libqsearch provides an API for searching for a set of patterns. The API exists as a C library (for normal programs) and as a Linux kernel library (for in-kernel IDS). The patterns may be case sensitive or not, with wildcards and regexps. The API uses states that summarize the past searches, allowing it to handle patterns which overlap two or more buffers. It is also possible to replay a search on a given buffer with a stored state. The underlying search algorithm can be chosen by the user. The currently available algorithms include a simple one and an extended Boyer-Moore implementation. A skeleton and a test suite are available to help anyone write new search algorithms under the API.
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do about the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
shellforge enables you to write shellcode programs in C. It transforms C program code into shellcode that will run on a Linux/x86 system. It provides macros to substitute libc calls with direct system calls and a Python script to automate compilation, extraction, encoding, and tests.
Etherpuppet is a small program for Linux that will create a virtual interface (TUN/TAP) on one machine from the ethernet interface of another machine through a TCP connection. Everything seen by the real interface will be seen by the virtual one. Everything sent to the virtual interface will be emitted by the real one. It has been designed because one often has a small machine as his Internet gateway, and sometimes want to run some big applications that need raw access to this interface, for sniffing (Ethereal, etc.) or for crafting packets that do not survive being reassembled, NATed, etc. It can even run on Linux embedded routers such as the Linksys WRT54G.