Never Ending Security

It starts all here

Category Archives: Vulnerability’s

3 Websites For Vulnerability Research

Leave a comment Posted by NeverEndingSecurity on 27 August 2015

After doing some research, we have created a small list of websites that will help you to perform vulnerability research. Here it is,

1. Security Tracker

Security Tracker provides daily updating huge database to the users. It is really simple to use and effective. Anyone can search the site for latest vulnerability information listed under various categories. Best tool for security researchers.

2. Hackerstorm

Hackerstorm provides a vulnerability database tool, which allows users to get almost all the information about a particular vulnerability. Hackerstorm provides daily updates for free but source is available for those who wish to contribute and enhance the tool. Such huge data is provided by http://www.osvdb.org and its contributors.

3. Hackerwatch

Hackerwatch is not a vulnerability database, but it is a useful tool for every security researcher. It is mainly an online community where internet users can report and share information to block and identify security threats and unwanted traffic.

Anti Malware, Digital Forensics, Vulnerability's, Website's Vulnerability Research, Websites

The Logjam Attack

Leave a comment Posted by NeverEndingSecurity on 25 June 2015

In case you haven’t heard, there’s a new SSL/TLS vulnerability making the rounds. Nicknamed Logjam, the new attack is ‘special’ in that it may admit complete decryption or hijacking of any TLS connection you make to an improperly configured web or mail server. Worse, there’s at least circumstantial evidence that similar (and more powerful) attacks might already be in the toolkit of some state-level attackers such as the NSA.

This work is the result of an unusual collaboration between a fantastic group of co-authors spread all around the world, including institutions such as the University of Michigan, INRIA Paris-Rocquencourt, INRIA Paris-Nancy, Microsoft Research, Johns Hopkins and the University Of Pennsylvania. It’s rare to see this level of collaboration between groups with so many different areas of expertise, and I hope to see a lot more like it. (Disclosure: I am one of the authors.)

The absolute best way to understand the Logjam result is to read the technical research paper. This post is mainly aimed at people who want a slightly less technical form. For those with even shorter attention spans, here’s the TL;DR:

It appears that the the Diffie-Hellman protocol, as currently deployed in SSL/TLS, may be vulnerable to a serious downgrade attack that restores it to 1990s “export” levels of security, and offers a practical “break” of the TLS protocol against poorly configured servers. Even worse, extrapolation of the attack requirements — combined with evidence from the Snowden documents — provides some reason to speculate that a similar attack could be leveraged against protocols (including TLS, IPSec/IKE and SSH) using 768- and 1024-bit Diffie-Hellman.

I’m going to tackle this post in the usual ‘fun’ question-and-answer format I save for this sort of thing.

What is Diffie-Hellman and why should I care about TLS “export” ciphersuites?

Diffie-Hellman is probably the most famous public key cryptosystem ever invented. Publicly discovered by Whit Diffie and Martin Hellman in the late 1970s (and a few years earlier, in secret, by UK GCHQ), it allows two parties to negotiate a shared encryption key over a public connection.

Diffie-Hellman is used extensively in protocols such as SSL/TLS and IPSec, which rely on it to establish the symmetric keys that are used to transport data. To do this, both parties must agree on a set of parameters to use for the key exchange. In traditional (‘mod p‘) Diffie-Hellman, these parameters consist of a large prime number p, as well as a ‘generator’ g. The two parties now exchange keys as shown below:

Classical Diffie-Hellman (source).

TLS supports several variants of Diffie-Hellman. The one we’re interested in for this work is the ‘ephemeral’ non-elliptic (“DHE”) protocol variant, which works in a manner that’s nearly identical to the diagram above. The server takes the role of Alice, selecting (p, g, g^a mod p)and signing this tuple (and some nonces) using its long-term signing key. The client responds g^b mod p and the two sides then calculate a shared secret.

Just for fun, TLS also supports an obsolete ‘export’ variant of Diffie-Hellman. These export ciphersuites are a relic from the 1990s when it was illegal to ship strong encryption out of the country. What you need to know about “export DHE” is simple: it works identically to standard DHE, but limits the size of p to 512 bits. Oh yes, and it’s still out there today. Because the Internet.

How do you attack Diffie-Hellman?

The best known attack against a correct Diffie-Hellman implementation involves capturing the value g^aand solving to find the secret key a. The problem of finding this value is known as the discrete logarithm problem, and it’s thought to be a mathematically intractable, at least when Diffie-Hellman is implemented in cryptographically strong groups (e.g., when p is of size 2048 bits or more).

Unfortunately, the story changes dramatically when p is relatively small — for example, 512 bits in length. Given a value g^amod p for a 512-bit p, itshould at least be possible to efficiently recover the secret a and read traffic on the connection.

Most TLS servers don’t use 512-bit primes, so who cares?

The good news here is that weak Diffie-Hellman parameters are almost never used purposely on the Internet. Only a trivial fraction of the SSL/TLS servers out there today will organically negotiate 512-bit Diffie-Hellman. For the most part these are crappy embedded devices such as routers and video-conferencing gateways.

However, there is a second class of servers that are capable of supporting 512-bit Diffie-Hellman when clients request it, using a special mode called the ‘export DHE’ ciphersuite. Disgustingly, these servers amount to about 8% of the Alexa top million sites (and a whopping 29% of SMTP/STARTLS mail servers). Thankfully, most decent clients (AKA popular browsers) won’t willingly negotiate ‘export-DHE’, so this would also seem to be a dead end.

It isn’t.

ServerKeyExchange message (RFC 5246)

You see, before SSL/TLS peers can start engaging in all this fancy cryptography, they first need to decide which ciphers they’re going to use. This is done through a negotiation process in which the client proposes some options (e.g., RSA, DHE, DHE-EXPORT), and the server picks one.

This all sound simple enough. However, one of the early, well known flaws in SSL/TLS is the protocol’s failure to properly authenticate these ‘negotiation’ messages. In very early versions of SSL they were not authenticated at all. SSLv3 and TLS tacked on an authentication process — but one that takes place only at the end of the handshake.*

This is particularly unfortunate given that TLS servers often have the ability to authenticate their messages using digital signatures, but don’t really take advantage of this. For example, when two parties negotiate Diffie-Hellman, the parameters sent by the server are transmitted within a signed message called the ServerKeyExchange (shown at right). The signed portion of this message covers the parameters, but neglects to include any information about which ciphersuite the server thinks it’s negotiating. If you remember that the only difference between DHE and DHE-EXPORT is the size of the parameters the server sends down, you might start to see the problem.

Here it is in a nutshell: if the server supports DHE-EXPORT, the attacker can ‘edit’ the negotiation messages sent from the a client — even if the client doesn’t support export DHE — replacing the client’s list of supported ciphers with only export DHE. The server will in turn send back a signed 512-bit export-grade Diffie-Hellman tuple, which the client will blindly accept — because it doesn’t realize that the server is negotiating the export version of the ciphersuite.From its perspective this message looks just like ‘standard’ Diffie-Hellman with really crappy parameters.

Overview of the Logjam active attack (source: paper).

All this tampering should run into a huge snag at the end of the handshake, when he client and server exchange Finished messages embedding include a MAC of the transcript. At this point the client should learn that something funny is going on, i.e., that what it sent no longer matches what the server is seeing. However, the loophole is this: if the attacker can recover the Diffie-Hellman secret quickly — before the handshake ends — she can forge her own Finished messages. In that case the client and server will be none the wiser.

The upshot is that executing this attack requires the ability to solve a 512-bit discrete logarithm before the client and server exchange Finished messages. That seems like a tall order.

Can you really solve a discrete logarithm before a TLS handshake times out?

In practice, the fastest route to solving the discrete logarithm in finite fields is via an algorithm called the Number Field Sieve (NFS). Using NFS to solve a single 512-bit discrete logarithm instance requires several core-years — or about week of wall-clock time given a few thousand cores — which would seem to rule out solving discrete logs in real time.

However, there is a complication. In practice, NFS can actually be broken up into two different steps:

Pre-computation (for a given prime p). This includes the process of polynomial selection, sieving, and linear algebra, all of which depend only on p. The output of this stage is a table for use in the second stage.
Solving to find a (for a given g^amod p). The final stage, called the descent, uses the table from the precomputation. This is the only part of the algorithm that actually involves a specific g and g^a.

The important thing to know is that the first stage of the attack consumes the vast majority of the time, up to a full week on a large-scale compute cluster. The descent stage, on the other hand, requires only a few core-minutes. Thus the attack cost depends primarily on where the server gets its Diffie-Hellman parameters from. The best case for an attacker is when p is hard-coded into the server software and used across millions of machines. The worst case is when p is re-generated routinely by the server.

I’ll let you guess what real TLS servers actually do.

In fact, large-scale Internet scans by the team at University of Michigan show that most popular web servers software tends to re-use a small number of primes across thousands of server instances. This is done because generating prime numbers is scary, so implementers default to using a hard-coded value or a config file supplied by your Linux distribution. The situation for export Diffie-Hellman is particularly awful, with only two (!) primes used across up 92% of enabled Apache/mod_ssl sites.

Number of seconds to solve a
512-bit discrete log (source: paper).

The upshot of all of this is that about two weeks of pre-computation is sufficient to build a table that allows you to perform the downgrade against most export-enabled servers in just a few minutes (see the chart at right). This is fast enough that it can be done before the TLS connection timeout. Moreover, even if this is not fast enough, the connection can often be held open longer by using clever protocol tricks, such as sending TLS warning messages to reset the timeout clock.

Keep in mind that none of this shared prime craziness matters when you’re using sufficiently large prime numbers (on the order of 2048 bits or more). It’s only a practical issue you’re using small primes, like 512-bit, 768-bit or — and here’s a sticky one I’ll come back to in a minute — 1024 bit.

How do you fix the downgrade to export DHE?

The best and most obvious fix for this problem is to exterminate export ciphersuites from the Internet. Unfortunately, these awful configurations are the default in a number of server software packages (looking at you Postfix), and getting people to update their configurations is surprisingly difficult (see e.g., FREAK).

A simpler fix is to upgrade the major web browsers to resist the attack. The easy way to do this is to enforce a larger minimum size for received DHE keys. The problem here is that the fix itself causes some collateral damage — it will break a small but significant fraction of lousy servers that organically negotiate (non-export) DHE with 512 bit keys.

The good news here is that the major browsers have decided to break the Internet (a little) rather than allow it to break them. Each has agreed to raise the minimum size limit to at least 768 bits, and some to a minimum of 1024 bits. It’s still not perfect, since 1024-bit DHE may not be cryptographically sound against powerful attackers, but it does address the immediate export attack. In the longer term the question is whether to use larger negotiated DHE groups, or abandon DHE altogether and move to elliptic curves.

What does this mean for larger parameter sizes?

The good news so far is that 512-bit Diffie-Hellman is only used by a fraction of the Internet,even when you account for active downgrade attacks. The vast majority of servers use Diffie-Hellman moduli of length at least 1024 bits. (The widespread use of 1024 is largely due to a hard-cap in older Java clients. Go away Java.)

While 2048-bit moduli are generally believed to be outside of anyone’s reach, 1024-bit DHE has long been considered to be at least within groping range of nation-state attackers. We’ve known this for years, of course, but the practical implications haven’t been quite clear. This paper tries to shine some light on that, using Internet-wide measurements and software/hardware estimates.

If you recall from above, the most critical aspect of the NFS attack is the need to perform large amounts of pre-computation on a given Diffie-Hellman prime p, followed by a relatively short calculation to break any given connection that uses p. At the 512-bit size the pre-computation only requires about a week. The question then is, how much does it cost for a 1024-bit prime, and how common are shared primes?

While there’s no exact way to know how much the 1024-bit attack would cost, the paper attempts to provide some extrapolations based on current knowledge. With software, the cost of the pre-computation seems quite high — on the order of 35 million core-years. Making this happen for a given prime within a reasonable amount of time (say, one year) would appear to require billions of dollars of computing equipment if we assume no algorithmic improvements.Even if we rule out such improvements, it’s conceivable that this cost might be brought down to a few hundred million dollars using hardware. This doesn’t seem out of bounds when you consider leaked NSA cryptanalysis budgets.

What’s interesting is that the descent stage, required to break a given Diffie-Hellman connection, is much faster. Based on some implementation experiments by the CADO-NFSteam, it may be possible to break a Diffie-Hellman connection in as little as 30 core-days, with parallelization hugely reducing the wall-clock time. This might even make near-real-time decryption of Diffie-Hellman connections practical.

Is the NSA actually doing this?

So far all we’ve noted is that NFS pre-computation is at least potentially feasible when 1024-bit primes are re-used. That doesn’t mean the NSA is actually doing any of it.

There is some evidence, however, that suggests the NSA has decryption capability that’s at least consistent with such a break. This evidence comes from a series of Snowden documents published last winter in Der Spiegel. Together they describe a large-scale effort at NSA and GCHQ, capable of decrypting ‘vast’ amounts of Internet traffic, including IPSec, SSH and HTTPS connections.

NSA slide illustrating exploitation
of IPSec encrypted traffic (source: Spiegel).

While the architecture described by the documents mentions attacks against many protocols, the bulk of the energy seems to be around the IPSec and IKE protocols, which are used to establish Virtual Private Networks (VPNs) between individuals and corporate networks such as financial institutions.

The nature of the NSA’s exploit is never made clear in the documents, but diagram at right gives a lot of the architectural details. The system involves collecting Internet Key Exchange (IKE) handshakes, transmitting them to the NSA’s Cryptanalysis and Exploitation Services (CES) enclave, and feeding them into a decryption system that controls substantial high performance computing resources to process the intercepted exchanges. This is at least circumstantially consistent with Diffie-Hellman cryptanalysis.

Of course it’s entirely possible that the attack is based on a bad random number generator, weak symmetric encryption, or any number of engineered backdoors. There are a few pieces of evidence that militate towards a Diffie-Hellman break, however:

IPSec (or rather, the IKE key exchange) uses Diffie-Hellman for every single connection, meaning that it can’t be broken without some kind of exploit, although this doesn’t rule out the other explanations.
The IKE exchange is particularly vulnerable to pre-computation, since IKE uses a small number of standardized prime numbers called the Oakley groups, which are going on 17 years old now. Large-scale Internet scanning by the Michigan team shows that a majority of responding IPSec endpoints will gladly negotiate using Oakley Group 1 (768 bit) or Group 2 (1024 bit), even when the initiator offers better options.
The NSA’s exploit appears to require the entire IKE handshake as well as any pre-shared key (PSK). These inputs would be necessary for recovery of IKEv1 session keys, but are not required in a break that involves only symmetric cryptography.
The documents explicitly rule out the use of malware, or rather, they show that such malware (‘TAO implants’) is in use — but that malware allows the NSA to bypass the IKE handshake altogether.

I would stipulate that beyond the Internet measurements and computational analysis, this remains firmly in the category of ‘crazy-eyed informed speculation’. But while we can’t rule out other explanations, this speculation is certainly consistent with a hardware-optimized break of Diffie-Hellman 768 and 1024-bit, along with some collateral damage to SSH and related protocols.

So what next?

The paper gives a detailed set of recommendations on what to do about these downgrade attacks and (relatively) weak DHE groups. The website provides a step-by-step guide for server administrators. In short, probably the best long-term move is to switch to elliptic curves (ECDHE) as soon as possible. Failing this, clients and servers should enforce at least 2048-bit Diffie-Hellman across the Internet. If you can’t do that, stop using common primes.

Making this all happen on anything as complicated as the Internet will probably consume a few dozen person-lifetimes. But it’s something we have to do, and will do, to make the Internet work properly.

Notes:

* There are reasons for this. Some SSL/TLS ciphersuites (such as the RSA encryption-based ciphersuites) don’t use signatures within the protocol, so the only way to authenticate the handshake is to negotiate a ciphersuite, run the key exchange protocol, then use the resulting shared secret to authenticate the negotiation messages after the fact. But SSL/TLS DHE involves digital signatures, so it should be possible to achieve a stronger level of security than this. It’s unfortunate that the protocol does not.

Documents & Manuals, Guides and Tutorials, Hardening, Offensive, Vulnerability's Attack, Logjam

Raptor – A Web-based Source Code Vulnerability Scanner

Leave a comment Posted by NeverEndingSecurity on 21 April 2015

Raptor

Raptor is a web-based (web-serivce + UI) github centric source-vulnerability scanner i.e. it scans a repository with just the github repo url. You can setup webhooks to ensure automated scans everytime you commit or merge a pull request. The scan is done asynchonously and the results are available only to the user who initiated the scan.

Some of the features of the Raptor:

Plug-in architecture (plug and play external tools and generate unified reports)
Web-service can be leveraged for custom automation (without the need of the UI)
Easy to create/edit/delete signatures for new vulnerabilities and/or programming languages.

This tool is an attempt to help the community and start-up companies to emphasize on secure-coding. This tool may or may not match the features/quality of commercial alternatives, nothing is guaranteed and you have been warned. This tool is targetted to be used by security code-reviewers and/or developers with secure-coding experience to find vulnerability entrypoints during code-audits or peer reviews. Please DO NOT trust the tool’s output blindly. This is best-used if you plug Raptor into your CI/CD pipeline.

Version

0.1 beta

Tech

Integrated Plugins (currently):

Mozilla ScanJS – for client-Side JavaScript, Node.JS, FireFox OS support
Brakeman – for Ruby On Rails support
RIPS – for PHP support
[Android] – for insecure permissions

Avaiables Rulepacks (currently):

ActionScript – supports ActionScript 2.0 & 3.0 source/sinks
Java – partial support for Android. J2EE and JSP support yet to be added.

Installation (Tested on a Ubuntu 14.04 x64 LAMP instance)

Installation Video: YouTube Install

$ wget https://github.com/dpnishant/raptor/archive/master.zip -O raptor.zip

$ unzip raptor.zip
$ cd raptor-master
$ sudo sh install.sh

Usage

Scanner

Installation Video: YouTube Usage

cd raptor-master
sudo sh start.sh #starts the backend web-service

Now point your browser to Raptor Home

Rules Editor

You can use the bundled light-weight, GUI client-side rules editor for adding any new/custom rule(s) for your specific requirements(s) or any other plain-text editor as the rulepack files are just simple JSON structures. Use your browser to open rules located in ‘backend/rules’. When you are done, save your new/modified rules file in same directory i.e. ‘backend/rules’. All you need to do now is a minor edit, here: Init Script. Append your new rulepack filename to this array without the ‘.rulepack’ extension and restart the backend server. You are all set!

You can access it here: Rules Editor

Development

Want to contribute? Great! Get in touch with me if you have an idea or else feel free to fork and improve. :)

Contributors

Anant Shrivastava

License

GNU GPL v2.0

Free Software, Hell Yeah!

More information can be found on: https://github.com/dpnishant/raptor and on http://dpnishant.github.io/raptor

Guides and Tutorials, Tools, Vulnerability's, Web Apps Raptor

Securing Web Application Technologies – [SWAT] Checklist

Leave a comment Posted by NeverEndingSecurity on 14 April 2015

Securing Web Application Technologies
[SWAT] Checklist

The SWAT Checklist provides an easy to reference set of best practices that raise awareness and help development teams create more secure applications. It’s a first step toward building a base of security knowledge around web application security. Use this checklist to identify the minimum standard that is required to neutralize vulnerabilities in your critical applications.

ERROR HANDLING AND LOGGING

	DESCRIPTION	CWE ID
Display Generic Error Messages	Error messages should not reveal details about the internal state of the application. For example, file system path and stack information should not be exposed to the user through error messages.	CWE-209
No Unhandled Exceptions	Given the languages and frameworks in use for web application development, never allow an unhandled exception to occur. Error handlers should be configured to handle unexpected errors and gracefully return controlled output to the user.	CWE-391
Suppress Framework Generated Errors	Your development framework or platform may generate default error messages. These should be suppressed or replaced with customized error messages as framework generated messages may reveal sensitive information to the user.	CWE-209
Log All Authentication Activities	Any authentication activities, whether successful or not, should be logged.	CWE-778
Log All Privilege Changes	Any activities or occasions where the user’s privilege level changes should be logged.	CWE-778
Log Administrative Activities	Any administrative activities on the application or any of its components should be logged.	CWE-778
Log Access To Sensitive Data	Any access to sensitive data should be logged. This is particularly important for corporations that have to meet regulatory requirements like HIPAA, PCI, or SOX.	CWE-778
Do Not Log Inappropriate Data	While logging errors and auditing access is important, sensitive data should never be logged in an unencrypted form. For example, under HIPAA and PCI, it would be a violation to log sensitive data into the log itself unless the log is encrypted on the disk. Additionally, it can create a serious exposure point should the web application itself become compromised.	CWE-532
Store Logs Securely	Logs should be stored and maintained appropriately to avoid information loss or tampering by intruder. Log retention should also follow the retention policy set forth by the organization to meet regulatory requirements and provide enough information for forensic and incident response activities.	CWE-533

DATA PROTECTION

	DESCRIPTION	CWE ID
Use SSL Everywhere	Ideally, SSL should be used for your entire application. If you have to limit where it’s used then SSL must be applied to any authentication pages as well as all pages after the user is authenticated. If sensitive information (e.g. personal information) can be submitted before authentication those features must also be sent over SSL. EXAMPLE: Firesheep	CWE-311 CWE-319 CWE-523
Disable HTTP Access For All SSL Enabled Resources	For all pages requiring protection by SSL, the same URL should not be accessible via the non-SSL channel.	CWE-319
Use The Strict- Transport-Security Header	The Strict-Transport-Security header ensures that the browser does not talk to the server over non-SSL. This helps reduce the risk of SSL stripping attacks as implemented by the sslsniff tool.
Store User Passwords Using A Strong, Iterative, Salted Hash	User passwords must be stored using secure hashing techniques with a strong algorithm like SHA-256. Simply hashing the password a single time does not sufficiently protect the password. Use iterative hashing with a random salt to make the hash strong. EXAMPLE: LinkedIn password leak	CWE-257
Securely Exchange Encryption Keys	If encryption keys are exchanged or pre-set in your application then any key establishment or exchange must be performed over a secure channel
Set Up Secure Key Management Processes	When keys are stored in your system they must be properly secured and only accessible to the appropriate staff on a need to know basis.	CWE-320
Disable Weak SSL Ciphers On Servers	Weak SSL ciphers must be disabled on all servers. For example, SSL v2 has known weaknesses and is not considered to be secure. Additionally, some ciphers are cryptographically weak and should be disabled.
Use Valid SSL Certificates From A Reputable Ca	SSL certificates should be signed by a reputable certificate authority. The name on the certificate should match the FQDN of the website. The certificate itself should be valid and not expired. EXAMPLE: CA Compromise (http://en.wikipedia.org/wiki/DigiNotar)
Disable Data Caching Using Cache Control Headers And Autocomplete	Browser data caching should be disabled using the cache control HTTP headers or meta tags within the HTML page. Additionally, sensitive input fields, such as the login form, should have the autocomplete=off setting in the HTML form to instruct the browser not to cache the credentials.	CWE-524
Limit The Use And Storage Of Sensitive Data	Conduct an evaluation to ensure that sensitive data is not being unnecessarily transported or stored. Where possible, use tokenization to reduce data exposure risks.

CONFIGURATION AND OPERATIONS

	DESCRIPTION	CWE ID
Establish A Rigorous Change Management Process	A rigorous change management process must be maintained during change management operations. For example, new releases should only be deployed after process EXAMPLE: RBS production outage (http://www.computing.co.uk/ctg/analysis/2186972/rbs-wrong-rbs-manager)	CWE-439
Define Security Requirements	Engage the business owner to define security requirements for the application. This includes items that range from the whitelist validation rules all the way to nonfunctional requirements like the performance of the login function. Defining these requirements up front ensures that security is baked into the system.
Conduct A Design Review	Integrating security into the design phase saves money and time. Conduct a risk review with security professionals and threat model the application to identify key risks. The helps you integrate appropriate countermeasures into the design and architecture of the application.	CWE-701 CWE-656
Perform Code Reviews	Security focused code reviews can be one of the most effective ways to find security bugs. Regularly review your code looking for common issues like SQL Injection and Cross-Site Scripting.	CWE-702
Perform Security Testing	Conduct security testing both during and after development to ensure the application meets security standards. Testing should also be conducted after major releases to ensure vulnerabilities did not get introduced during the update process.
Harden The Infrastructure	All components of infrastructure that support the application should be configured according to security best practices and hardening guidelines. In a typical web application this can include routers, firewalls, network switches, operating systems, web servers, application servers, databases, and application frameworks.	CWE-15 CWE-656
Define An Incident Handling Plan	An incident handling plan should be drafted and tested on a regular basis. The contact list of people to involve in a security incident related to the application should be well defined and kept up to date.
Educate The Team On Security	Training helps define a common language that the team can use to improve the security of the application. Education should not be confined solely to software developers, testers, and architects. Anyone associated with the development process, such as business analysts and project managers, should all have periodic software security awareness training.

AUTHENTICATION

	DESCRIPTION	CWE ID
Don’t Hardcode Credentials	Never allow credentials to be stored directly within the application code. While it can be convenient to test application code with hardcoded credentials during development this significantly increases risk and should be avoided. EXAMPLE: Hard coded passwords in networking devices https://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf	CWE-798
Develop A Strong Password Reset System	Password reset systems are often the weakest link in an application. These systems are often based on the user answering personal questions to establish their identity and in turn reset the password. The system needs to be based on questions that are both hard to guess and brute force. Additionally, any password reset option must not reveal whether or not an account is valid, preventing username harvesting. EXAMPLE: Sara Palin password hack (http://en.wikipedia.org/wiki/Sarah_Palin_email_hack)	CWE-640
Implement A Strong Password Policy	A password policy should be created and implemented so that passwords meet specific strength criteria. EXAMPLE: http://www.pcworld.com/article/128823/study_weak_passwords_really_do_help_hackers.html	CWE-521
Implement Account Lockout Against Brute Force Attacks	Account lockout needs to be implemented to guard against brute forcing attacks against both the authentication and password reset functionality. After several tries on a specific user account, the account should be locked for a period of time or until manually unlocked. Additionally, it is best to continue the same failure message indicating that the credentials are incorrect or the account is locked to prevent an attacker from harvesting usernames.	CWE-307
Don’t Disclose Too Much Information In Error Messages	Messages for authentication errors must be clear and, at the same time, be written so that sensitive information about the system is not disclosed. For example, error messages which reveal that the userid is valid but that the corresponding password is incorrect confirms to an attacker that the account does exist on the system.
Store Database Credentials Securely	Modern web applications usually consist of multiple layers. The business logic tier (processing of information) often connects to the data tier (database). Connecting to the database, of course, requires authentication. The authentication credentials in the business logic tier must be stored in a centralized location that is locked down. Scattering credentials throughout the source code is not acceptable. Some development frameworks provide a centralized secure location for storing credentials to the backend database. These encrypted stores should be leveraged when possible.	CWE-257
Applications And Middleware Should Run With Minimal Privileges	If an application becomes compromised it is important that the application itself and any middleware services be configured to run with minimal privileges. For instance, while the application layer or business layer needs the ability to read and write data to the underlying database, administrative credentials that grant access to other databases or tables should not be provided.	CWE-250

SESSION MANAGEMENT

	DESCRIPTION	CWE ID
Ensure That Session Identifiers Are Sufficiently Random	Session tokens must be generated by secure random functions and must be of a sufficient length so as to withstand analysis and prediction.	CWE-6
Regenerate Session Tokens	Session tokens should be regenerated when the user authenticates to the application and when the user privilege level changes. Additionally, should the encryption status change, the session token should always be regenerated	CWE-384
Implement An Idle Session Timeout	When a user is not active, the application should automatically log the user out. Be aware that Ajax applications may make recurring calls to the application effectively resetting the timeout counter automatically.	CWE-613
Implement An Absolute Session Timeout	Users should be logged out after an extensive amount of time (e.g. 4-8 hours) has passed since they logged in. This helps mitigate the risk of an attacker using a hijacked session.	CWE-613
Destroy Sessions At Any Sign Of Tampering	Unless the application requires multiple simultaneous sessions for a single user, implement features to detect session cloning attempts. Should any sign of session cloning be detected, the session should be destroyed, forcing the real user to re-authenticate.
Invalidate The Session After Logout	When the user logs out of the application the session and corresponding data on the server must be destroyed. This ensures that the session can not be accidentally revived.	CWE-613
Place A Logout Button On Every Page	The logout button or logout link should be easily accessible to the user on every page after they have authenticated.
Use Secure Cookie Attributes (I.E. Httponly And Secure Flags)	The session cookie should be set with both the HttpOnly and the Secure flags. This ensures that the session id will not be accessible to client-side scripts and it will only be transmitted over SSL, respectively.	CWE-79 CWE-614
Set The Cookie Domain And Path Correctly	The cookie domain and path scope should be set to the most restrictive settings for your application. Any wildcard domain scoped cookie must have a good justification for its existence.
Set The Cookie Expiration Time	The session cookie should have a reasonable expiration time. Non-expiring session cookies should be avoided.

INPUT AND OUTPUT HANDLING

	DESCRIPTION	CWE ID
Conduct Contextual Output Encoding	All output functions must contextually encode data before sending it to the user. Depending on where the output will end up in the HTML page, the output must be encoded differently. For example, data placed in the URL context must be encoded differently than data placed in JavaScript context within the HTML page. EXAMPLE: Resource: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet	CWE-79
Prefer Whitelists Over Blacklists	For each user input field, there should be validation on the input content. Whitelisting input is the preferred approach. Only accept data that meets a certain criteria. For input that needs more flexibility, blacklisting can also be applied where known bad input patterns or characters are blocked.	CWE-159 CWE-144
Use Parameterized SQL Queries	SQL queries should be crafted with user content passed into a bind variable. Queries written this way are safe against SQL injection attacks. SQL queries should not be created dynamically using string concatenation. Similarly, the SQL query string used in a bound or parameterized query should never be dynamically built from user input. EXAMPLE: Sony SQL injection Hack (http://www.infosecurity-magazine.com/view/27930/lulzsec-sony-pictures-hackers-were-school-chums)	CWE-89 CWE-564
Use Tokens To Prevent Forged Requests	In order to prevent Cross-Site Request Forgery attacks, you must embed a random value that is not known to third parties into the HTML form. This CSRF protection token must be unique to each request. This prevents a forged CSRF request from being submitted because the attacker does not know the value of the token.	CWE-352
Set The Encoding For Your Application	For every page in your application set the encoding using HTTP headers or meta tags within HTML. This ensures that the encoding of the page is always defined and that browser will not have to determine the encoding on its own. Setting a consistent encoding, like UTF-8, for your application reduces the overall risk of issues like Cross-Site Scripting.	CWE-172
Validate Uploaded Files	When accepting file uploads from the user make sure to validate the size of the file, the file type, and the file contents as well as ensuring that it is not possible to override the destination path for the file.	CWE-434 CWE-616 CWE-22
Use The Nosniff Header For Uploaded Content	When hosting user uploaded content which can be viewed by other users, use the X-Content-Type-Options: nosniff header so that browsers do not try to guess the data type. Sometimes the browser can be tricked into displaying the data type incorrectly (e.g. showing a GIF file as HTML). Always let the server or application determine the data type.	CWE-430
Validate The Source Of Input	The source of the input must be validated. For example, if input is expected from a POST request do not accept the input variable from a GET request.	CWE-20 CWE-346
Use The X-Frame- Options Header	Use the X-Frame-Options header to prevent content from being loaded by a foreign site in a frame. This mitigates Clickjacking attacks. For older browsers that do not support this header add framebusting Javascript code to mitigate Clickjacking (although this method is not foolproof and can be circumvented). EXAMPLE: Flash camera and mic hack (http://jeremiahgrossman.blogspot.com/2008/10/clickjacking-web-pages-can-see-and-hear.html)	CAPEC-103 CWE-693
Use Content Security Policy (CsP) Or X-Xss- Protection Headers	Content Security Policy (CSP) and X-XSS-Protection headers help defend against many common reflected Cross-Site Scripting (XSS) attacks.	CWE-79 CWE-692

ACCESS CONTROL

	DESCRIPTION	CWE ID
Apply Access Controls Checks Consistently	Always apply the principle of complete mediation, forcing all requests through a common security “gate keeper.” This ensures that access control checks are triggered whether or not the user is authenticated.	CWE-284
Apply The Principle Of Least Privilege	Make use of a Mandatory Access Control system. All access decisions will be based on the principle of least privilege. If not explicitly allowed then access should be denied. Additionally, after an account is created, rights must be specifically added to that account to grant access to resources.	CWE-272 CWE-250
Don’t Use Direct Object References For Access Control Checks	Do not allow direct references to files or parameters that can be manipulated to grant excessive access. Access control decisions must be based on the authenticated user identity and trusted server side information.	CWE-284
Don’t Use Unvalidated Forwards Or Redirects	An unvalidated forward can allow an attacker to access private content without authentication. Unvalidated redirects allow an attacker to lure victims into visiting malicious sites. Prevent these from occurring by conducting the appropriate access controls checks before sending the user to the given location.	CWE-601

Advisory's, Documents & Manuals, Guides and Tutorials, Vulnerability's Checklist, SWAT

WAP – Web Application Protection

Leave a comment Posted by NeverEndingSecurity on 13 April 2015

WAP – Web Application Protection

WAP 2.0 is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP (version 4.0 or higher) and with a low rate of false positives.

WAP detects and corrects the following vulnerabilities:

SQL Injection (SQLI)
Cross-site scripting (XSS)
Remote File Inclusion (RFI)
Local File Inclusion (LFI)
Directory Traversal or Path Traversal (DT/PT)
Source Code Disclosure (SCD)
OS Command Injection (OSCI)
PHP Code Injection

This tool semantically analyses the source code. More precisely, it does taint analysis (data-flow analysis) to detect the input validation vulnerabilities. The aim of the taint analysis is to track malicious inputs inserted by entry points ($_GET, $_POST arrays) and to verify if they reaches some sensitive sink (PHP functions that can be exploited by malicious input). After the detection, the tool uses data mining to confirm if the vulnerabilities are real or false positives. At the end, the real vulnerabilities are corrected with the insertion of the fixes (small pieces of code) in the source code.

WAP is written in Java language and is constituted by three modules:

Code Analyzer: composed by tree generator and taint analyser. The tool has integrated a lexer and a parser generated by ANTLR, and based in a grammar and a tree grammar written to PHP language. The tree generator uses the lexer and the parser to build the AST (Abstract Sintatic Tree) to each PHP file. The taint analyzer performs the taint analysis navigating through the AST to detect potentials vulnerabilities.

False Positives Predictor: composed by a supervised trained data set with instances classified as being vulnerabilities and false positives and by the Logistic Regression machine learning algorithm. For each potential vulnerability detected by code analyser, this module collects the presence of the attributes that define a false positive. Then, the Logistic Regression algorithm receives them and classifies the instance as being a false positive or not (real vulnerability).

Code Corrector: Each real vulnerability is removed by correction of its source code. This module for the type of vulnerability selects the fix that removes the vulnerability and signalizes the places in the source code where the fix will be inserted. Then, the code is corrected with the insertion of the fixes and new files are created.

More information can be found at: http://sourceforge.net/projects/awap/files/

Defensive Security, Guides and Tutorials, Penetration Testing, Tools, Vulnerability's WAP

WebPwn3r – Web Applications Security Scanner.

Leave a comment Posted by NeverEndingSecurity on 13 April 2015

WebPwn3r

Web Applications Security Scanner

WebPwn3r is a Web Applications Security Scanner coded in Python to help Security Researchers to scan Multiple links in the same time against Remote Code/Command Execution & XSS Vulnerabilities.

WebPwn3r - Web Applications Security Scanner.

Features:

Scan a URL or List of URL’s
Detect and Exploit Remote Code Injection Vulnerabilities.
~ ~ ~ Remote Command Execution Vulnerabilities.
~ ~ ~ Typical XSS Vulnerabilities.
Detect WebKnight WAF.
Improved Payloads to bypass Security Filters/WAF’s.
Finger-Print the backend Technologies.

More information can be found at: https://github.com/zigoo0/webpwn3r and at: http://www.sec-down.com/wordpress/?p=373

Guides and Tutorials, Log and Monitoring, Networking, Penetration Testing, Vulnerability's WebPwn3r

Wapiti – a web-application vulnerability scanner

Leave a comment Posted by NeverEndingSecurity on 13 April 2015

Wapiti

Wapiti allows you to audit the security of your web applications.

This tool performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, tool acts like a fuzzer, injecting payloads to see if a script is vulnerable.

Wapiti can detect the following vulnerabilities :

File disclosure (Local and remote include/require, fopen, readfile…)
Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
XSS (Cross Site Scripting) injection (reflected and permanent)
Command Execution detection (eval(), system(), passtru()…)
CRLF Injection (HTTP Response Splitting, session fixation…)
XXE (XmleXternal Entity) injection
Use of know potentially dangerous files (thanks to the Nikto database)
Weak .htaccess configurations that can be bypassed
Presence of backup files giving sensitive information (source code disclosure)

Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference beetween permanent and reflected XSS vulnerabilities.

General features :

Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…)
Can suspend and resume a scan or an attack
Can give you colors in the terminal to highlight vulnerabilities
Different levels of verbosity
Fast and easy way to activate/deactivate attack modules
Adding a payload can be as easy as adding a line to a text file

Browsing features:

Support HTTP and HTTPS proxies
Authentication via several methods : Basic, Digest, Kerberos or NTLM
Ability to restrain the scope of the scan (domain, folder, webpage)
Automatic removal of a parameter in URLs
Safeguards against scan endless-loops (max number of values for a parameter)
Possibility to set the first URLs to explore (even if not in scope)
Can exclude some URLs of the scan and attacks (eg: logout URL)
Import of cookies
Can activate / deactivate SSL certificates verification
Extract URLs from Flash SWF files
Try to extract URLs from javascript (very basic JS interpreter)
HTML5 aware (understand recent HTML tags)Wapiti is a command-line application.
Here is an exemple of output against a vulnerable web application.
You may find some useful informations in the README and the INSTALL files.

more information can be found at: http://sourceforge.net/projects/wapiti/files/

Guides and Tutorials, Networking, Vulnerability's, Web Apps Wapiti

Top 10 Internal Vulnerabilities: February 2015

1 Comment Posted by NeverEndingSecurity on 9 April 2015

Top 10 Vulnerabilities

The Top 10 External and Top 10 Internal Vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world. Based on the Laws of Vulnerabilities, this information is computed anonymously from over 1 billion IP audits per year. The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems. The Top 10 Internal Vulnerabilities show this information for systems and networks inside the firewall.

The two Top 10 lists exclude vulnerabilities that do not have patches, even if workarounds are available, because these lists are tools to help prioritize remediation.

Top 10 Internal Vulnerabilities: February 2015

Title	QualysID	Ext. Reference
Microsoft Internet Explorer Cumulative Security Update (MS15-009) CVE-2014-8967, CVE-2015-0017, CVE-2015-0018, CVE-2015-0019, CVE-2015-0020, CVE-2015-0021, CVE-2015-0022, CVE-2015-0023, CVE-2015-0025, CVE-2015-0026, CVE-2015-0027, CVE-2015-0028, CVE-2015-0029, CVE-2015-0030, CVE-2015-0031, CVE-2015-0035, CVE-2015-0036,CVE-2015-0037, CVE-2015-0038, CVE-2015-0039, CVE-2015-0040, CVE-2015-0041, CVE-2015-0042, CVE-2015-0043, CVE-2015-0044, CVE-2015-0045, CVE-2015-0046, CVE-2015-0048, CVE-2015-0049, CVE-2015-0050, CVE-2015-0051, CVE-2015-0052, CVE-2015-0053, CVE-2015-0054,CVE-2015-0055, CVE-2015-0066, CVE-2015-0067, CVE-2015-0068, CVE-2015-0069, CVE-2015-0070, CVE-2015-0071	100220	MS15-009
Oracle Java SE Critical Patch Update – July 2014 CVE-2014-4227, CVE-2014-4219, CVE-2014-2490, CVE-2014-4216, CVE-2014-4247, CVE-2014-2483, CVE-2014-4223, CVE-2014-4262, CVE-2014-4209, CVE-2014-4265, CVE-2014-4220, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4268, CVE-2014-4264, CVE-2014-4221,CVE-2014-4244, CVE-2014-4263, CVE-2014-4208	122362	Oracle Java SE CPU July 2014
Adobe Flash Player and AIR Multiple Vulnerabilities (APSB14-24) CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441,CVE-2014-8442	122827	APSB14-024
MMicrosoft .Net Framework Elevation of Privilege Vulnerability (MS14-072) CVE-2014-4149	90997	MS14-072
Microsoft Windows Network Location Awareness Service Security Bypass Vulnerability (MS15-005) CVE-2015-0006	91007	MS15-005
Adobe Reader and Acrobat Multiple Vulnerabilities (APSB14-20) CVE-2014-0560, CVE-2014-0561, CVE-2014-0562, CVE-2014-0563, CVE-2014-0565, CVE-2014-0566, CVE-2014-0567, CVE-2014-0568, CVE-2014-9150	122663	APSB14-20
Microsoft Windows Application Compatibility Cache Elevation of Privilege Vulnerability (MS15-001) CVE-2015-0002	91005	MS15-001
Microsoft Windows Components Directory Traversal Information Disclosure Vulnerability (MS15-004) CVE-2015-0016	91012	MS15-004
Microsoft Windows Kerberos Elevation of Privilege Vulnerability (MS14-068) CVE-2014-6324	90998	MS14-068
Microsoft Word and Office Web Apps Remote Code Execution Vulnerability (MS14-081) CVE-2014-6356, CVE-2014-6357	110244	MS14-081

Top 10 External Vulnerabilities: February 2015

Title	QualysID	Ext. Reference
OpenSSL Multiple Remote Security Vulnerabilities CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298,CVE-2014-3470, CVE-2014-0076	38602	OpenSSL Security Advisory [05 Jun 2014]
Cisco IOS Malformed IPV4 Packet Denial of Service Vulnerability CVE-2003-0567	43051	No Reference
Apache HTTP Server Multiple Cross-Site Scripting Vulnerabilities CVE-2007-6388, CVE-2007-5000, CVE-2008-0005	12260	RHSA-2008-0004
SSL Server Allows Anonymous Authentication Vulnerability No CVE	38142	No Reference
OpenSSH Signal Handling Vulnerability CVE-2006-5051, CVE-2006-4924, CVE-2006-5052, CVE-2006-4925, CVE-2006-5229	38560	No Reference
Microsoft ASP.NET Denial of Service Vulnerability (KB2659883 and MS11-100) CVE-2011-3414, CVE-2011-3415, CVE-2011-3416, CVE-2011-3417	90764	KB2659883
SSH Protocol Version 1 Supported CVE-2001-1473	38304	No Reference
Internet Information Services (IIS) Could Allow Elevation of Privilege (MS09-020) CVE-2009-1535, CVE-2009-1122	86837	MS09-020
SSL Server Allows Cleartext Communication Vulnerability No CVE	38143	No Reference
OpenSSL Memory Leak Vulnerability (Heartbleed Bug) CVE-2014-0160	42430	OpenSSL vulnerabilities

Advisory's, Vulnerability's Top 10

WPScan WordPress Plugin Vulnerability Database

Leave a comment Posted by NeverEndingSecurity on 7 April 2015

Visit The WPScan Vulnerability Database at: https://wpvulndb.com/plugins

Guides and Tutorials, Vulnerability's, Web Apps Vulnerability Database, WPScan

WindowsRegistryRootkit – Kernel rootkit, that lives inside the Windows registry values data

Leave a comment Posted by NeverEndingSecurity on 7 April 2015

Kernel rootkit, that lives inside the Windows registry value data.
https://github.com/Cr4sh/WindowsRegistryRootkit

Rootkit uses the zero day vulnerability in win32k.sys (buffer overflow in function win32k!bInitializeEUDC()) to get the execution at the OS startup.

Features:

NDIS-based network backdoor (+ meterpreter/bind_tcp).
In order to avoid unknown executable code detection it moves itself in the memory over discardable sections of some default Windows drivers.
Completely undetectable by public anti-rootkit tools.
Working on Windows 7 (SP0, SP1) x86.

This rootkit was originally presented at the ZeroNights 2012 conference during my talk.
See the slides and videos for more information: http://dl.dropbox.com/u/22903093/Applied-anti-forensics.pdf

Offensive, Vulnerability's Rootkit, WindowsRegistryRootkit, Zero Day

prl_guest_to_host – Guest to host VM escape exploit for Parallels Desktop

Leave a comment Posted by NeverEndingSecurity on 7 April 2015

Guest to host VM escape exploit for Parallels Desktop.
Tested on Parallels Desktop 10 for Mac.

Works on all of the x86 and x64 Windows guests under the user accounts with any privileges level.

Known issues:

 * Command output might be missing when running from low-privileged user accounts.

More information at http://blog.cr4.sh/2014/11/simple-guest-to-host-vm-escape-for.html

Discovered by:    
Dmytro Oleksiuk
    
https://github.com/Cr4sh/prl_guest_to_host

Mac OS X, Offensive, Vulnerability's Exploit, Parallels Desktop

UEFI_boot_script_expl – CHIPSEC module that exploits UEFI boot script table vulnerability

Leave a comment Posted by NeverEndingSecurity on 7 April 2015

CHIPSEC module that exploits UEFI boot script table vulnerability.

This vulnerability was discovered by Rafal Wojtczuk and Corey Kallenberg, check 
original white paper:

https://frab.cccv.de/system/attachments/2566/original/venamis_whitepaper.pdf


More detailed exploit description:

http://blog.cr4.sh/2015/02/exploiting-uefi-boot-script-table.html


USAGE:

1) Download and install CHIPSEC (https://github.com/chipsec/chipsec).

2) Download and install Capstone engine incl. Python bindings (http://www.capstone-engine.org).

3) Install nasm (apt-get install nasm).

4) Copy boot_script_table.py into the chipsec/source/tool/chipsec/modules.

5) Run module:
   # cd chipsec/source/tool/chipsec
   # python chipsec_main.py --module boot_script_table 


WARNING:

Exploit was designed for Intel DQ77KB motherboard, running this code on any 
other hardware  may lead to unexpected problems due to the different
boot script table format and location.


TODO:

* Windows support (current implementation uses rtcwake Linux shell command).

* More decent boot script table decoding and dumping (incl. vendor-specific opcodes).

* SPI protected ranges dumping and checking.


Written by:
Dmytro Oleksiuk (aka Cr4sh)

https://github.com/Cr4sh/UEFI_boot_script_expl

Guides and Tutorials, Offensive, Scripts and Config, Vulnerability's CHIPSEC, Exploit, UEFI

Scan website for vulnerabilities with Uniscan

7 Comments Posted by NeverEndingSecurity on 14 March 2015

Uniscan is a vulnerability scanner that can scan websites and web applications for various security issues like LFI, RFI, sql injection, xss etc. Its written in perl. Its open source and can be downloaded from sourceforge project page at http://sourceforge.net/projects/uniscan/.

It is included in backtrack and can be found at the following directory

/pentest/web/uniscan

In the Backtrack menu its located at Vulnerability Assessment > Web Application Assessment > Web Vulnerability Scanner > uniscan.

On kali linux run it directly from terminal by issuing the command ‘uniscan’.

In this post we shall learn how to use this tool to scan websites. Usage is quite simple. Run the script uniscan.pl to see the options and examples

Basic scanning

root@kali:~# uniscan
####################################
# Uniscan project                  #
# http://uniscan.sourceforge.net/  #
####################################
V. 6.2


OPTIONS:
	-h 	help
	-u 	<url> example: https://www.example.com/
	-f 	<file> list of url's
	-b 	Uniscan go to background
	-q 	Enable Directory checks
	-w 	Enable File checks
	-e 	Enable robots.txt and sitemap.xml check
	-d 	Enable Dynamic checks
	-s 	Enable Static checks
	-r 	Enable Stress checks
	-i 	<dork> Bing search
	-o 	<dork> Google search
	-g 	Web fingerprint
	-j 	Server fingerprint

usage: 
[1] perl ./uniscan.pl -u http://www.example.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
[5] perl ./uniscan.pl -o "inurl:test"
[6] perl ./uniscan.pl -u https://www.example.com/ -r

The usage section shows examples on using it. To scan a website, use the first example from the usage section.

root@kali:~# uniscan -u http://www.example.com/ -qweds

The above example scans a single url. With the f option multiple sites can be put under the scanner. The list has to be provided as a txt file.

Fingerprinting

With the option ‘j’ uniscan would fingerprint the server of the url. Server fingerprinting simply runs commands like ping, traceroute, nslookup, nmap on the server ip address and packs the results together.

root@kali:~# uniscan -u http://www.example.com -j

Another option is ‘g’ which does web based fingerprinting. It looks up specific urls.

root@kali:~# uniscan -u http://www.example.com -g

Searching google and bing

Apart from scanning websites, uniscan has another cool feature of performing google and bing searches and collecting the results in a simple text file. The i option can be used for searching bing and o operator for google. To search bing for all domains hosted on a given ip address issue the following command

root@kali:~# uniscan -i "ip:xxx.xxx.xxx.xxx"

Replace the x with the ip. The results are saved in a file called sites.txt which can be found at ‘/usr/share/uniscan’. They should ideally be saved in the home directory of the user or the working directory.

To search google using a term

root@kali:~# uniscan -o 'inurl:"section.php?id="'

However google will block too many automated search queries. So use the tool carefully.

Guides and Tutorials, Penetration Testing, Vulnerability's Uniscan

Pentesting-Tool Exploit Pack for Windows, Linux and Mac OS X +Exploit and Security Video Tutorials

Leave a comment Posted by NeverEndingSecurity on 27 February 2015

Next generation exploit framework

Cyber security risk assessment and explotation
“Think like a hacker, be professional”

Exploit Packs

Get all the exploits you need in a pack for the platform you need to test. Today.
What are the Packs?

Exploit packs are distributed via web or as a bundle ( tipically a gzip file ) and contain additional modules that plug directly into Exploit Pack. Installation is usually simple, often just expanding desired tree, all the arsenal you need. Give some ammo to your weapons by upgrading Exploit Pack with Packs.

We deliver this Packs online ( using credentials ) or via a bundle Gzip, and the donations received from it are used to keep the project going.

Cross-platform Software, works for Windows, Linux and Mac OS X

For the download and more info go to: http://exploitpack.com/index.html
or visit: http://exploitpack.com/ExploitPack338.zip

Security Tutorials Playlist:
https://www.youtube.com/playlist?list=PLMnFqffzHenvhO2-qFllLiWPA39K3KIUW

Exploit Pack Playlist:
https://www.youtube.com/playlist?list=PLMnFqffzHensjfrCgA49vc37Btx61feq6

Courses & Training Materials, Guides and Tutorials, Linux, Mac OS X, Offensive, Penetration Testing, Video's, Vulnerability's, Windows Exploit Pack, Pentesting-Tool

MASSIVE COLLECTIONS: Awesome, Awesome All, Awesome-Awesome, Awesome-Awesomes, Awesome Awesomeness, Awesome-Collection, Lists, Lists Of Github Lists, List of Lists, Must-Watch-List and Wiki China Lists

1 Comment Posted by NeverEndingSecurity on 22 February 2015

Awesome

A curated list of awesome lists
For more info check: https://github.com/sindresorhus/awesome

Platforms

Programming languages

Front-end development

Back-end development

Computer science

Big data

Theory

Miscellaneous

Awesome All

A curated list of all the awesome lists of awesome frameworks, libraries and software
For more info check: https://github.com/bradoyler/awesome-all

Contributing

Please take a quick gander at the contribution guidelines first. Thanks to all contributors; you rock!

Awesome-Awesome

A curated list of awesome curated lists! Inspired by inspiration.
For more info check: https://github.com/erichs/awesome-awesome

Awesome Awesome

A curated list of amazingly awesome curated lists of amazingly awesome libraries, resources and shiny things for various languages and frameworks.
For more info check: https://github.com/oyvindrobertsen/awesome-awesome

Awesome Awesome
- C
- Clojure
- Common Lisp
- Go
- Java
- JavaScript
- PHP
- Python
- Ruby
- Scala
- Swift

C

Awesome C

Clojure

Awesome Clojure

Common Lisp

Awesome Common Lisp

Go

Awesome Go

Java

JavaScript

PHP

Awesome PHP

Python

Awesome Python

Ruby

Scala

Awesome Scala

Swift

Awesome Swift

Awesome-Awesomes

Awesome collection of awesome lists of libraries, tools, frameworks and software for any programming language, or closely related :D
For more info check: https://github.com/fleveque/awesome-awesomes

Feel free to add new lists or categories! Remember, it’s not mandatory that name starts with awesome- ;)

Programming languages | Frameworks, platforms, etc | Related and useful

Programming Languages

C

Awesome C – A curated list of awesome C libraries, frameworks and other shinies.

Clojure

Awesome Clojure – A curated list of awesome clojure libraries and software

Common Lisp

Awesome Common Lisp – A curated list of awesome Common Lisp libraries, software and other shinies.

D

Awesome D – A curated list of awesome D documents, frameworks, libraries and software

Elixir

Awesome Elixir – A curated list of amazingly awesome Elixir libraries, resources and shiny things

Erlang

Go

Awesome Go – A curated list of awesome Go frameworks, libraries and software

Haskell

Awesome Haskell – A curated list of awesome Haskell frameworks, libraries and software

Java

JavaScript

Awesome JavaScript – A curated list of amazingly awesome browser-side JavaScript libraries, resources and shiny things

PHP

Awesome PHP – A curated list of amazingly awesome PHP libraries, resources and shiny things

Python

Awesome Python – A curated list of awesome Python frameworks, libraries and software

Ruby

Awesome Ruby – by @markets – A collection of awesome Ruby libraries, tools, frameworks and software
Awesome Ruby – by @Sdogruyol – A curated list of awesome Ruby frameworks, libraries and resources
Ruby Development Bookmarks – A list of ruby development resources I’ve collected

Scala

Awesome Scala – A curated list of awesome Scala frameworks, libraries and software

Frameworks, platforms, etc

Frontend

Frontdesk – Community driven list of useful things for Front End Developers
Frontend Development – A huge list of frontend development resources collected over time. Sorted from general knowledge at the top to concrete problems at the bottom.
Master List of HTML5, JavaScript, and CSS Resources – Intent of sharing a list of HTML5, JavaScript, and CSS3 resources that were found very useful

Node.js

Awesome Node.js – A curated list of astonishing Node.js frameworks, libraries and resources

Ruby on Rails

Awesome Rails – A curated list of amazingly awesome open source rails related resources

Mobile

Android
iOS

Related and useful

Editors

Environments

Awesome Dev Env – A curated list of awesome tools, resources and workflow tips making an awesome development environment.

Shell

Awesome Shell – A curated list of awesome command-line frameworks, toolkits, guides and gizmos

SysAdmin

Awesome Sysadmin – A curated list of amazingly awesome open source sysadmin resources

Talks

Awesome Talks – List of online talks that you would love to watch

MachineLearning

Awesome Machine Learning – A curated list of awesome machine learning frameworks, libraries and software (by language).

Awesomes

Awesome Awesomes – This one!! ;) Awesome collection of awesome lists of libraries, tools, frameworks and software for any programming language :D
Awesome Awesomeness – A curated list of awesome awesomeness
Awesome Awesome – A curated list of awesome curated lists! Inspired by inspiration

Awesome Awesomeness

A curated list of amazingly awesome awesomeness. Also available on:
Awesome-Awesomeness.ZEEF.com: https://awesome-awesomeness.zeef.com/alexander.bayandin
And Github: https://github.com/bayandin/awesome-awesomeness

Programming Languages
- AutoHotkey
- Assembler
- C
- C/C++
- Clojure
- ColdFusion
- Common Lisp
- D
- Delphi
- Elixir
- Erlang
  - by @0xAX
  - by @drobakowski
  - by @unbalancedparentheses
- Fortran
- Go
- Groovy
- Haskell
- Java
- JavaScript
  - Node.js
    - by @sindresorhus
    - by @vndmtrx
- Julia
- Lua
  - by @forhappy
  - by @lewisjellis
- .NET
- OCaml
- Perl
- PHP
- Python
  - by @kirang89
  - by @svaksha
  - by @vinta
- R
- Ruby
  - by @dreikanter
  - by @markets
  - by @Sdogruyol
- Rust
- Scala
- Shell
- Swift
  - by @matteocrippa
  - by @Wolg
  - from ZEEF by @Edubits
General
- Algorithms
  - Algorithms Visualisation
- Analytics
- Android
  - Android Security
  - Android UI
- Apple
- Big data
  - by @onurakpolat
  - by @zenkay
  - Hadoop
- Books
  - Free Programming Books
  - Free Software Testing Books
- Bootstrap
- Conferences
- Continuous Delivery
- Cordova
- Courses
- Creative Commons Media
- Data Science
- Database
- Datasets
- Dev Env
- Docker
- Documentation
- Dotfiles
- Emacs
- Frontend Dev
- Game Development
- GIF
- GitHub
- HTML5
- Images
- iOS
- Koans
- Lists
  - by @bayandin
  - by @jnv
  - by @sindresorhus
- Machine Learning
- Nginx
- Open Science
- Papers
- Product Manager
- Remote Job
- Remote Work
- Services Engineering
- Sheet Music
- Speech and Natural Language Processing
- Styleguides
- Sublime Text
- SVG
- Sysadmin
- Talks
- Tools
- Vagrant
- Vim
  - by @akrawchyk
  - by @matteocrippa
- Web Performance Optimization
- WebComponents

Awesome Awesome

A curated list of awesome curated lists of many topics, can also found on:
Github: https://github.com/emijrp/awesome-awesome

Computer management

awesome-shell – Command-line frameworks, toolkits, guides and gizmos.
awesome-sysadmin – Backups, configuration management, DNS, IMAP/POP3, LDAP, monitoring, SSH, statistics, troubleshooting, virtualization, VPN and more.

Data processing

awesome-bigdata – Big data frameworks, resources and other awesomeness.
awesome-hadoop – Hadoop ecosystem resources.

Programming languages

awesome-clojure – Package management, audio, HTTP, database, websocket and testing.
awesome-c – C frameworks, libraries, resources and other cool stuff.
awesome-cpp – C/C++ frameworks, libraries, and resources.
awesome-cobol – Web frameworks, template engine, forms, authentication & OAuth, database, e-mail, messaging, imagery, text processing, machine learning, testing, audio, video and logging.
awesome-common-lisp – Common Lisp frameworks, libraries, resources and other shinies.
awesome-d – Build tools, compilers, IDE, GUI, database clients.
awesome-elixir – Elixir libraries, resources and shiny things.
awesome-go – Go frameworks, libraries and software.
awesome-java – Build tool, code analysis, database, GUI, IDE, JSON, machine learning, PDF, science, testing and web crawling.
awesome-javascript – JavaScript libraries, resources and shiny things.
awesome-julia – List of Julia resources and packages.
awesome-perl – Benchmarks, databases, images, logging, profiling, testing, text processing and web frameworks.
awesome-php – Frameworks, templating, URL, e-mail, files, imagery, testing, security, documentation, geolocation, date, PDF, search and authentication.
awesome-python – Files, dates, text processing, NLP, imagery, audio, video, geolocation, web frameworks, OAuth, web crawling, networking, GUI, game development, testing, science and data analysis and machine learning.
[awesome-R] – Not yet! Do it yourself!
awesome-ruby – Ruby libraries, tools, frameworks and software
- @markets
- @Sdogruyol
awesome-scala – Scala frameworks, libraries and software.
awesome-swift – Swift documentation, projects, tutorials, updates, etc

Sciences

[awesome-biology] – Not yet! Do it yourself!
[awesome-chemistry] – Not yet! Do it yourself!
[awesome-geography] – Not yet! Do it yourself!
[awesome-math] – Not yet! Do it yourself!
[awesome-physics] – Not yet! Do it yourself!

Web browsers

[awesome-firefox] – Not yet! Do it yourself!

Websites

[awesome-github] – Not yet! Do it yourself!
[awesome-flickr] – Not yet! Do it yourself!
[awesome-twitter] – Not yet! Do it yourself!
awesome-wikipedia – Datasets, frameworks, libraries and other software related to Wikipedia.
[awesome-youtube] – Not yet! Do it yourself!

Web platforms

awesome-dojo – Dojo JavaScript Toolkit

Other

[awesome-music] – Not yet! Do it yourself!

Awesome-Collection

a list of awesome repos
For more info check: https://github.com/flyhigher139/awesome-collection

awesome lists

Awesome – A curated list of awesome lists
awesome-all – A curated list of awesome lists of awesome frameworks, libraries and software
awesome-awesome by @emijrp – A curated list of awesome curated lists of many topics.
awesome-awesome by @erichs – A curated list of awesome curated lists! Inspired by inspiration.
awesome-awesome by @oyvindrobertsen – A curated list of curated lists of libraries, resources and shiny things for various languages.
awesome-awesomeness – A curated list of awesome awesomeness
awesome-awesomes – Awesome collection of awesome lists of libraries, tools, frameworks and software for any programming language
lists – The definitive list of (awesome) lists curated on GitHub. (comment: No awesome, but more awesome)

Programming languages

.NET
AutoHotkey
C/C++
Clojure
Coldfusion
D
Dart
Delphi
Elixir
Erlang
Fortran
GitHub-repo
Go
Groovy
Haskell
Java
JavaScript
JavaScript
- AngularJS
- Node.js
  - by @sindresorhus
  - by @vndmtrx
Julia
Lua
- by @forhappy
- by @lewisjellis
OCaml
Perl
Python
- by @kirang89
- by @svaksha
- Django
- flask
PHP
- CakePHP
R
Ruby
- by @dreikanter
- by @markets
- by @Sdogruyol
Rust
Scala
Shell
Swift
- by @Wolg
- from ZEEF by @Edubits

General

Algorithms
Analytics
Books
- Free Programming Books
- free-programming-books-zh_CN
- Free Software Testing Books
- Papers We Love
Conferences
Cordova
Dev Env
Data
- Big data
- Data Science
- Database
- awesome-firebase
Dotfiles
Editor
- Emacs
- Sublime Text
- Vim
  - by @akrawchyk
  - by @matteocrippa
Game Development
games
GitHub Cheat Sheet
Git Cheat Sheet
Images
Machine Learning
Platforms
- Android
  - Android Security
- Apple
- iOS
resources
Services Engineering
Styleguides
Sysadmin
Talks
Tools
Web development
- Bootstrap
- Frontend Dev
- HTML5
- Sass
- React

Lists

The definitive list of (awesome) lists curated on GitHub.
For more info check: https://github.com/jnv/lists
List of useful, silly and awesome lists curated on GitHub. Contributions welcome!

Non-technical

50-DI – Curated Diversity Index of grants, scholarships and FA that encourages diversity in STEM fields aimed at half the world’s population.
- http://svaksha.github.io/50-DI/
Annual-Reading-List – A list of things to read every year.
awesomebandnames – The open-source list of awesome band names.
awesome-biology – Learning resources, research papers, tools and other resources related to Biology.
awesome-gif – GIF /dʒ/ links and resources.
awesome-glasgow – Some highlights around Glasgow, Scotland.
awesome-health – Useful health resources.
awesome-images – Free (stock) photo resources for your projects.
awesome-kimchi – Kimchi of the people, by the people, for the people.
awesome-webcomics
baby-sleep – Baby sleep guides curated from the best of the Internet.
Biology – Bibliography of Biology resources.
cocktails – Cocktail Recipes
corporate-logos – Curated repo of publicly listed co. logos, identified by ticker. Almost 1500 logos
creative-commons-media – Audio, graphics and other resources that provide media licensed under Creative Commons licenses.
dissertation-tips – Resources to help PhD students complete their dissertation successfully.
food-recipes – Honest-to-goodness “real food” recipes
lawrence-veggie – List of vegetarian/vegan restaurants in Lawrence, KS.
mining-resources – Natural resources mining.
recipes by @bzimmerman – This repository contains tasty open-source recipes.
recipes by @csswizardy – Collection of things I like cooking
recipes by @csclug – Delicious open source
shelfies – Bookshelves of awesome people, community-transcribed.
SiliconValleyThingsToDo – Things to do and activities within Silicon Valley.
soylent – Soylent recipes
sf-vegetarian-restaurants – A list of awesome vegetarian-friendly restaurants in SF
teesites – A public list of great sites to buy awesome t-shirts and other cool stuff.
tacofancy – community-driven taco repo. stars stars stars.
visual-illusions – List of Visual Illusions.

Technical

101 – Resources on running a software biz.
above-the-fold-css-tools – Tools to help prioritize above-the-fold CSS.
admesh-projects – Projects using ADMesh (a triangulated solid meshes processor).
algovis – Algorithm Visualization.
alternative-internet – A collection of interesting new networks and tech aiming at decentralisation (in some form).
android-awesome-libraries – Useful Android development libraries with usage examples.
AndroidDevTools In Chinese – SDK, development tools, libraries, and resources.
- http://www.androiddevtools.cn/
android-jobs In Chinese – Android positions in China.
android-open-project In Chinese – Collect and classify android open source projects.
android-security-awesome – “A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps.”
angular-education – Useful resources to learn and improve your AngularJS skills.
angularjs-fellows – Free resources for learning AngularJS.
- http://tachun.github.io/angularjs-fellows/
ansible-gentoo-roles – Ansible roles for Gentoo Linux.
apiPlatforms – Cool and awesome APIs
APTnotes – Various public documents, whitepapers and articles about APT [Advanced persistent threat] campaigns.
Automated-SPA-Testing – Automated unit & functional testing for web applications [JavaScript et al.].
awesomelinks – Web Development Links by @richardbenjamin.
Backpack – Various learning resources, organized by technology/topic.
badass-dev-resources – #bada55 front-end developer resources.
beautiful-docs – Pointers to useful, well-written, and otherwise beautiful documentation.
best-of-awesomeness-and-usefuless-for-webdev – Digest of the most useful tools and resources for the last year.
- Russian version
Best-App In Chinese – Recommendations for best desktop and mobile apps.
bigdata-ecosystem – Big-data related projects packed into a JSON dataset.
- http://bigdata.andreamostosi.name/
bioinformatics-tool-list – Bioinformatics and computational biology tools.
bookmarklets – Bookmarklets that are useful on the web
- http://sachaschmid.ch/bookmarklets/
bookshelf – Reading lists for learners
channels In Russian – YouTube channels for web developers.
ciandcd – Continuous Integration and Continuous Delivery
- http://www.ciandcd.com/
content-management-systems – Open source & proprietary content management systems.
Continuous-Integration-services – Comparison of cloud based CI services.
crypto-might-not-suck – Crypto Projects that Might not Suck.
css-resources
curated-list-espresso-sugar-plugins – Sugar plugins for Espresso, the code editor by MacRabbit.
Curated-List-of-Awesomeness – Web resources.
cyberDigest In Russian – Digest of knowledge about crypto networks (including cryptocurrencies).
daemon – A curated list of resources for a more literate programming.
datajournalists-toolbox – Tools for datajournalists, with examples and gists.
datasciencemasters – The Curriculum for learning Data Science, Open Source and at your fingertips.
- http://datasciencemasters.org/
Developer-Conferences – List of upcoming developer conferences.
devopsbookmarks.com – To discover tools in the devops landscape.
- http://www.devopsbookmarks.com/
devops_resources
dev-resource – Resources for devs online and offline.
EducationalToolsResources – Tools and resources for educators and virtual teachers.
ember-links/list – Ember.js Links
erlang-bookmarks – All about erlang programming language.
erlang-watchlist – Where to find good code to master Erlang idioms
es6-tools – An aggregation of tooling for ES6
Facets – One-liners in Ruby
fks In Chinese – Frontend Knowledge Structure.
flat-file-cms – Stictly flat-file cms systems.
free-programming-books
- http://resrc.io/list/10/list-of-free-programming-books/
free-programming-books-zh_CN In Chinese
free-programming-courses – Online programming/CS courses.
free-software-testing-books – List of free software testing books.
frontdesk – Community driven list of useful things for Front End Developers
Front-end-Developer-Interview-Questions – A list of helpful front-end related questions you can use to interview potential candidates, test yourself or completely ignore.
- Available in various translations
Front-end-Web-Development-Interview-Question In Chinese
front-end-links
frontend-dev-bookmarks – A huge list of frontend development resources I collected over time.
frontend-resources by @JonathanZWhite
frontend-resources by @zedix
frontend-stuff – Framework/libraries/tools to use when building things on the web. Mostly Javascript stuff.
frontend-tools – An opinionated list of tools for frontend (i.e. html, js, css) desktop/laptop (i.e. does not include tablet or phone yet) web development
games – A list of popular/awesome videos games, add-on, maps, etc. hosted on GitHub.
github-cheat-sheet – Cool features of Git and GitHub.
github-hall-of-fame – Hall of Fame for spectacular things on Github.
- http://mehulkar.com/github-hall-of-fame/
hackathon_resources by @myearwood – Learning Resources for Hackathon Organizers.
Hackathon-Resources by @xasos – Hackathon Resources for organizers.
HeadlessBrowsers
ideas – One Hundred Ideas for Computing
Inspire – A collection of links to assist you in web design and development.
InterviewThis – Developer questions to ask prospective employers
ios-awesome-libraries – Useful iOS development libraries with usage examples.
iOSDevResource
iOS-Developer-and-Designer-Interview-Questions
javascript-patterns – JavaScript Patterns
- http://shichuan.github.io/javascript-patterns/
javascript-resources
jslibs – My picks of promising/useful Javascript libraries.
- See also JSwiki
js-must-watch – Must-watch videos about javascript.
jsonauts – The ultimate reference for JSON tooling and specs.
- http://jsonauts.github.io/
jstools – Foundational JavaScript Tools
js-type-master – JavaScript resources about web typography.
- https://www.codefellows.org/blog/complete-list-of-javascript-tools
Julia.jl – Curated decibans of Julia language.
- https://github.com/svaksha/Julia.jl
killer-talks – Talks that are worth watching.
Laravel-Resources – Laravel Framework Resources and Blogs.
learn-drupal – Stuff to help you learn Drupal.
learn-python – A list of links that teach Python.
learnxinyminutes-docs – Code documentation written as code!
- http://learnxinyminutes.com/
lifeofjs – Curated source for all types of awesome resources available for JavaScript.
ListOfMinimalistFrameworks – Minimalist frameworks (simple and lightweight).
magictools – Game Development resources to make magic happen.
manong In Chinese – Weekly digest of technology
markdown-resources – Markdown resources: apps, dialects, parsers, people, …
MaterialDesignCenter In Chinese – Resources and libraries for Material Design.
my_tech_resources by @JamesLavin
must-watch-css – Must-watch videos about CSS.
nashville-lispers/resources – Lisp Resources: exercises, great books, videos, etc.
nginx-resources – Nginx web server (+ Lua), OpenResty and Tengine.
node-daily In Chinese – Daily article about Node.js.
node-frameworks – Comparison of server-side Node frameworks.
nodejs-conference-cfps – NodeJS and Javascript Conference Call for Presentations.
NodeJS-Learning – Resources to help you learn Node.js and keep up to date.
npm-algos – Node.js Modules Implementing Computer Science Concepts.
offline-first – Everything you need to know to create offline-first web apps.
papers – A collection of papers found across the web.
papers-we-love – Papers from the computer science community to read and discuss. (Contains actual papers)
pattern_classification – A collection of tutorials and examples for solving and understanding machine learning and pattern classification tasks.
PHPVietnam – PHP resources for Vietnamese.
PlacesToPostYourStartup – “Where can I post my startup to get beta users?”
programmers-proverbs – Proverbs from the programmer
programming-talks – Awesome & Interesting Talks concerning Programming
Projects – Practical projects that anyone can solve in any programming language.
pycrumbs – Bits and Bytes of Python from the Internet.
python-github-projects – Collect and classify python projects on Github.
- http://itgeekworkhard.com/python-github-projects/
pythonidae – Curated decibans of Python scientific programming resources.
- http://svaksha.github.io/pythonidae/
python_reference – Useful functions, tutorials, and other Python-related things.
Qix In Chinese – Node, Golang, Machine Learning, PostgreSQL.
queues.io – Job queues, message queues and other queues.
- http://queues.io/
resource-list – Design & Development Resources.
resources – JavaScript resources for and by Hack Reactor 14 & 15.
resources – Free, online resources for various technologies, languages, and tools.
Resources – Tools for front end devs.
ruby-bookmarks – Ruby and Ruby on Rails bookmarks collection.
ruby-dev-bookmarks – Ruby development resources I’ve collected.
ruby-trivia – Questions about Ruby programming you can use to quiz yourself.
rust-lang-resources – Links related to the Rust programming language.
rss-readers-list – Reader replacements megalist
- http://smithbr.github.io/rss-readers-list
scalable-css-reading-list – Collected dispatches from The Quest for Scalable CSS.
secure-email – Overview of projects working on next-generation secure email.
services-engineering – A reading list for services engineering, with a focus on cloud infrastructure services.
shellshocker-pocs – Proof of concepts and potential targets for Shellshock.
spawnedshelter – Erlang Spawned Shelter – the best articles, videos and presentations related to Erlang.
speech-language-processing
StartupKnowledgeBase – Insightful articles related to startups.
startupreadings – Reading list for all things startup-related.
startup-resources
static-site-generator-comparison
- http://staticsitegenerators.net/
Static-Site-Generators
streaming-papers – Papers on streaming algorithms.
sublime – Some of the best Sublime Text packages, themes, and goodies.
sublime-bookmarks – Sublime Text essential plugins and resources.
SwiftInFlux – An attempt to gather all that is in flux in Swift.
tech-weekly – List of weekly technical newsletters
Toolbox – Open source iOS stuff.
tool_lists – Links to tools by theme. Verification, synthesis, and static analysis.
tools – Tools for web.
ToolsOfTheTrade – Tools of The Trade, from Hacker News.
twofactorauth – Sites with two factor auth support which includes SMS, email, phone calls, hardware, and software.
- http://twofactorauth.org/
type-findings – Posts about web typography.
WebComponents-Polymer-Resources
webcomponents-the-right-way – Introduction to Web Components.
webdevresourcecuration
web-dev-resources – A table of contents for web developer resources across the internet.
web-development-resources
weekly In Chinese – Weekly summary of articles and resources.

awesome-*

awesome – Useful plugins and libraries.
awesome-2048-and-beyond – Waste and lose at least 8 hours of your life… then multiply it…
awesome-acf – Add-ons for the Advanced Custom Field plugin for WordPress.
awesome-activeadmin – Active Admin resources, extensions, posts and utilities. For Rails.
awesome-algorithms – Places to learn and/or practice algorithms.
awesome-analytics – Analytics services, frameworks, software and other tools.
awesome-android by @Jackgris In Spanish.
awesome-android by @JStumpp
awesome-android by @snowdream Partially in Chinese
awesome-android-libraries – General Android libraries.
awesome-android-ui – UI/UX libraries for Android.
awesome-angular by @hugoleodev
awesome-angularjs by @gianarb
awesome-apple – 3rd party libraries and tools for Apple platforms development.
awesome-arabic – Arabic supporting tools, fonts, and development resources.
awesome-asciidoctor – Collection of asciidoctor’s intros, exampes and usages.
awesome-asm – Assembly language
awesome-AutoHotkey – AutoHotkey libraries, library distributions, scripts, tools and resources.
awesome-avr
awesome-backbone – Resources for Backbone.js
awesome-bem – Tools, sites, articles about BEM (frontend development method).
awesome-bigdata – Big data frameworks, resources and other awesomeness.
Awesome-Bioinformatics – Open-source bioinformatics software and libraries.
awesome-bootstrap – Free Bootstrap themes I think are cool.
awesome-c – C frameworks, libraries, resources etc.
awesome-cakephp – Plugins and resources for CakePHP 2 and 3.
awesome-cassandra
awesome-chef – Cookbooks, handlers, add-ons and other resources for Chef, a configuration management tool.
awesome-ci – Continuous integation services.
awesome-cl – Common Lisp
awesome-clojure
awesome-cloud – Delightful cloud services.
awesome-cloud-storage – Comparison of online storage platforms.
awesome-code-formatters
awesome-coldfusion
awesome-comparisons – Framework and code comparison projects, like TodoMVC and Notejam.
awesome-conference-playlists – Video playlists for conferences.
awesome-conferences
awesome-computer-vision
awesome-cordova Apache Cordova / PhoneGap
awesome-courses – University Computer Science courses across the web.
awesome-cpp – C/C++ frameworks, libraries, resources.
awesome-css by @deepakbhattarai
awesome-css by @ikkou
awesome-d
awesome-dart
awesome-dashboard – Dashboards/visualization resources.
awesome-datascience – An open source DataScience repository to learn and apply for real world problems.
awesome-datasets – Datasets for papers/experiments/validation.
awesome-db – Databse libraries and resources.
awesome-ddd – Domain Driven Design resources.
awesome-delphi
awesome-derby – Components for DerbyJS.
awesome-design – Resources for digital designers.
awesome-devenv – Tools, resources and workflow tips making an awesome development environment.
awesome-devtools – In-browser bookmarklets, tools, and resources for front-end devs.
awesome-django – Django apps and projects.
awesome-django-cms – django CMS add-ons.
awesome-docker by @anildigital
awesome-docker by @veggiemonk
awesome-doctrine – Doctrine ORM libraries and resources.
awesome-dojo – Dojo JavaScript Toolkit resources and libraries.
awesome-dotfiles
awesome-dotnet – .NET libraries, tools, frameworks and software.
awesome-drupal
awesome-educate – Education resources online.
awesome-elm – Learning resources and programs for Elm, a functional reactive language.
awesome-emacs from @emacs-tw
awesome-emacs by @sefakilic
awesome-emacs by @tacticiankerala
awesome-ember – Ember.js things.
awesome-elixir
awesome-endless-codeforall-list – Every tool that civic hackers worldwide use to work.
awesome-erlang
awesome-flask – Flask Python web framework resources and plugins.
awesome-fortran
awesome-github by @fffaraz – Git and GitHub references.
awesome-github by @Kikobeats – GitHub secrets and goodies.
awesome-github-repo – GitHub repositories; various topics like study materials, Raspberry Pi etc.
awesome-go by @avelino
- http://awesome-go.com/
awesome-go-books – Online and free golang books.
awesome-grails
awesome-groovy
awesome-hadoop – Hadoop and Hadoop ecosystem resources.
awesome-haskell
awesome-hierarchical-matrices – Hierarchical matrices frameworks, libraries, and software.
awesome-html5
awesome-hybrid – Hybrid Applications (web + native)
awesome-ios
awesome-IoT – Internet of Things platforms, libraries and apps.
awesome-java
awesome-javascript
awesome-javascript-books – Online and free JavaScript books.
awesome-julia
awesome-knockout – Plugins for Knockout MVVM framework.
awesome-koans – Programming kōans in various languages.
awesome-languages – Open-source programming languages.
awesome-laravel by @chiraggude
awesome-laravel by @TimothyDJones
awesome-linguistics – Tools, theory and platforms for linguistics.
awesome-linux – Linux software.
- http://dhamaniasad.github.io/awesome-linux
awesome-logging
awesome-lua by @forhappy
awesome-lua by @LewisJEllis
awesome-luvit – Luvit frameworks, libraries and software.
awesome-machine-learning
awesome-meteor
awesome-mesos by @dharmeshkakadia
awesome-mesos by @parolkar
awesome-nodejs by @sindresorhus
awesome-nodejs by @vndmtrx
awesome-objc-swift
awesome-ocaml
awesome-open-science
awesome-pcaptools – Tools to process network traces.
awesome-pentest – Penetration testing resources and tools.
awesome-perfocards See perfokaart.
awesome-perl
awesome-persian – Persian/Farsi supporting tools, fonts, and development resources.
awesome-php
awesome-pipeline – Pipeline toolkits.
awesome-play1 – Play Framework 1.x modules, tools, and resources.
awesome-ProductManager – Books and tools for Product Managers.
awesome-puppet
awesome-pyramid – Resources for Pyramid Python web framework.
awesome-python by @kevmo
awesome-python by @vinta
awesome-python-talks – An opinionated list of awesome videos related to Python, with a focus on training and gaining hands-on experience.
awesome-public-datasets – (Large-scale) public datasets on the Internet.
awesome-qt – Libraries and resources for the Qt framework.
awesome-R
awesome-radio – Radio and citizens band (CB) radio resources.
awesome-rails by @dpaluy
awesome-rails by @ekremkaraca – Projects and sites made with Rails.
awesome-rails by @ruby-vietnam – Rails libraries/app examples/ebooks/tutorials/screencasts/magazines/news.
awesome-react – ReactJS tools, resources, videos.
awesome-recommender-system – Recommender System frameworks, libraries and software.
awesome-RemoteWork – Books and links about and for remote work.
awesome-ruby by @markets
- http://marcanguera.net/awesome-ruby/
awesome-ruby by @Sdogruyol
awesome-rust
awesome-sarl – Resources for SARL Agent-Oriented Programming Language.
awesome-sass – Sass/SCSS extensions, articles, and examples.
awesome-scala
awesome-security – Software, libraries, documents, books, resources and cool stuff about security.
awesome-selenium
awesome-services – Services that make a painful programmer’s life easier.
awesome-sharepoint by @sergey-tihon
awesome-SharePoint by @siaf
awesome-shell – Command-line frameworks, toolkits, guides and gizmos.
awesome-sheet-music – Tools to create, edit and display sheet music.
awesome-sketch – Guides, articles, videos about Sketch 3.
awesome-sphinxdoc – Tools for Sphinx Python Documentation Generator.
awesome-sqlalchemy – Extra libraries for SQLAlchemy, a Python ORM.
awesome-static-generators – Static web site generators.
awesome-stars In Chinese – Useful libraries with personal remarks.
awesome-styleguides
awesome-svg
awesome-swift by @matteocrippa
awesome-swift by @Wolg
awesome-symfony2 – Symfony 2 bundles, utilities and resources.
awesome-sysadmin – Open source sysadmin resources.
awesome-talks
awesome-umbraco – Resources for Umbraco 7, a .NET CMS.
awesome-unity – Assets and resources for Unity game engine.
awesome-vagrant
awesome-vim by @akrawchyk
awesome-vim by @matteocrippa
awesome-webservice – Web and cloud services, SaaS.
awesome-weekly – Quality weekly subscription newsletters from the software world.
awesome-wikipedia – Wikipedia-related frameworks, libraries, software, datasets and references.
awesome-wordpress from @dropndot
awesome-wordpress by @endel
awesome-wordpress by @miziomon
awesome-wpo – Web Performance Optimization
awesome-yamada Dancing Yamada
awesome-yii – Yii Framework extensions, tutorials and other nice things.
awesome-yii-1 – Libraries, books, sites and team of Yii Framework v1.x.
awesome-zsh-plugins

Lists of lists

awesome – A curated list of awesome lists.
awesome-all – A curated list of awesome lists of awesome frameworks, libraries and software
awesome-awesome by @emijrp – A curated list of awesome curated lists of many topics.
awesome-awesome by @erichs – A curated list of awesome curated lists! Inspired by inspiration.
awesome-awesome by @oyvindrobertsen – A curated list of curated lists of libraries, resources and shiny things for various languages.
awesome-awesomeness – A curated list of awesome awesomeness
awesome-awesomes – Awesome collection of awesome lists of libraries, tools, frameworks and software for any programming language
awesome-collection – A list of awesome repos.
ListOfGithubLists – List of github lists
list-of-lists – A meta list of lists of useful open source projects and developer tools.
must-watch-list – List of must-watch lists.
this one
wiki In Chinese – A curated list of awesome lists.

Lists of lists of lists

awesome-awesome-awesome – A a curated list of curated lists of awesome lists.
awesomecubed – A curated list of awesome awesomeness awesomenesses.
lologl – List of Lists of Github Lists.
meta-awesome
the one above

Lists of lists of lists of lists

Lists of lists of lists of lists of lists

List of github lists

Creating a github list is so trendy nowadays, so here’s another one.
Fore more info check: https://github.com/asciimoo/ListOfGithubLists

Pull requests are welcome

Lists

List-Of-Lists

A meta list of lists of useful open source projects and developer tools
For more info check: https://github.com/cyrusstoller/list-of-lists

Tools

Sysadmin tools: https://github.com/kahun/awesome-sysadmin
Font-end Tools: https://github.com/codylindley/frontend-tools
List of languages that compile to JS: https://github.com/jashkenas/coffeescript/wiki/List-of-languages-that-compile-to-JS
Landscaping With Front-end Tools: https://github.com/codylindley/frontend-tools
List of RSS readers: https://github.com/smithbr/rss-readers-list
List of Job queues, message queues and other queues – http://queues.io/
List of Tools of the Trade – https://github.com/cjbarber/ToolsOfTheTrade

Frameworks / Libraries

Front-End CSS Frameworks: http://usablica.github.io/front-end-frameworks/compare.html
Static Site Generators: http://staticsitegenerators.net
List of minimalist frameworks: https://github.com/neiesc/ListOfMinimalistFrameworks
List of useful php libraries: https://github.com/ziadoz/awesome-php
List of python Github projects: https://github.com/checkcheckzz/python-github-projects
List of Go projects: https://code.google.com/p/go-wiki/wiki/Projects
Database of JS Librariers, Frameworks, and Plugins – http://www.jsdb.io/
Database of Node.js packages – https://github.com/sindresorhus/awesome-nodejs

Resources

A list of free programming books: https://github.com/vhf/free-programming-books/blob/master/free-programming-books.md
A list of front end development resources: https://gist.github.com/dypsilon/5819504
Places To Post Your Startup: https://github.com/mmccaff/PlacesToPostYourStartup
Frontend development bookmarks: https://github.com/dypsilon/frontend-dev-bookmarks
HackerNews Bookmark: https://github.com/praveenhm/HackerNews-Bookmark
Front End Developer Interview Questions: https://github.com/darcyclarke/Front-end-Developer-Interview-Questions
List of useful things for front-end developers: https://github.com/miripiruni/frontdesk
List of CS papers: https://github.com/papers-we-love/papers-we-love
Must-watch videos about javascript – https://github.com/bolshchikov/js-must-watch
List of Game Development resources – https://github.com/ellisonleao/magictools
List of Web Business Models – https://gist.github.com/ndarville/4295324
Big list of d3.js examples – http://christopheviau.com/d3list/
319 useful Twitter Bootstrap resources – http://www.bootstraphero.com/the-big-badass-list-of-twitter-bootstrap-resources
A curated list of amazingly awesome awesomeness – https://github.com/bayandin/awesome-awesomeness
Markdown resources – https://github.com/rhythmus/markdown-resources
List of React tools, resources, videos and shiny things – https://github.com/enaqx/awesome-react
List of awesome CS courses – https://github.com/prakhar1989/awesome-courses

Other lists of lists

Misc

https://github.com/phiat/markdown-lists/blob/master/tools.md

must-watch-list

A list of must-watch lists
For more info check: https://github.com/adrianmoisey/must-watch-list

CSS
Django
Go
Javascript
- by AllThingsSmitty
- by bolshchikov
Python
- by primalpop
- by s16h
Rails
Startup

Awesome-Awesomeness (zeef): https://awesome-awesomeness.zeef.com/alexander.bayandin

Android Devices, Anti Malware, Arduino, Authentication, Browser, Courses & Training Materials, Cracking, Crypto, Debugging, Defensive Security, Digital Forensics, Documents & Manuals, eBooks, Encryption, Firewall, Guides and Tutorials, Hardening, iOS Devices, Linux, Log and Monitoring, Mac OS X, Mind Maps, Non-Security, Offensive, OpenBSD/FreeBSD/NetBSD, Penetration Testing, Programming & Crafting Code, Raspberry Pi, Scripts and Config, Single-Board Computers, Software, Tools, Tunneling, Vulnerability's, Web Apps, Windows, Wireless Awesome, Awesomeness, Collection

List with scripts from GhostInTheLab

Leave a comment Posted by NeverEndingSecurity on 19 February 2015

GhostInTheLab

Offensive, Penetration Testing, Scripts and Config, Vulnerability's GhostInTheLab

Penetration Testing Practice Lab – Vulnerable Apps / Systems (The Most Complete List)

Leave a comment Posted by NeverEndingSecurity on 19 February 2015

A complete mindmap about all the courses and trainings from this post can be found here:
http://www.amanhardikar.com/mindmaps/Practice.png

Following table gives the URLs of all the vulnerable web applications, operating system installations, old software and war games [hacking] sites. The URLs for individual applications that are part of other collection entities were not given as it is not necessary to download each of them and manually configure them if they are already available in a configured state. For technologies used in each web application, please refer to the mindmap above.

Vulnerable Web Applications:
OWASP BWA: http://code.google.com/p/owaspbwa
OWASP Hackademic: http://hackademic1.teilar.gr
OWASP SiteGenerator: https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks: http://sourceforge.net/projects/owaspbricks & http://sechow.com/bricks
OWASP Security Shepherd: https://www.owasp.org/index.php/OWASP_Security_Shepherd
Damn Vulnerable Web App (DVWA): http://www.dvwa.co.uk
Damn Vulnerable Web Services (DVWS): http://dvws.professionallyevil.com
WebGoat.NET: https://github.com/jerryhoff/WebGoat.NET
PentesterLab: https://pentesterlab.com
Butterfly Security Project: http://thebutterflytmp.sourceforge.net
Foundstone Hackme Bank: http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books: http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino: http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping: http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel: http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
LAMPSecurity: http://sourceforge.net/projects/lampsecurity
Moth: http://www.bonsai-sec.com/en/research/moth.php
WackoPicko: https://github.com/adamdoupe/WackoPicko & http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
BadStore: http://www.badstore.net
WebSecurity Dojo: http://www.mavensecurity.com/web_security_dojo
BodgeIt Store: http://code.google.com/p/bodgeit
hackxor: http://hackxor.sourceforge.net/cgi-bin/index.pl
SecuriBench: http://suif.stanford.edu/~livshits/securibench
SQLol: https://github.com/SpiderLabs/SQLol
CryptOMG: https://github.com/SpiderLabs/CryptOMG
XMLmao: https://github.com/SpiderLabs/XMLmao
Exploit KB Vulnerable Web App: http://exploit.co.il/projects/vuln-web-app & http://sourceforge.net/projects/exploitcoilvuln
PHDays iBank CTF: http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
GameOver: http://sourceforge.net/projects/null-gameover
Zap WAVE: http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
PuzzleMall: http://code.google.com/p/puzzlemall
VulnApp: http://www.nth-dimension.org.uk/blog.php?id=88
sqli-labs: https://github.com/Audi-1/sqli-labs
Drunk Admin Web Hacking Challenge: https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge
bWAPP: http://www.mmeit.be/bwapp & http://sourceforge.net/projects/bwapp/files/bee-box & http://www.itsecgames.com
NOWASP / Mutillidae 2: http://sourceforge.net/projects/mutillidae
SocketToMe: http://digi.ninja/projects/sockettome.php
Project GameOver: http://null.co.in/2012/06/14/gameover-web-pentest-learning-platform
OWASP Vicnum Project: https://sourceforge.net/projects/vicnum & http://vicnum.ciphertechs.com
Hackademic Challenges: http://www.hackademic.eu

Vulnerable Operating System Installations:
Damn Vulnerable Linux: http://sourceforge.net/projects/virtualhacking/files/os/dvl & http://www.damnvulnerablelinux.org
Metasploitable: http://sourceforge.net/projects/virtualhacking/files/os/metasploitable & https://sourceforge.net/projects/metasploitable
LAMPSecurity: http://sourceforge.net/projects/lampsecurity
UltimateLAMP: http://www.amanhardikar.com/mindmaps/practice-links.html & http://ronaldbradford.com/tmp/UltimateLAMP-0.2.zip
heorot: DE-ICE, hackerdemia http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
De-ICE HackerPedia PenTest LiveCDs http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks
pWnOS: http://www.pwnos.com & http://www.krash.in/bond00/pWnOS%20v1.0.zip & http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking-pwnos.html
Holynix: http://sourceforge.net/projects/holynix/files & http://pynstrom.net/index.php?page=holynix.php
Kioptrix: http://www.kioptrix.com/blog/?page_id=135
exploit-exercises – nebula, protostar, fusion: http://exploit-exercises.com/download
PenTest Laboratory: http://pentestlab.org/lab-in-a-box
RebootUser Vulnix: http://www.rebootuser.com/?page_id=1041
neutronstar: http://neutronstar.org/goatselinux.html
scriptjunkie.us: http://www.scriptjunkie.us/2012/04/the-hacker-games
21LTR: http://21ltr.com/scenes
SecGame # 1 Sauron: http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
Pentester Lab: https://www.pentesterlab.com/exercises
Vulnserver: http://www.thegreycorner.com/2010/12/introducing-vulnserver.html
TurnKey Linux: http://www.turnkeylinux.org
Bitnami: https://bitnami.com/stacks
Elastic Server: http://elasticserver.com
CentOS: http://www.centos.org
Katana: http://www.hackfromacave.com/katana.html
Virtual Hacking Lab: http://sourceforge.net/projects/virtualhacking/files
Hacking-Lab: http://www.hacking-lab.com/hl_livecd

Sites for Downloading Older Versions of Various Software:
Exploit-DB: http://www.exploit-db.com
Old Version: http://www.oldversion.com
Old Apps: http://www.oldapps.com
VirtualHacking Repo: http://sourceforge.net/projects/virtualhacking/files/apps%40realworld

Sites by Vendors of Security Testing Software:
Acunetix acuforum: http://testasp.vulnweb.com
Acunetix acublog: http://testaspnet.vulnweb.com
Acunetix acuart: http://testphp.vulnweb.com
Cenzic crackmebank: http://crackme.cenzic.com
HP freebank: http://zero.webappsecurity.com
IBM altoromutual: http://demo.testfire.net
Mavituna testsparker: http://aspnet.testsparker.com
Mavituna testsparker: http://php.testsparker.com
NTOSpider Test Site: http://www.webscantest.com

Sites for Improving Your Hacking Skills:
EnigmaGroup: http://www.enigmagroup.org
Exploit Exercises: http://exploit-exercises.com
Google Gruyere: http://google-gruyere.appspot.com
Gh0st Lab: http://www.gh0st.net
Hack This Site: http://www.hackthissite.org
HackThis: http://www.hackthis.co.uk
HackQuest: http://www.hackquest.com
Hack.me: https://hack.me
Hacking-Lab: https://www.hacking-lab.com
Hacker Challenge: http://www.dareyourmind.net
Hacker Test: http://www.hackertest.net
hACME Game: http://www.hacmegame.org
Hax.Tor: http://hax.tor.hu
OverTheWire: http://www.overthewire.org/wargames
PentestIT: http://www.pentestit.ru/en
pwn0: https://pwn0.com/home.php
RootContest: http://rootcontest.com
Root Me: http://www.root-me.org/?lang=en
Security Treasure Hunt: http://www.securitytreasurehunt.com
Smash The Stack: http://www.smashthestack.org
TheBlackSheep and Erik: http://www.bright-shadows.net
ThisIsLegal: http://thisislegal.com
Try2Hack: http://www.try2hack.nl
WabLab: http://www.wablab.com/hackme
XSS – Can You XSS This?: http://canyouxssthis.com/HTMLSanitizer
XSS – ProgPHP: http://xss.progphp.com

CTF Sites / Archives:
CTFtime (Details of CTF Challenges): http://ctftime.org/ctfs
shell-storm Repo: http://shell-storm.org/repo/CTF
CAPTF Repo: http://captf.com
VulnHub: https://www.vulnhub.com

Mobile Apps:
ExploitMe Mobile Android Labs: http://securitycompass.github.io/AndroidLabs
ExploitMe Mobile iPhone Labs: http://securitycompass.github.io/iPhoneLabs
OWASP iGoat: http://code.google.com/p/owasp-igoat
OWASP Goatdroid: https://github.com/jackMannino/OWASP-GoatDroid-Project
Damn Vulnerable iOS App (DVIA): http://damnvulnerableiosapp.com
Damn Vulnerable Android App (DVAA): https://code.google.com/p/dvaa
Damn Vulnerable FirefoxOS Application (DVFA): https://github.com/pwnetrationguru/dvfa
NcN Wargame: http://noconname.org/evento/wargame
Hacme Bank Android: http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
InsecureBank: http://www.paladion.net/downloadapp.html

Miscellaneous:
VulnVPN: http://www.rebootuser.com/?page_id=1041
VulnVoIP: http://www.rebootuser.com/?page_id=1041
NETinVM: http://informatica.uv.es/~carlos/docencia/netinvm
GNS3: http://sourceforge.net/projects/gns-3
XAMPP: https://www.apachefriends.org/index.html

Android Devices, Courses & Training Materials, Cracking, Digital Forensics, Guides and Tutorials, iOS Devices, Live Distributions, Mobile Phones & Tabs, Offensive, Operating Systems, Penetration Testing, Research, Vulnerability's, Web Apps, Website's

Debugging and Detecting problems with SH, Bash or the Shell

Leave a comment Posted by NeverEndingSecurity on 14 February 2015

Spellcheck, paste the shell script with errors or problems on the spellcheck website and it automatically detects the problem.

Go to Spellcheck by visiting this site:
http://www.shellcheck.net

Or you can watch the source code on github at:
https://github.com/koalaman/shellcheck

Bash Pitfalls is an collection or errors that can show up in the Bash, complete with a description of the error.
It can be found on:
http://mywiki.wooledge.org/BashPitfalls

Debugging, Guides and Tutorials, Linux, Mac OS X, OpenBSD/FreeBSD/NetBSD, Raspberry Pi, Vulnerability's Bash, SH, Shell

JAW: Java Applet Wizard, that makes you go java Meterpreter by payload

Leave a comment Posted by NeverEndingSecurity on 14 February 2015

JAW: Java Applet Wizard
JAW is written in Python and comes in 2 flavors.

Flavor 1: Java applet maker using a meterpreter executable.
To do client-side attacks using evil java applets:
http://exploit.co.il/hacking/client-side-attack-using-evil-java-applets

Flavor 2: Java applet maker using a java meterpreter – full java attack script
By using Metasploit java meterpreter payload:
http://exploit.co.il/hacking/metasploit-java-meterpreter-payload

Offensive, Penetration Testing, Tools, Vulnerability's Java Applet Wizard, Metasploit, Meterpreter, Python

NSA Documents: Attacks on VPN, SSL, TLS, SSH and Tor

Leave a comment Posted by NeverEndingSecurity on 13 February 2015

Attacks against Crypto:

Attacks on SSL/TLS:

Attacks on VPN:

Deanonymizing:

Cryptanalytics:

Thanks to Der Spiegel for all this information!

Documents & Manuals, Encryption, Pdf and Slides, Research, Security News, Snowden / NSA, Vulnerability's Attacks, NSA, SSH, SSL, TLS, Tor, VPN

← Older posts

RSS feed

Exploit Dev – #1 Windows – Stack Based Overflow	Juan Sacco	6:09
Exploit Dev – #2 Windows – Control of EIP	Juan Sacco	22:08
Exploit Dev – #1 Linux – Stack Based Overflow	Juan Sacco	3:21
Exploit Dev – #2 Linux – Control of EIP	Juan Sacco	23:28
Exploit Dev – #3 Linux – Shellcode execution	Juan Sacco	10:18
Exploit Dev – #3 Windows – SEH + Shellcode	Juan Sacco	9:14
Rootkit Development #1	Juan Sacco	8:24
Rootkit Development #2	Juan Sacco	15:40

Exploit Pack #1 – Add an exploit using the Wizard	Juan Sacco	7:47
Exploit Pack #2 – How to install	Juan Sacco	3:33
Exploit Pack #3 – AutoPwn	Juan Sacco	7:49
Exploit Pack #4 – Remote scanner	Juan Sacco	2:55
Exploit Pack #5 – Preference and Search box	Juan Sacco	3:40
Exploit Pack #6 – Reverse shell	Juan Sacco	6:27
Exploit Pack #7 – Update manager	Juan Sacco	3:12
Exploit Pack #7 – Module Wizard	Juan Sacco	7:00
Exploit Pack #8 – Creating a report	Juan Sacco	8:04
Exploit Pack #9 – Exploit an FTP Server	Juan Sacco	7:29

Category Archives: Vulnerability’s

1. Security Tracker

2. Hackerstorm

3. Hackerwatch

Raptor

Version

Tech

Installation (Tested on a Ubuntu 14.04 x64 LAMP instance)

Usage

Scanner

Rules Editor

Development

Contributors

License

Securing Web Application Technologies [SWAT] Checklist

ERROR HANDLING AND LOGGING

DATA PROTECTION

CONFIGURATION AND OPERATIONS

AUTHENTICATION

SESSION MANAGEMENT

INPUT AND OUTPUT HANDLING

ACCESS CONTROL

WAP – Web Application Protection

WebPwn3r

Web Applications Security Scanner

Features:

Wapiti

Wapiti can detect the following vulnerabilities :

General features :

Browsing features:

Top 10 Vulnerabilities

Top 10 Internal Vulnerabilities: February 2015

Top 10 External Vulnerabilities: February 2015

Basic scanning

Fingerprinting

Searching google and bing

Security Tutorials

Exploit Pack

Awesome

Platforms

Programming languages

Front-end development

Back-end development

Computer science

Big data

Theory

Miscellaneous

Awesome All

Contributing

Contents

Awesome-Awesome

Awesome Awesome

C

Clojure

Common Lisp

Go

Java

JavaScript

PHP

Python

Ruby

Scala

Swift

Awesome-Awesomes

Programming Languages

C

Clojure

Common Lisp

D

Elixir

Erlang

Go

Haskell

Java

JavaScript

PHP

Python

Ruby

Scala

Frameworks, platforms, etc

Securing Web Application Technologies
[SWAT] Checklist