1. IT-Security >
  2. IT Security Tools


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

IT Security Tools


Suchen

News RSS Quellen: 4x
News Kategorien unterhalb von IT Security Tools: 0x
News RSS Feeds dieser IT Security Tools Kategorie: RSS Feed IT Security Tools
Benutze Feedly zum Abonieren.Folge uns auf feedly
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).

Eigene IT Security Webseite / Blog / Quelle hinzufügen

Seitennavigation

Seite 1 von 269 Seiten (Bei Beitrag 1 - 35)
9.382x Beiträge in dieser Kategorie

Nächste 2 Seite | Letzte Seite

[ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ]

Burp Suite Extension - To Monitor And Keep Track of Tested Endpoints

Zur Kategorie wechselnIT Security Tools vom | Quelle: blog.hackersonlineclub.com Direktlink direkt öffnen


Burp Scope Monitor Extension

A Burp Suite Extension to monitor and keep track of tested endpoints.


Main Features


  • Simple, easy way to keep track of unique endpoints when testing an application
  • Mark individual endpoints as analyzed or not
  • Instantly understand when a new endpoint, not tested is requested
  • Accessible from Proxy tab (right click, mark request as analyzed/not)
  • Send to Repeater
  • Enforcement of Burp's in scope rules
  • Import/Export state file directly to a CSV file for
  • Autosave option


Installation


  1. Make sure you have Jython configured under Extender -> Options -> Python Environment. For further instructions, check PortSwigger official instructions at their support page.
  2. git clone [email protected]:Regala/burp-scope-monitor.git
  3. Import main.py in Extender - Extender -> Extensions -> Add -> Select Python -> Select main.py


Documentation

Most of the options available in General or Import tabs are auto-explanatory.


  • "Repeater request automatically marks as analyzed" - when issuing a request to an endpoint from repeater, it marks this request as analyzed automatically.
  • "Color request in Proxy tab" - this essentially applies the behavior of the extension in the Proxy tab, if you combine these options with "Show only highlighted items" in Proxy. However, it's not as pleasant to the eyes as the color pallete is limited.
  • "Autosave periodically" - backups the state file every 10 minutes. When activating this option, consider disabling "Autostart Scope Monitor". This is in order to maintain a different state file per Burp project. However, you can easily maintain only one, master state file.
  • "Import/Export" is dedicated to handle the saved state files. It's preferred to open your Burp project file associated with the Scope Monitor. It will still work if the Burp project is different, but when loading the saved entries, you won't be able to send them to Repeater or view the request itself in the Request/Response viewer (this is due to the fact that we are not storing the actually requests - just the endpoint, it's analyzed status and a couple of other more. This makes it a little bit more efficient).

Future Development


  • Keep track of parameters observed in all requests
  • Highlight when a new parameter was used in an already observed/analyzed endpoint
  • Export to spreadsheet / Google Sheets
  • Adding notes to the endpoint

Implementation

The code is not yet performant, optimized or anything similar. KISS and it works. Performance will be increased depending on demand and how the extension performs when handling large Burp projects.

To circumvent some of Burp's Extender API limitations, some small hacks were implemented. One of those is automatically setting a comment on the requests that flow in the Proxy tab.

You can still add comments on the items, as you'd normally would, but just make sure to keep the placeholder string (scope-monitor-placeholder) there.

Hopefully in the future each requestResponse from Burp will have a unique identifier, which would make the import state / load from file much cleaner and fast. With large state files, this might hang a bit when loading.

Download Burp Scope Monitor 

News Bewertung

Weiterlesen Weiterlesen

LibreOffice Macro Python Code Execution

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

This Metasploit module generates an ODT file with a dom loaded event that, when triggered, will execute arbitrary python code and the metasploit payload.
News Bewertung

Weiterlesen Weiterlesen

TOR Virtual Network Tunneling Tool 0.4.1.5

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
News Bewertung

Weiterlesen Weiterlesen

No cON Name 2019 Call For Papers

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

The No cON Name 2019 call for papers has been announced. It will be held in Barcelona, Spain, from November 14th and 15th, 2019.
News Bewertung

Weiterlesen Weiterlesen

Webmin 1.920 Remote Root

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Webmin version 1.920 remote root exploit.
News Bewertung

Weiterlesen Weiterlesen

CentOS Control Web Panel (CWP) 0.9.8.851 phpMyAdmin Password Change

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

CentOS Control Web Panel (CWP) version 0.9.8.851 allows an attacker to change arbitrary passwords.
News Bewertung

Weiterlesen Weiterlesen

CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

CentOS Control Web Panel (CWP) version 0.9.8.851 suffers from an arbitrary database dropping vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4107-1

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4107-1 - It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4106-1

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4106-1 - Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4105-1

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4105-1 - Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. It was discovered that CUPS did not properly handle client disconnection events. A local attacker could possibly use this issue to cause a denial of service or disclose memory from the CUPS server. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4104-1

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4104-1 - Donny Davis discovered that the Nova Compute service could return configuration or other information in response to a failed API request in some situations. A remote attacker could use this to expose sensitive information.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4103-2

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4103-2 - Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4103-1

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4103-1 - Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
News Bewertung

Weiterlesen Weiterlesen

CentOS Control Web Panel (CWP) 0.9.8.848 User Enumeration

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

CentOS Control Web Panel (CWP) version 0.9.8.848 suffers from a user enumeration vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Haveged 1.9.5 Alpha

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
News Bewertung

Weiterlesen Weiterlesen

WordPress Add Mime Types 2.2.1 Cross Site Request Forgery

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

WordPress Add Mime Types plugin version 2.2.1 suffers from a cross site request forgery vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Linux/x86_64 AVX2 XOR Decoder + execve("/bin/sh") Shellcode

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

62 bytes small Linux/x86_64 AVX2 XOR decoder + execve("/bin/sh") shellcode.
News Bewertung

Weiterlesen Weiterlesen

Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Microsoft Office365 and ProPlus build 16.0.11901.20204 suffers from code execution and protection bypass vulnerabilities.
News Bewertung

Weiterlesen Weiterlesen

Linux/x86_64 Reverse Shell TCP/4444 With Password Shellcode

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

120 bytes small Linux/x86_64 reverse (127.0.0.1:4444/TCP) shell (/bin/sh) + password (pass) shellcode.
News Bewertung

Weiterlesen Weiterlesen

Linux/MIPS64 Reverse Shell Shellcode

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

157 bytes small Linux/MIPS64 reverse (localhost:4444/TCP) shell shellcode.
News Bewertung

Weiterlesen Weiterlesen

FortiOS 5.6.7 / 6.0.4 Credential Disclosure

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 suffer from a credential disclosure vulnerability.
News Bewertung

Weiterlesen Weiterlesen

YouPHPTube 7.2 SQL Injection

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

YouPHPTube version 7.2 suffers from a remote SQL injection vulnerability in userCreate.json.php.
News Bewertung

Weiterlesen Weiterlesen

Mandos Encrypted File System Unattended Reboot Utility 1.8.8

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
News Bewertung

Weiterlesen Weiterlesen

Neo Billing 3.5 Cross Site Scripting

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Neo Billing version 3.5 suffers from a persistent cross site scripting vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Kimai 2 Cross Site Scripting

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Kimai version 2 suffers from a persistent cross site scripting vulnerability.
News Bewertung

Weiterlesen Weiterlesen

RAR Password Recovery 1.80 Denial Of Service

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

RAR Password Recovery version 1.80 suffers from a user name and registration code denial of service vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Webmin Remote Comman Execution

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Webmin unauthenticated remote command execution exploit that identifies whether or not a target is vulnerable.
News Bewertung

Weiterlesen Weiterlesen

MediaWiki OAuth2 Client 0.3 Cross Site Request Forgery

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

MediaWiki OAuth2 Client version 0.3 suffers from a cross site request forgery vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4078-2

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4078-2 - USN-4078-1 fixed several vulnerabilities in openldap. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4102-1

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4102-1 - It was discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4100-1

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4100-1 - It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and configuration files. It was discovered that KConfig allows remote attackers to write to arbitrary files via a ../ in a filename in an archive file.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-2519-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-2519-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, bypass, cross site scripting, denial of service, information leakage, and null pointer vulnerabilities.
News Bewertung

Weiterlesen Weiterlesen

Debian Security Advisory 4503-1

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Debian Linux Security Advisory 4503-1 - Three vulnerabilities have been discovered in the Go programming language; "net/url" accepted some invalid hosts in URLs which could result in authorisation bypass in some applications and the HTTP/2 implementation was susceptible to denial of service.
News Bewertung

Weiterlesen Weiterlesen

Gentoo Linux Security Advisory 201908-25

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Gentoo Linux Security Advisory 201908-25 - A vulnerability in hostapd and wpa_supplicant could lead to a Denial of Service condition. Versions less than 2.8 are affected.
News Bewertung

Weiterlesen Weiterlesen

Gentoo Linux Security Advisory 201908-24

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Gentoo Linux Security Advisory 201908-24 - Multiple vulnerabilities have been found in MariaDB and MySQL, the worst of which could result in privilege escalation. Versions less than 10.1.38-r1 are affected.
News Bewertung

Weiterlesen Weiterlesen

Seitennavigation

Seite 1 von 269 Seiten (Bei Beitrag 1 - 35)
9.382x Beiträge in dieser Kategorie

Nächste 2 Seite | Letzte Seite

[ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ]