multiple small standalone binaries,
|
|
|
|
which are meant to be chained together,
|
|
|
|
either on the command-line or from a shell script,
|
|
|
|
to create a more powerful (and specific) piece of software.
|
|
|
|
|
|
|
|
Usually, a program expects input on stdin,
|
|
|
|
and produces output on stdout.
|
|
|
|
Flags are sparse by design.
|
|
|
|
|
2017-08-08 18:14:02 -06:00
|
|
|
Fluffy source code is purposefully spartan and easy to audit.
|
|
|
|
Forks are encouraged,
|
|
|
|
please let me know if you make one.
|
|
|
|
|
2013-07-23 16:30:38 -06:00
|
|
|
|
2017-07-09 11:21:46 -06:00
|
|
|
How To Build
|
|
|
|
------------
|
|
|
|
|
2017-08-08 07:31:49 -06:00
|
|
|
curl -L https://github.com/dirtbags/fluffy/archive/master.tar.gz | tar xzvf -
|
2017-08-08 07:06:46 -06:00
|
|
|
cd fluffy-master
|
2017-08-08 06:56:13 -06:00
|
|
|
make DESTDIR=$HOME install
|
|
|
|
|
|
|
|
On an Ubuntu system,
|
|
|
|
you may need to log out, and log back in,
|
|
|
|
before the utilities are in your path.
|
|
|
|
|
|
|
|
On a non-Ubuntu system,
|
|
|
|
you may need to edit your `.bashrc` to add `$HOME/bin` to your `PATH`
|
|
|
|
environment variable.
|
2017-07-09 11:21:46 -06:00
|
|
|
|
|
|
|
|
|
|
|
Programs
|
|
|
|
--------
|
|
|
|
|
|
|
|
### hd: Hex Dump
|
2013-07-23 16:30:38 -06:00
|
|
|
|
|
|
|
Like the normal hd,
|
|
|
|
but with unicode characters to represent all 256 octets,
|
|
|
|
instead of using "." for unprintable characters.
|
|
|
|
|
2017-08-08 18:44:44 -06:00
|
|
|
$ printf "\0\x01\x02\x03\x30\x52\x9a" | hd
|
|
|
|
00000000 00 01 02 03 30 52 9a ┆·☺☻♥0RÜ┆
|
|
|
|
00000007
|
|
|
|
|
2013-07-23 16:30:38 -06:00
|
|
|
|
2017-07-09 11:21:46 -06:00
|
|
|
### unhex: unescape hex
|
|
|
|
|
|
|
|
Reads ASCII hex codes on stdin,
|
|
|
|
writes those octets to stdout.
|
|
|
|
|
2017-08-08 18:44:44 -06:00
|
|
|
$ echo 68 65 6c 6c 6f 0a | unhex
|
|
|
|
hello
|
2017-07-09 11:21:46 -06:00
|
|
|
|
|
|
|
|
2017-08-08 18:52:27 -06:00
|
|
|
### xor: xor octets
|
2017-07-09 11:21:46 -06:00
|
|
|
|
|
|
|
Applies the given mask as an xor to input.
|
|
|
|
The mask will be repeated,
|
|
|
|
so for a 1-value mask, every octet is xored against that value.
|
|
|
|
For a 16-value mask, the mask is applied to 16-octet chunks at a time.
|
|
|
|
|
|
|
|
The "-x" option treats values as hex.
|
|
|
|
|
2017-08-08 18:44:44 -06:00
|
|
|
$ printf 'hello' | xor 22; echo
|
|
|
|
~szzy
|
|
|
|
$ printf 'hello' | xor 0x16; echo
|
|
|
|
~szzy
|
|
|
|
$ printf 'hello' | xor -x 16; echo
|
|
|
|
~szzy
|
|
|
|
$ printf 'bbbbbb' | xor 1 0; echo
|
|
|
|
cbcbcb
|
2017-07-09 11:21:46 -06:00
|
|
|
|
|
|
|
|
2017-08-10 09:09:58 -06:00
|
|
|
### slice: slice octet stream
|
2017-08-08 17:55:05 -06:00
|
|
|
|
2017-08-10 09:09:58 -06:00
|
|
|
Slices up input octet stream,
|
|
|
|
similar to Python's slice operation.
|
2017-08-08 17:55:05 -06:00
|
|
|
|
2017-08-10 09:09:58 -06:00
|
|
|
~/src/fluffy $ printf '0123456789abcdef' | slice 2; echo
|
|
|
|
23456789abcdef
|
|
|
|
~/src/fluffy $ printf '0123456789abcdef' | slice 2 6; echo
|
|
|
|
2345
|
|
|
|
~/src/fluffy $ printf '0123456789abcdef' | slice 2 6 8; echo
|
|
|
|
234589abcdef
|
|
|
|
~/src/fluffy $ printf '0123456789abcdef' | slice 2 6 8 0xa
|
|
|
|
234589
|
2017-08-08 17:55:05 -06:00
|
|
|
|
|
|
|
|
2017-07-09 11:21:46 -06:00
|
|
|
### pcat: print text representation of pcap file
|
2013-07-23 16:30:38 -06:00
|
|
|
|
|
|
|
Prints a (lossy) text representation of a pcap file to stdout.
|
2017-08-08 17:55:05 -06:00
|
|
|
|
2013-07-23 16:30:38 -06:00
|
|
|
This program is the keystone of the Fluffy Suite.
|
|
|
|
By representing everything as text,
|
|
|
|
programmers can use any number of standard Unix text processing tools,
|
|
|
|
such as sed, awk, cut, grep, or head.
|
|
|
|
|
2017-08-08 17:55:05 -06:00
|
|
|
Output is tab-separated, of the format:
|
|
|
|
|
|
|
|
timestamp protocol options src dst payload
|
|
|
|
|
|
|
|
Frequently you are only interested in the payload,
|
|
|
|
so you can run pcat like:
|
|
|
|
|
|
|
|
cat myfile.pcap | pcat | cut -f 6
|
|
|
|
|
|
|
|
Remember the `unhex` program,
|
|
|
|
which will convert payloads to an octet stream,
|
|
|
|
after you have done any maniuplations you want.
|
|
|
|
|
2013-07-23 16:30:38 -06:00
|
|
|
|
2017-07-09 11:21:46 -06:00
|
|
|
### pmerge: merge pcap files
|
2013-07-23 16:30:38 -06:00
|
|
|
|
|
|
|
Takes a list of pcap files, assuming they are sorted by time
|
|
|
|
(you would have to work hard to create any other kind),
|
|
|
|
and merges them into a single sorted output.
|
|
|
|
|
|
|
|
|
2017-07-09 11:21:46 -06:00
|
|
|
### puniq: omit repeated frames
|
2013-07-23 16:30:38 -06:00
|
|
|
|
|
|
|
Removes duplicate frames from input,
|
|
|
|
writing to output.
|
|
|
|
|
|
|
|
|
2017-08-08 18:14:02 -06:00
|
|
|
### hex: hex-encode input
|
|
|
|
|
2017-08-08 18:44:44 -06:00
|
|
|
The opposite of `unhex`:
|
|
|
|
encoding all input into a single output line.
|
2017-08-08 18:14:02 -06:00
|
|
|
|
2017-08-10 09:09:58 -06:00
|
|
|
This differs from `hexdump` in the following ways:
|
|
|
|
|
|
|
|
* All input is encoded into a single line of output
|
|
|
|
* Does not output offsets
|
|
|
|
* Does not output glyph representations of octets
|
|
|
|
|
|
|
|
In other words: you can feed `hex` output into `unhex` with no manipulations.
|
|
|
|
|
2017-08-08 18:44:44 -06:00
|
|
|
$ printf "hello\nworld\n" | hex
|
|
|
|
68 65 6c 6c 6f 0a 77 6f 72 6c 64 0a
|
2017-08-08 17:55:05 -06:00
|
|
|
|
|
|
|
|
2017-07-09 11:21:46 -06:00
|
|
|
### pyesc: python escape input
|
2013-07-23 16:30:38 -06:00
|
|
|
|
|
|
|
Escapes input octets for pasting into a python "print" statement.
|
2017-08-08 18:44:44 -06:00
|
|
|
Also suitable for use as a C string,
|
|
|
|
a Go string,
|
|
|
|
and many other languages' string literals.
|
2013-07-23 16:30:38 -06:00
|
|
|
|
2017-08-08 18:44:44 -06:00
|
|
|
$ printf "hello\nworld\n" | pyesc
|
|
|
|
hello\nworld\n
|