OffSec Blog

SECURITY EDUCATION, PRIVACY GUIDANCE, THREAT AWARENESS, OPEN SOURCE TOOLS, RESEARCH NOTES, AND RESPONSIBLE TECHNOLOGY CONTENT

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...

  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...

  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...

  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...

  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...

  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...

Monday, January 4, 2016

OWASP ZAP 2.4.1 - Penetration Testing Tool for Testing Web Applications

      , , ,       No comments    


The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Release 2.4.1

This release includes important security fixes - users are urged to upgrade asap.

One of the changes means that an API key is created by default, which means that any applications using the ZAP API will fail unless they are updated to use that key. The API Key can be found in the API Options screenYou can also set it from the command line using an option like:
-config api.key=change-me-9203935709
The following changes were made in this release:

Enhancements:
  • Issue 321 : Support multiple databases
  • Issue 1459 : Add an HTTP sender listener script
  • Issue 1500 : Update Bouncy Castle libs
  • Issue 1566 : Improve active scan's reported progress
  • Issue 1573 : Add option to inject plugin ID in header for all ascan requests
  • Issue 1607 : Unable to save the test session via API
  • Issue 1621 : AScan API - Allow to scan as an user
  • Issue 1625 : Support multiple structural params and ones on top level nodes
  • Issue 1653 : Support context menu key for trees
  • Issue 1655 : Copy Session Token from Http Sessions tab to clipboard
  • Issue 1662 : Add default Rails anti-CSRF token parameter
  • Issue 1664 : Clients tab autoscroll
  • Issue 1684 : Unable to set technology via API
  • Issue 1688 : Updating owasp/zap2docker image with Python Client API
  • Issue 1690 : Bump key pair size to 2048 for all certs in the (proxy's) chain of trust
  • Issue 1695 : Change SSL cert signature algorithm to "SHA-256 with RSA Encryption"
  • Issue 1699 : Allow ApiImplementor's to add custom headers
  • Issue 1715 : Unable to pass arguments when launching ZAP from the command line on Mac OS X
  • Issue 1728 : Update JRE to 1.7u79 (CPU) for MacOS

Bug fixes:
  • Issue 444 : Guaranteed NPE on AliasCertificate.getName() if getCN()==null
  • Issue 1442 : Up/Down arrow keys in results stop working if "reflected"
  • Issue 1473 : Spider does not handle URLs extracted from meta tags correctly
  • Issue 1497 : The spider is extracting and reporting links from comments - event when instructed not to do so
  • Issue 1598 : startup script lacks support for FreeBSD
  • Issue 1615 : Search "All" option not working
  • Issue 1617 : ZAP 2.4.0 throws HeadlessExceptions when running in daemon mode on headless machine
  • Issue 1618 : Target Technology Not Honored
  • Issue 1619 : Search regex might not be validated
  • Issue 1624 : Error while loading ZAP 2.4.0
  • Issue 1626 : Structural parameters not saved when context exported and not available via the API
  • Issue 1636 : Users (for auth) & Forced User not loaded from session
  • Issue 1647 : Wrong reference in Zest Result
  • Issue 1674 : Ajax spider not considering get parameters
  • Issue 1677 : Fuzzers can't be expanded on OS X
  • Issue 1694 : "Error: setting file is missing. Program will exit." even if file exists
  • Issue 1698 : Escape API exceptions
  • Issue 1700 : Forced Browse Lists Missing from Drop-Down in 2.4.0
  • Issue 1706 : Add API security options
  • Issue 1708 : Context's technology tree can get out of sync
  • Issue 1709 : Applications are not (immediately) shown after start
  • Issue 1714 : PNH should not reflect API key unless user supplies it
  • Issue 1716 : Restrict use of CORS header in pnh
  • Issue 1720 : Add more security options for JSONP API
  • Issue 1724 : Ensure API component names are escaped in the HTML output
  • Issue 1735 : Context's technologies not used in active scan unless overridden

Share:

PEframe - Tool to perform static analysis on Portable Executable malware

      , , , ,       No comments    

PEframe is a open source tool to perform static analysis on Portable Executable malware.

Usage
$ peframe malware.exe
$ peframe [--option] malware.exe

Options
--json         Output in json

--import       Imported function and dll
--export       Exported function and dll

--dir-import   Import directory
--dir-export   Export directory
--dir-resource Resource directory
--dir-debug    Debug directory
--dir-tls      TLS directory

--strings      Get all strings
--sections     Sections information
--dump         Dump all information

Install
Prerequisites
Python 2.6.5 -> 2.7.x
Install
from pypi
# pip install https://github.com/guelfoweb/peframe/archive/master.zip
from git
$ git clone https://github.com/guelfoweb/peframe.git

$ cd peframe

# python setup.py install

Example
$ peframe malware.exe

Short information
------------------------------------------------------------
File Name          malware.exe
File Size          935281 byte
Compile Time       2012-01-29 22:32:28
DLL                False
Sections           4
Hash MD5           cae18bdb8e9ef082816615e033d2d85b
Hash SAH1          546060ad10a766e0ecce1feb613766a340e875c0
Imphash            353cf96592db561b5ab4e408464ac6ae
Detected           Xor, Sign, Packer, Anti Debug, Anti VM
Directory          Import, Resource, Debug, Relocation, Security

XOR discovered
------------------------------------------------------------
Key length         Offset (hex)       Offset (dec)
1                  0x5df4e            384846
2                  0x5df4e            384846
4                  0x5df4e            384846
8                  0x5df4e            384846

Digital Signature
------------------------------------------------------------
Virtual Address    12A200
Block Size         4813 byte
Hash MD5           63b8c4daec26c6c074ca5977f067c21e
Hash SHA-1         53731a283d0c251f7c06f6d7d423124689873c62

Packer matched [4]
------------------------------------------------------------
Packer             Microsoft Visual C++ v6.0
Packer             Microsoft Visual C++ 5.0
Packer             Microsoft Visual C++
Packer             Installer VISE Custom

Anti Debug discovered [9]
------------------------------------------------------------
Anti Debug         FindWindowExW
Anti Debug         FindWindowW
Anti Debug         GetWindowThreadProcessId
Anti Debug         IsDebuggerPresent
Anti Debug         OutputDebugStringW
Anti Debug         Process32FirstW
Anti Debug         Process32NextW
Anti Debug         TerminateProcess
Anti Debug         UnhandledExceptionFilter

Anti VM Trick discovered [2]
------------------------------------------------------------
Trick              Virtual Box
Trick              VMware trick

Suspicious API discovered [35]
------------------------------------------------------------
Function           CreateDirectoryA
Function           CreateFileA
Function           CreateFileMappingA
Function           CreateToolhelp32Snapshot
Function           DeleteFileA
Function           FindFirstFileA
Function           FindNextFileA
Function           GetCurrentProcess
Function           GetFileAttributesA
Function           GetFileSize
Function           GetModuleHandleA
Function           GetProcAddress
Function           GetTempPathA
Function           GetTickCount
Function           GetUserNameA
Function           GetVersionExA
Function           InternetCrackUrlA
Function           LoadLibraryA
Function           MapViewOfFile
Function           OpenProcess
Function           Process32First
Function           Process32Next
Function           RegCloseKey
Function           RegCreateKeyA
Function           RegEnumKeyExA
Function           RegOpenKeyA
Function           RegOpenKeyExA
Function           Sleep
Function           WSAStartup
Function           WriteFile
Function           closesocket
Function           connect
Function           recv
Function           send
Function           socket

Suspicious Sections discovered [2]
------------------------------------------------------------
Section            .data
Hash MD5           b896a2c4b2be73b89e96823c1ed68f9c
Hash SHA-1         523d58892f0375c77e5e1b6f462005ae06cdd0d8
Section            .rdata
Hash MD5           41795b402636cb13e2dbbbec031dbb1a
Hash SHA-1         b674141b34f843d54865a399edfca44c3757df59

File name discovered [43]
------------------------------------------------------------
Binary             wiseftpsrvs.bin
Data               ESTdb2.dat
Data               Favorites.dat
Data               History.dat
Data               bookmark.dat
Data               fireFTPsites.dat
Data               quick.dat
Data               site.dat
Data               sites.dat
Database           FTPList.db
Database           sites.db
Database           NovaFTP.db
Executable         unleap.exe
Executable         explorer.exe
FTP Config         FTPVoyager.ftp
Library            crypt32.dll
Library            kernel32.dll
Library            mozsqlite3.dll
Library            userenv.dll
Library            wand.dat
Library            wininet.dll
Library            wsock32.dll
Text               Connections.txt
Text               ftplist.txt
Text               signons.txt
Text               signons2.txt
Text               signons3.txt

Url discovered [2]
------------------------------------------------------------
Url                RhinoSoft.com
Url                http://0uk.net/zaaqw/gate.php

Meta data found [4]
------------------------------------------------------------
CompiledScript      AutoIt v3 Script
FileVersion         3, 3, 8, 1
FileDescription
Translation         0x0809 0x04b0


Share:

Burp Suite Professional v1.6.23 - The Leading Toolkit for Web Application Security Testing

      , , ,       No comments    



Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Burp Suite contains the following key components:
  • An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
  • An application-aware Spider, for crawling content and functionality.
  • An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
  • An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
  • A Repeater tool, for manipulating and resending individual requests.
  • A Sequencer tool, for testing the randomness of session tokens.
  • The ability to save your work and resume working later.
  • Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.

Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.

Release Notes

v1.6.23

This release adds a new scan check for external service interaction and out-of-band resource load via injected XML doctype tags containing entity parameters. Burp now sends payloads like:

<?xml version='1.0' standalone='no'?><!DOCTYPE foo [<!ENTITY % f5a30 SYSTEM "http://u1w9aaozql7z31394loost.burpcollaborator.net">%f5a30; ]>

and reports an appropriate issue based on any observed interactions (DNS or HTTP) that reach the Burp Collaborator server.

The release also fixes some issues:

  • Some bugs affecting the saving and restoring of Burp state files.
  • A bug in the Collaborator server where the auto-generated self-signed certificate does not use a wildcard prefix in the CN. This issue only affects private Collaborator server deployments where a custom SSL certificate has not been configured.

Share:

BWA - OWASP Broken Web Applications Project

      , , ,       No comments    


A collection of vulnerable web applications that is distributed on a Virtual Machine.

Description

The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:
  • learning about web application security
  • testing manual assessment techniques
  • testing automated tools
  • testing source code analysis tools
  • observing web attacks
  • testing WAFs and similar code technologies

All the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch.


Share:

SET v6.5 - The Social-Engineer Toolkit “Mr Robot”

      , ,       No comments    


The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.

The Social-Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. TrustedSec believes that social-engineering is one of the hardest attacks to protect against and now one of the most prevalent. The toolkit has been featured in a number of books including the number one best seller in security books for 12 months since its release, “Metasploit: The Penetrations Tester’s Guide” written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni.

The next major revision of The Social-Engineer Toolkit (SET) v6.5 codename “Mr Robot” has just been released. The codename is in celebration of the TV show Mr Robot featuring SET last night! Kudos to them for having some amazing tech writers and appreciate the shoutout on the show.


 This version incorporates a new HTA web attack vector (thanks Justin Elze aka ginger) for sharing the attack vector with me. This attack allows you to clone a website and inject an HTA file which compromises the system.

Additionally, SET added a lot of the new exploits including the hacking team adobe zero-day, and others from Metasploit.

Full changelog below:
~~~~~~~~~~~~~~~~
version 6.5
~~~~~~~~~~~~~~~~
* added brand new attack vector HTA attack and incorporated powershell injection into it
* fixed a prompt that would cause double IP questions in certain attack vectors
* slimmed down powershell injection http/https attack vectors in order to use in payload delivery
* added exploit to browser attack Adobe Flash Player ByteArray Use After Free (2015-07-06)
* added exploit to browser attack Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow (2015-06-23)
* added exploit to browser attack Adobe Flash Player Drawing Fill Shader Memory Corruption (2015-05-12)

Supported platforms
  • Linux
  • Windows (experimental)

Share:

IVRE - A Python network recon framework, based on Nmap, Bro & p0f

      , , ,       No comments    


IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks) is a network recon framework, including two modules for passive recon (one p0f-based and one Bro-based) and one module for active recon (mostly Nmap-based, with a bit of ZMap).
The advertising slogans are:
  • (in French): IVRE, il scanne Internet.
  • (in English): Know the networks, get DRUNK!
The names IVRE and DRUNK have been chosen as a tribute to "Le Taullier".

External programs / dependencies

IVRE relies on:
  • Python 2, version 2.6 minimum
  • Nmap & ZMap
  • Bro & p0f
  • MongoDB, version 2.6 minimum
  • a web server (successfully tested with Apache and Nginx, should work with anything capable of serving static files and run a Python-based CGI), although a test web server is now distributed with IVRE (httpd-ivre)
  • a web browser (successfully tested with recent versions of Firefox and Chromium)
  • Maxmind GeoIPfree databases
  • optionally Tesseract, if you plan to add screenshots to your Nmap scan results
  • optionally Docker & Vagrant (version 1.6 minimum)
IVRE comes with (refer to the LICENSE-EXTERNALfile for the licenses):

Passive recon

The following steps will show some examples of passive network recon with IVRE. If you only want active (for example, Nmap-based) recon, you can skip this part.

Using Bro

You need to run bro (2.3 minimum) with the option -b and the location of the passiverecon.bro file. If you want to run it on the eth0 interface, for example, run:
# mkdir logs
# bro -b /usr/local/share/ivre/passiverecon/passiverecon.bro -i eth0
If you want to run it on the capture file (capture needs to a PCAP file), run:
$ mkdir logs
$ bro -b /usr/local/share/ivre/passiverecon/passiverecon.bro -r capture
This will produce log files in the logs directory. You need to run a passivereconworker to process these files. You can try:
$ passivereconworker --directory=logs
This program will not stop by itself. You can (p)kill it, it will stop gently (as soon as it has finished to process the current file).

Using p0f

To start filling your database with information from the eth0interface, you just need to run (passiverecon is just a sensor name here):
# p0f2db -s passiverecon iface:eth0
And from the same capture file:
$ p0f2db -s passiverecon capture

Using the results

You have two options for now:
  • the ipinfo command line tool
  • the db.passive object of the ivre.db Python module
For example, to show everything stored about an IP address or a network:
$ ipinfo 1.2.3.4
$ ipinfo 1.2.3.0/24
See the output of ipinfo --help.
To use the Python module, run for example:
$ python
>>> from ivre.db import db
>>> db.passive.get(db.passive.flt_empty)[0]
For more, run help(db.passive) from the Python shell.

Active recon

Scanning

The easiest way is to install IVRE on the "scanning" machine and run:
# runscans --routable --limit 1000 --output=XMLFork
This will run a standard scan against 1000 random hosts on the Internet by running 30 nmap processes in parallel. See the output of runscans --help if you want to do something else.
When it's over, to import the results in the database, run:
$ nmap2db -c ROUTABLE-CAMPAIGN-001 -s MySource -r scans/ROUTABLE/up
Here, ROUTABLE-CAMPAIGN-001 is a category (just an arbitrary name that you will use later to filter scan results) and MySource is a friendly name for your scanning machine (same here, an arbitrary name usable to filter scan results; by default, when you insert a scan result, if you already have a scan result for the same host address with the same source, the previous result is moved to an "archive" collection (fewer indexes) and the new result is inserted in the database).
There is an alternative to installing IVRE on the scanning machine that allows to use several agents from one master. See the AGENT file, the program runscans-agent for the master and the agent/ directory in the source tree.

Using the results

You have three options:
  • the scancli command line tool
  • the db.nmap object of the ivre.db Python module
  • the web interface

CLI: scancli

To get all the hosts with the port 22 open:
$ scancli --port 22
See the output of scancli --help.

Python module

To use the Python module, run for example:
$ python
>>> from ivre.db import db
>>> db.nmap.get(db.nmap.flt_empty)[0]
For more, run help(db.nmap) from the Python shell.

Web interface

The interface is meant to be easy to use, it has its own documentation.


Share:

Passgen - Random Character Generator Crunch to Crack WPA/WPA2

      , , , ,       No comments    



Passgen is an alternative for the random character generator crunch which attempts to solve cracking WPA/WPA2 keys by randomizing the output opposed to generating a list like so, (aaaaaaaa, aaaaaaab, aaaaaac, etc).

Example usuage with aircrack-ng 
python passgen.py -l | sudo aircrack-ng --bssid 00:11:22:33:44:55 -w- WiFi.cap)

Argument switches are as followed: 
-l lowercase ascii
-l1 lowercase ascii + digits(0-9)
-U uppercase ascii
-U1 uppercase ascii + digits
-lU lowercase + uppercase ascii
-lU1 lowercase + uppercase ascii + digits
-C [char] [length] custom character set + length


Share:

Lynis 2.1.1 - Security Auditing Tool for Unix/Linux Systems

      , ,       No comments    




Lynis is an open source security auditing tool. Commonly used by system administrators, security professionals and auditors, to evaluate the security defenses of their Linux/Unix based systems. It runs on the host itself, so it can perform very extensive security scans.

Supported operating systems

The tool has almost no dependencies, therefore it runs on almost all Unix based systems and versions, including:
  • AIX
  • FreeBSD
  • HP-UX
  • Linux
  • Mac OS
  • NetBSD
  • OpenBSD
  • Solaris
  • and others
It even runs on systems like the Raspberry Pi and several storage devices!

No installation required

The tool is very flexible and easy to use. It is one of the few tools, in which installation is optional. Just place it on the system, give it a command like "audit system", and it will run. It is written in shell script and released as open source software (GPL).

How it works

Lynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.

Steps
  1. Determine operating system
  2. Search for available tools and utilities
  3. Check for Lynis update
  4. Run tests from enabled plugins
  5. Run security tests per category
  6. Report status of security scan
During the scan, technical details about the scan are stored in a log file. At the same time findings (warnings, suggestions, data collection), are stored in a report file.

Opportunistic scanning

Lynis scanning is opportunistic: it uses what it can find.
For example if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers a SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates, so they can be scanned later as well.

In-depth security scans

By performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!

Use cases

Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:
  • Security auditing
  • Compliance testing (e.g. PCI, HIPAA, SOx)
  • Vulnerability detection and scanning
  • System hardening

Resources used for testing

Many other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.
  • Best practices
  • CIS
  • NIST
  • NSA
  • OpenSCAP data
  • Vendor guides and recommendations (e.g. Debian Gentoo, Red Hat)

Parameters
--auditor "Given name Surname"     Assign an auditor name to the audit (report)
--checkall  -c  Start the check
--check-update     Check if Lynis is up-to-date
--cronjob     Run Lynis as cronjob (includes -c -Q)
--help  -h  Shows valid parameters
--manpage     View man page
--nocolors     Do not use any colors
--pentest     Perform a penetration test scan (non-privileged)
--quick  -Q  Don't wait for user input, except on errors
--quiet     Only show warnings (includes --quick, but doesn't wait)
--reverse-colors   Use a different color scheme for lighter backgrounds
--version  -V  Check program version (and quit)

Changelog
Lynis 2.1.1
=  Lynis 2.1.1 (2015-07-22)  =

    This release adds a lot of improvements, with focus on performance, and
    additional support for common Linux distributions and external utilities.
    We recommend to use this latest version.

    * Operating system enhancements
    -------------------------------
    Support for systems like CentOS, openSUSE, Slackware is improved.

    * Performance
    -------------
    Performance tuning has been applied, to speed up execution of the audit on
    systems with many files. This also includes code cleanups.

    * Automatic updates
    -------------------
    Initial work on an automatic updater has been implemented. This way Lynis
    can be scheduled for automatic updating from a trusted source.

    * Internal functions
    --------------------
    Not all systems have readlink, or the -f option of readlink. The
    ShowSymlinkPath function has been extended with a Python based check, which
    is often available.

    * Software support
    ------------------
    Apache module directory /usr/lib64/apache has been added, which is used on
    openSUSE.

    Support for Chef has been added.

    Added tests for CSF's lfd utility for integrity monitoring on directories and
    files. Related tests are FINT-4334 and FINT-4336.

    Added support for Chrony time daemon and timesync daemon. Additionally NTP
    sychronization status is checked when it is enabled.

    Improved single user mode protection on the rescue.service file.

    * Other
    -------
    Check for user permissions has been extended.
    Python binary is now detected, to help with symlink detection.
    Several new legal terms have been added, which are used for usage in banners.
    In several files old tests have been removed, to further clean up the code.

    * Bug fixes
    ---------
    Nginx test showed error when access_log had multiple parameters.
    Tests using locate won't be performed if not present.
    Fix false positive match on Squid unsafe ports [SQD-3624].
    The hardening index is now also inserted into the report if it is not displayed
    on screen.

    * Functions
    ---------
    Added AddSystemGroup function

    * New tests
    ---------
    Several new tests have been added:

    [PKGS-7366] Scan for debsecan utility on Debian systems
    [PKGS-7410] Determine amount of installed kernel packages
    [TIME-3106] Check synchronization status of NTP on systemd based systems
    [CONT-8102] Docker daemon status and gather basic details
    [CONT-8104] Check docker info for any Docker warnings
    [CONT-8106] Check total, running and unused Docker containers

    * Plugins
    ---------

    [PLGN-2602] Disabled by default, as it may be too slow for some machines
    [PLGN-3002] Extended with /sbin/nologin

    * Documentation
    ---------------
    A new document has been created to help with the process of upgrading Lynis.
    It is available at https://cisofy.com/documentation/lynis/upgrading/

  --------------------------------------------------------------


Share:

Egress-Assess - Tool used to Test Egress Data Detection Capabilities

      ,       No comments    



Egress-Assess is a tool used to test egress data detection capabilities.

Setup

To setup, run the included setup script, or perform the following:
  1. Install pyftpdlib
  2. Generate a server certificate and store it as "server.pem" on the same level as Egress-Assess. This can be done with the following command:
"openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes"

Usage

Typical use case for Egress-Assess is to copy this tool in two locations. One location will act as the server, the other will act as the client. Egress-Assess can send data over FTP, HTTP, and HTTPS.
To extract data over FTP, you would first start Egress-Assess’s FTP server by selecting “--server ftp” and providing a username and password to use:
./Egress-Assess.py --server ftp --username testuser --password pass123
Now, to have the client connect and send data to the ftp server, you could run...
./Egress-Assess.py --client ftp --username testuser --password pass123 --ip 192.168.63.149 --datatype ssn
Also, you can setup Egress-Assess to act as a web server by running....
./Egress-Assess.py --server https
Then, to send data to the FTP server, and to specifically send 15 megs of credit card data, run the following command...
./Egress-Assess.py --client https --data-size 15 --ip 192.168.63.149 --datatype cc


Share:
Established in 2015. Offensive Sec Blog has been sharing security research, hacking tools, threat intelligence, and offensive security content since 2015.
Copyright © OffSec Blog | Powered by OffensiveSec
Design by OffSec | Built for the security community