Home

Welcome to Josh's Software

While I am not a true developer, I really enjoy programming. Regardless of the significance of programming to my employer, I am always learning new languages and working on (sometimes silly) projects at home. This page is a little index of the ones I'm willing to share.

Project Geekness Description
Groupage Scala, redistributable JAR Groupage is software that records target stats for your shooting hobby. With it, you can annotate images of your targets without doing the math yourself, and it really helps when you share target images with friends.
Plunder JAR
Documentation
Scala, SMB hacking My tool for rapidly "casing" SMB shares during penetration tests or security audits. I often find myself with access to lots of shares, and wondering where all the passwords, SSNs, and big files are. This is an attempt to automate this process somewhat. Now supports pass-the-hash!
Groups Target group analyzer, written in Processing This is a program I wrote for analyzing target shooting groups. There are certain stats that are worth keeping to evaluate accuracy and precision. This is written in Processing, which was my first foray into "real" Java in a long time (not that I can say I like it any more than I used to, but Processing is pretty neat).
reFORMer

sample use
HTTP form brute-forcer
I wanted something for brute-forcing web-based forms that worked the way I wanted it to work. This is it, for now. reFORMer provides sufficient glue for performing brute force attacks where the user is under complete control of the HTTP request for each authentication attempt.
j-nmap-mode elisp / pen-testing This is an Emacs major mode for highlighting Nmap scan output (in the ".nmap" format). It really helps compared to looking at flat text presentations of these files.
JArpMon C# ARP Monitor
screenshot
I was looking for something to watch ARP on my local subnet and tell me what hosts were talking, and couldn't find anything useful and simple for Windows. tcpdump was annoying to watch, and showed me redundant entries. JArpMon only reports new systems ARPing and requires WinPCap.
Photo Triage Haskell / gtk2hs I noticed that my wife was laboriously triaging results from her photo shoots with a manual process. This is an attempt to automate it given her particular needs.
SSNiper
(Josho.Org cache)
(documentation PDF)
C Security Tool I wrote a C-based recursive SSN finder. It does some false positive checking and checks zipped / archived files and a few other neat things. It is open sourced, but not owned by me.
chaffing Common Lisp / "Crypto" Chaffing and winnowing is an obfuscation technique that is technically not encryption. It is at least interesting.
dnsnet C Utility Sometimes I want to look up DNS entries for lots of IPs, be it a defined subnet or a list of IPs from a file.
luhn Ruby For reasons known only to me, I wanted to be able to generate Luhn algorithm check digits.
pw Haskell I ran across a pronouncable password generator once, and was frustrated at how poorly its results were adapted for typing. These are Haskell and Common Lisp versions of my pronouncable and typable password generator.
runfor C Linux Utility Sometimes you want to limit execution time of a command, but that command does not provide a configurable timeout. This tool lets you enforce a timeout for most well-behaved programs.
zfs-snapshots Ruby / ZFS / Solaris This is my solution for relatively configurable snapshot management for a ZFS implementation. I have used this at home to good effect.