priorities are based on our core strengths in this key focus area –
research. We (The Net Square team) are driven by our potential to
translate research efforts – our core strength – into innovative,
practical, effective solutions; solutions that impact the information
security industry. This focus is in keeping with our vision to blaze
trail in information security research. The team at Net-Square has an
enormous amount of experience in the information security and are
committed to bringing new and effective solutions to the increasing
need for securing information. Growing needs in the area of information
technology keeps us innovative.
like httprint, wschess and nstools are the outcome of our research
activities. Various whitepapers have been published at conferences and
leading information technology media websites. Net-Square has also
publish advisories concerning security issues in various products.
Net Square's team has published many whitepapers and some of the popular whitepapers are mentioned in the below link.
Mr. Saumil Shah (C.E.O of Net Square) has authored a book 'Web Hacking Attacks and Defence '
Net Square team has published advisories on following popular applications and technologies. NS-310107-GMAIL – Multiple problems in server-side session handling. NS-052005-ASPNET – Unhandled exception leads to file system disclosure and SQL injection. NS-012006-ASPNET-LDAP – Unhandled exception leads to LDAP injection disclosure.
tools and backdoor programs have enabled hackers to exploit information
technology to gain access to unauthorized and sensitive information.
Net-Square has been diligently working to develop specialized tools and
applications to combat this threat.
Tools and Applications
and application listed below have been developed by our team to
assist you in defending your organization against attacks.
MSNPawn – Web application Footprinting, Profiling & Assessment tool using MSN Search web APIs
tools and application are available for free for personal, educational
and non-commercial use only. You can download those from download
section on our website.
httprint – Web Server Fingerprinting Tool
of our security tools released is httprint, a web server fingerprinting
tool. httprint relies on web server characteristics to accurately
identify web servers, despite the fact that they may have been
obfuscated by changing the server banner strings, or by plug-ins such
as mod_security or servermask.
datapipe_http program essentially, software based on datapipe port
redirector originally written by Todd Vierling in 1995, , opens up a
connection with the HTTP proxy server, and uses the CONNECT server:port
HTTP/1.0 technique to open a plain bi-directional TCP connection to the
destination server. The TCP connection is then handed off to the
program that connects to the incoming datapipe listener port.
wsChess – Toolkit for Web Services Assessments and Defense
set of tools written C# for the .Net platform. This is a prototype,
released as beta with limited support at this point.It has the
- Web services footprinting, discovery, search & domain
footprinting tools. If you are looking for registered web services and
their access points, this tool will help you in retrieving information
from public UDDI.
- Web services profiling, proxy and audit tool. This tool helps in
profiling web services from its WSDL. It also allows you to invoke
methods and intercept them before they go on the wire to the target, so
that you can manipulate the SOAP envelope if needed. The autoaudit
feature allows you to inject characters and attack strings for
- This is a very simple technology demonstration for developers. This
is a regular expression-based defense for web services input content.
This is a hook in HTTP pipe using the HttpModule interface.
nstools -Net-Square Security ToolKit for Microsoft Windows Platform
part of this security toolkit, following are the software tools that
can be used on Microsoft Windows platform to perform various security
netexec - Remote Command Execution
command shell is a method of directly communicating with a remote
system via an instruction, or command line interface. Existing remote
command execution tools besides being difficult to set up, require
client software to be installed on the remote systems that you wish to
access.netexec allows you to execute a command on a remote machine
without physically logging in to that machine. Full interactivity for
console applications is provided. No client software installation is
required. read more...
execution of a command is known as a process. All multi-user operating
systems have to run more than one process at the same time. netps is a
unix-like process listing command ps,from Net-Square, that provides you
with detailed information about active processes. Netps is part of the
Net-Square suite of tools and will work on the Windows family of
products. read more...
ability to determine which processes own which ports on your system.
Existing Port-to-process mapping tools besides being difficult to set
up, require client software to be installed on the remote systems that
you wish to access.There are many times you'll look at the results of a
port-to-process mapper and wish to know the command-line arguments a
particular process has been started with. Surprisingly, none of the
available port-to-process mappers provide this capability. Only netport
allows you to determine the command line arguments of each process.
NetPort also allows you to take MD5 hashes of the running processes.
in MS-Windows™ impact the functioning of a system. With a default
installation of MS-Windows™, many unnecessary services are installed
and are automatically enabled at startup. It is a tedious job for
administrators to stop or uninstall unnecessary services on each
individual computer.netservice allows you to manage installed services
on local and remote machines without physically logging in to the
machine. This tool helps system administrators in performing
housekeeping tasks and security auditors in checking the services
running on remote systems when direct access is not always
is now the most acceptable format for data representation as it
provides an efficient and structured method to handle data. But when
this data has to be presented as a report, a pure XML file is
insufficient. A better way to represent data is by using HTML. To
convert the XML data file to an HTML document, XSLT is used.netxslt
helps you to convert XML in to HTML with the help of correspoinding XSL.
MSNPawn – Web application Footprinting, Profiling & Assessment tool
has been designed and developed on the .Net framework and must be
installed on the system. It is web application Footprinting, Profiling
& Assessment tool using MSN Search web APIs. It has utilities like
MSNHostFP, MSNDomainFP, MSNCrossDomainFP, MSNCrawler, MSNFetch,
Search.MSN. Whitepaper is included for better understanding for all