Lynis 2.6.2 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade noteChanges:——–* Bugfix for Arch Linux (binary detection)* Textual changes for several tests* Update of tests databaseDownload Lynis 2.6.2

Link: http://feedproxy.google.com/~r/PentestTools/~3/vGkfwda54AA/lynis-262-security-auditing-tool-for.html

Config example for ipsec vpn with iPad native vpn client

The iPad native vpn client supports ikev2. I have searched many documents in the internet and most of them are example for site-to-site, very few useful documentation about remote access vpn with ipsec using ikev2 perhaps for remote access ssl vpn is more convenient and popular. So here’s the sample config. The config use certificate … Continue reading Config example for ipsec vpn with iPad native vpn client

Link: http://cyruslab.net/2018/01/31/config-example-for-ipsec-vpn-with-ipad-native-vpn-client/

Lynis 2.6.1 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade noteChanges:——–* Tests can have more than 1 required OS (e.g. Linux OR NetBSD)* Added ‘system-groups’ option to profile (Enterprise users)* Overhaul of default profile and migrate to new style (setting=value)* Show warning if old profile options are used* Improved detection of binaries* New group ‘usb’ for tests related to USB devicesTests:——* [FILE-6363] – New test for /var/tmp (sticky bit)* [MAIL-8802] – Added exim4 process name to improve detection of Exim* [NETW-3030] – Changed name of dhcp client name process and added udhcpc* [SSH-7408] – Restored UsePrivilegeSeparation* [TIME-3170] – Added chrony configuration file for NetBSDDownload Lynis 2.6.1

Link: http://feedproxy.google.com/~r/PentestTools/~3/AIu0Z3mo1gE/lynis-261-security-auditing-tool-for.html

Domain Analyzer – Analyze The Security Of Any Domain By Finding All the Information Possible

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way.HowDomain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresses, mails on Google, SPF information, etc. After all the information is stored and organized it scans the ports of every IP found using nmap and perform several other security checks. After the ports are found, it uses the tool crawler.py from @verovaleros, to spider the complete web page of all the web ports found. This tool has the option to download files and find open folders.Current version is 0.8 and the main features are:It creates a directory with all the information, including nmap output files.It uses colors to remark important information on the console.It detects some security problems like host name problems, unusual port numbers and zone transfers.It is heavily tested and it is very robust against DNS configuration problems.It uses nmap for active host detection, port scanning and version information (including nmap scripts).It searches for SPF records information to find new hostnames or IP addresses.It searches for reverse DNS names and compare them to the hostname.It prints out the country of every IP address.It creates a PDF file with results.It automatically detects and analyze sub-domains!It searches for domains emails.It checks the 192 most common hostnames in the DNS servers.It checks for Zone Transfer on every DNS server.It finds the reverse names of the /24 network range of every IP address.It finds active host using nmap complete set of techniques.It scan ports using nmap (remember that for the SYN scan you need to need root).It searches for host and port information using nmap.It automatically detects web servers used.It crawls every web server page using our crawler.py tool. See the description below.It filters out hostnames based on their name.It pseudo-randomly searches N domains in Google and automatically analyze them!Uses CTRL-C to stop current analysis stage and continue working.It can read an external file with domain names and try to find them on the domain.Bonus features@verovaleros developed a separate python web crawler called “crawler.py". Its main features are:Crawl http and https web sites.Crawl http and https web sites not using common ports.Uses regular expressions to find ‘href’ and ‘src’ html tag. Also content links.Identifies relative links.Identifies domain related emails.Identifies directory indexing.Detects references to URLs like ‘file:’, ‘feed=’, ‘mailto:’, ‘javascript:’ and others.Uses CTRL-C to stop current crawler stages and continue working.Identifies file extensions (zip, swf, sql, rar, etc.)Download files to a directory: Download every important file (images, documents, compressed files).Or download specified files types.Or download a predefined set of files (like ‘document’ files: .doc, .xls, .pdf, .odt, .gnumeric, etc.).Maximum amount of links to crawl. A default value of 5000 URLs is set.Follows redirections using HTML and JavaScript Location tag and HTTP response codes.This extended edition has more features!World-domination: You can automatically analyze the whole world! (if you have time)Robin-hood: Although it is still in development, it will let you send automatically an email to the mails found during scan with the analysis information.Robtex DNS: With this incredible function, every time you found a DNS servers with Zone Transfer, it will retrieve from the Robtex site other domains using that DNS server! It will automatically analyze them too! This can be a never ending test! Every vulnerable DNS server can be used by hundreds of domains, which in turn can be using other vulnerable DNS servers. BEWARE! Domains retrieved can be unrelated to the first one.Examples Find 10 random domains in the .gov domain and analyze them fully (including web crawling). If it finds some Zone Transfer, retrieve more domains using them from Robtex!! domain_analyzer.py -d .gov -k 10 -b (Very Quick and dirty) Find everything related with .edu.cn domain, store everything in directories. Do not search for active host, do not nmap scan them, do not reverse-dns the netblock, do not search for emails. domain_analyzer.py -d edu.cn -b -o -g -a -n Analyze the 386.edu.ru domain fully domain_analyzer.py -d 386.edu.ru -b -o (Pen tester mode). Analyze a domain fully. Do not find other domains. Print everything in a pdf file. Store everything on disk. When finished open Zenmap and show me the topology every host found at the same time! domain_analyzer.py -d amigos.net -o -e (Quick with web crawl only). Ignore everything with ‘google’ on it. domain_analyzer.py -d mil.cn -b -o -g -a -n -v google -x ‘-O –reason –webxml –traceroute -sS -sV -sC -PN -n -v -p 80,4443’ (Everything) Crawl up to 100 URLs of this site including subdomains. Store output into a file and download every INTERESTING file found to disk. crawler.py -u www.386.edu.ru -w -s -m 100 -f (Quick and dirty) Crawl the site very quick. Do not download files. Store the output to a file. crawler.py -u www.386.edu.ru -w -m 20 (If you want to analyze metadata later with lafoca). Verbose prints which extensions are being downloaded. Download only the set of archives corresponding to Documents (.doc, .docx, .ppt, .xls, .odt. etc.) crawler.py -u ieeeexplore.ieee.org/otherfiles/ -d -vMost of these features can be deactivated.ScreenshotsExample domain_analyzer.py -d .gov -k 10 -b InstallationJust untar the .tar.gz file and copy the python files to the /usr/bin/ directory. Domain_analyzer needs to be run as root. The crawler can be run as a non-privileged user. If you want all the features (web crawler, pdf and colors), which is nice, also copy these files to /usr/bin or /usr/local/binansistrm.pycrawler.pypyText2pdf.pyIf you have any issues with the GeoIP database, please download it from its original source here. And install it in where your system needs it, usually at /opt/local/share/GeoIP/GeoIP.datDownload Domain Analyzer

Link: http://feedproxy.google.com/~r/PentestTools/~3/9BtNHKYotpE/domain-analyzer-analyze-security-of-any.html

Autorize – Automatic Authorization Enforcement Detection Extension For Burp Suite

Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert, and Federico Dotta, a security expert at Mediaservice.net. Autorize was designed to help security testers by performing automatic authorization tests. With the last release now Autorize also perform automatic authentication tests.InstallationDownload Burp Suite (obviously): http://portswigger.net/burp/download.htmlDownload Jython standalone JAR: http://www.jython.org/downloads.htmlOpen burp -> Extender -> Options -> Python Environment -> Select File -> Choose the Jython standalone JARInstall Autorize from the BApp Store or follow these steps:Download the Autorize.py file.Open Burp -> Extender -> Extensions -> Add -> Choose Autorize.py file.See the Autorize tab and enjoy automatic authorization detection :)User Guide – How to use?After installation, the Autorize tab will be added to Burp.Open the configuration tab (Autorize -> Configuration).Get your low-privileged user authorization token header (Cookie / Authorization) and copy it into the textbox containing the text “Insert injected header here". Note: Headers inserted here will be replaced if present or added if not.Uncheck "Check unauthenticated" if the authentication test is not required (request without any cookies, to check for authentication enforcement in addiction to authorization enforcement with the cookies of low-privileged user)Click on "Intercept is off" to start intercepting the traffic in order to allow Autorize to check for authorization enforcement.Open a browser and configure the proxy settings so the traffic will be passed to Burp.Browse to the application you want to test with a high privileged user.The Autorize table will show you the request’s URL and enforcement status.It is possible to click on a specific URL and see the original/modified/unauthenticated request/response in order to investigate the differences.Authorization Enforcement StatusThere are 3 enforcement statuses: Bypassed! – Red color Enforced! – Green color Is enforced??? (please configure enforcement detector) – Yellow colorThe first 2 statuses are clear, so I won’t elaborate on them.The 3rd status means that Autorize cannot determine if authorization is enforced or not, and so Autorize will ask you to configure a filter in the enforcement detector tabs. There are two different enforcement detector tabs, one for the detection of the enforcement of low-privileged requests and one for the detection of the enforcement of unauthenticated requests.The enforcement detector filters will allow Autorize to detect authentication and authorization enforcement in the response of the server by content length or string (literal string or regex) in the message body, headers or in the full request.For example, if there is a request enforcement status that is detected as "Authorization enforced??? (please configure enforcement detector)" it is possible to investigate the modified/original/unauthenticated response and see that the modified response body includes the string "You are not authorized to perform action", so you can add a filter with the fingerprint value "You are not authorized to perform action", so Autorize will look for this fingerprint and will automatically detect that authorization is enforced. It is possible to do the same by defining content-length filter or fingerprint in headers.Interception FitlersThe interception filter allows you configure what domains you want to be intercepted by Autorize plugin, you can determine by blacklist/whitelist/regex or items in Burp’s scope in order to avoid unnesseary domains to be intercepted by Autorize and work more organized.Example of interception filters (Note that there is default filter to avoid scripts and images):AuthorsBarak Tawily, Application Security ExpertFederico Dotta, Security Expert at Mediaservice.netDownload Autorize

Link: http://feedproxy.google.com/~r/PentestTools/~3/MnFG2_D8vOM/autorize-automatic-authorization.html

Lynis 2.5.9 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade noteChanges:——–* Don’t show upgrade notice when being quiet/silent* Added –noplugins as an alias to skip execution of plugins* Use PATH variable for path detection, with predefined list as a backupTests:——* [KRNL-6000] Multiple values are now allowed per sysctl key* [KRNL-6000] Individual tests can be skipped (skip-test=KRNL-6000:Download Lynis 2.5.9

Link: http://feedproxy.google.com/~r/PentestTools/~3/ZZ-doxYR9rw/lynis-259-security-auditing-tool-for.html

cSploit Android – The most complete and advanced IT security professional toolkit on Android

cSploit is a free/libre and open source (GPLed) Android network analysis and penetration suite which aims to be the most complete and advanced professional toolkit for IT security experts/geeks to perform network security assessments on a mobile device.See more at www.cSploit.org.FeaturesMap your local networkFingerprint hosts’ operating systems and open portsAdd your own hosts outside the local networkIntegrated tracerouteIntegrated Metasploit framework RPCd Search hosts for known vulnerabilities via integrated Metasploit daemonAdjust exploit settings, launch, and create shell consoles on exploited systemsMore comingForge TCP/UDP packetsPerform man in the middle attacks (MITM) including: Image, text, and video replacement– replace your own content on unencrypted web pagesJavaScript injection– add your own javascript to unencrypted web pages.password sniffing ( with common protocols dissection )Capture pcap network traffic filesReal time traffic manipulation to replace images/text/inject into web pagesDNS spoofing to redirect traffic to different domainBreak existing connectionsRedirect traffic to another addressSession Hijacking– listen for unencrypted cookies and clone them to take Web sessionTutorials: Use cSploit to get root shell on Metasploitable2Use cSploit for simple Man-in-the-Middle (MITM security demosAlso see the wiki for instructions on building, reporting issues, and more.RequirementsA ROOTED Android version 2.3 (Gingerbread) or a newer versionThe Android OS must have a BusyBox full installation with every utility installed (not the partial installation). If you do not have busybox already, you can get it here or here (note cSploit does not endorse any busybox installer, these are just two we found).You must install SuperSU (it will work only if you have it)Download cSploit Android

Link: http://feedproxy.google.com/~r/PentestTools/~3/Jb2MP6ID8IM/csploit-android-most-complete-and.html