Mar 27, 2015

Howto: Fix "Gem::InstallError: metasploit_data_models requires Ruby version >= 2.1" in Metasploit

If you found error "Gem::InstallError: metasploit_data_models requires Ruby version >= 2.1", try to change your ruby to version >=2.1.0

if you use rvm
(#source /usr/local/rvm/scripts/rvm)
# rvm use ruby-2.2.0

if you use ubuntu
# update-alternatives --config ruby

Mar 25, 2015

Tools: Commix - Automated All-in-One OS Command Injection and Exploitation Tool

Commix (short for [com]mand [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language.

Source:: https://github.com/stasinopoulos/commix

Mar 24, 2015

Solaris Auditd Log Class

0x00000001:fr:file read
0x00000002:fw:file write
0x00000008:fm:file attribute modify
0x00000010:fc:file create
0x00000020:fd:file delete
0x00000080:pc:process
0x00000800:ad:administrative
0x00001000:lo:login or logout
0x40000000:ex:exec
0xffffffff:all:all classes   

Source:: http://www.deer-run.com/~hal/sysadmin/SolarisBSMAuditing.html

Mar 23, 2015

Howto: Install and use ssllabs-scan on Ubuntu

1. Install GO Language
# apt-get install golang

2. Download ssllab-scan
# git clone https://github.com/ssllabs/ssllabs-scan

3. Run with
# go run ssllabs-scan.go <Target>

Example::
# go run ssl-labs-scan.go https://www.gmail.com

 



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Mar 19, 2015

Tools: FastNetMon - high performance DoS/DDoS analyzer with sflow/netflow/mirror support

FastNetMon - A high performance DoS/DDoS and netflowk load analyzer built on top of multiple packet capture engines (netmap, PF_RING, sFLOW, Netflow, PCAP).
What can we do? We can detect hosts in our own network with a large amount of packets per second/bytes per second or flow per second incoming or outgoing from certain hosts. And we can call an external script which can notify you, switch off a server or blackhole the client.
Why did we write this? Because we can't find any software for solving this problem in the open source world!

Source:: https://github.com/FastVPSEestiOu/fastnetmon

 

Mar 18, 2015

Tools: Flawfinder - Static/Dynamic code analysis - Apple IOS

a simple program that examines C/C++ source code and reports possible security weaknesses (“flaws”) sorted by risk level. It’s very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public

Source:: http://opensourcesecuritynestle.blogspot.in/2015/03/staticdynamic-code-analysis-apple-ios.html

Tools: Fast Incident Response

FIR (Fast Incident Response) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents.
FIR is for anyone needing to track cybersecurity incidents (CSIRTs, CERTs, SOCs, etc.). It's was tailored to suit our needs and our team's habits, but we put a great deal of effort into making it as generic as possible before releasing it so that other teams around the world may also use it and customize it as they see fit.

Source::  https://github.com/certsocietegenerale/FIR

 

Tools: ssllabs-scan

This tool is a command-line client for the SSL Labs APIs, designed for automated and/or bulk testing.  If you'd like to contribute, please have a look at the TODO file. For larger work, please get in touch first. For smaller work (there are some TODO comments in the source code), feel free to submit pull requests.

Source:: https://github.com/ssllabs/ssllabs-scan/

 

Mar 1, 2015

Tools: Jack - ClickJacking PoC development assistance tool.








ClickJacking PoC development assistance tool.
Jack is a static HTML and JavaScript web-based tool. To get Jack up and running, serve the index.html file in a manner of your choice and ClickJack away. Be sure to check your browser settings when PoC'ing HTTPS based targets as most browsers will not allow embedding HTTPS resources into iFrames.


Source:: https://github.com/sensepost/Jack

 

Feb 25, 2015

Howto: Install Google Chrome on Ubuntu 14.04

Google Chrome is available on 3rd Party Repository: Google, so you can install it or update it with apt-get

1. Install Key
# wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add - 

2. Add new repository
# sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'

3. Install it
# apt-get update
# apt-get install google-chrome-stable
# apt-get -f install



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.