Ciphers

These ciphers are for education and research purposes only. Do not use them to encrypt anything you wouldn't want your mother or the Feds to read.

Substitution Cipher (sub.py)

Monographic substitution cipher based on the 7-bit ASCII alphabet. The key is an arbitrary-length string of ASCII characters. By varying the size of the key, sub.py acts as a simple shift cipher (1 char), Vigenere cipher (n chars), or Vernam cipher (one-time-pad) if the length of the key is the same as the length of the plaintext.
Auto Key Cipher (auto.py)

Autokey cipher based on the 7-bit ASCII alphabet. The key is an arbitrary-length string of ASCII characters. The autokey cipher works by prepending the plaintext with the key of length n, and then adding this new message to the plaintext. The result is that the first n characters of plaintext get combined with the key, and of the remaining characters, the ith character of plaintext gets combined with the i-nth character of plaintext.
Steganography: LSB Embedding

Experimental script that embeds a secret message into the least-significant bits of image pixels. For grayscale images, each pixel receives at most one message bit; for RGB color images, each color channel receives at most one message bit. The script selects embedding pixels randomly if a numerical seed is provided (see script header for synopsis). Message can be extracted with this script. Scripts use the Python Image Library and work on a variety of raster image formats.


Cybersecurity

These tools are for education and research purposes only. They are not to be used in an unauthorized or unlawful manner.

CAM Poisoning Man-in-the-Middle (switcheroo.py)

This tool facilitates a switch-directed MAC spoof attack to create a man-in-the-middle. This script is very immature, currently serving merely to demonstrate the feasibility of performing a strict Layer 2 man-in-the-middle. As a proof of concept, switcheroo.py currently only succeeds in establishing a man-in-the-middle under the artificial and relatively clean circumstance of ICMP echo requests/replies on the LAN. See this article for a discussion of its use.
ARP Spoofing Monitor (arpm.c)

I decided to learn a little libpcap, and this was the result. arpm.c is an ARP monitoring program that tries to detect ARP and MAC spoofing using a variety of methods. At its core, arpm.c is a sniffer that collects ARP packets and dynamically builds a table of IP-MAC pairings, and looks for changes in real-time as ARP packets traverse the subnet. See this article for a discussion of its use.
ARP Cache Inspection (garp.py)

If you fall victim to ARP cache poisoning, this little script might just save the day. Run it as a scheduled task: it detects duplicate ARP table entries, the smoking gun of ARP cache poisoning. Works on Linux and Windows!