RTA (Red Team Arsenal) – An Intelligent Scanner To Detect Security Vulnerabilities In Companies Layer 7 Assets

Red Team Arsenal is a web/network security scanner which has the capability to scan all company’s online facing assets and provide an holistic security view of any security anomalies. It’s a closely linked collections of security engines to conduct/simulate attacks and monitor public facing assets for anomalies and leaks.It’s an intelligent scanner detecting security anomalies in all layer 7 assets and gives a detailed report with integration support with nessus. As companies continue to expand their footprint on INTERNET via various acquisitions and geographical expansions, human driven security engineering is not scalable, hence, companies need feedback driven automated systems to stay put.InstallationSupported PlatformsRTA has been tested both on Ubuntu/Debian (apt-get based distros) and as well as Mac OS. It should ideally work with any linux based distributions with mongo and python installed (install required python libraries from install/py_dependencies manually).Prerequisites:There are a few packages which are necessary before proceeding with the installation:Git client: sudo apt-get install gitPython 2.7, which is installed by default in most systemsPython pip: sudo apt-get install python-pipMongoDB: Read the official installation guide to install it on your machine.Finally run python install/install.pyThere are also optional packages/tools you can install (highly recommended):Integrating Nessus:Integrating Nessus into Red Team Arsenal can be done is simple 3 steps:Download and install Nessus community edition (if you don’t have a paid edition). If you already have an installation (it can be remote installation as well), then go to step (2). Update the config file (present on the root directory of RTA) with Nessus URL, username and password. Create a nessus policy where you can configure the type of scans and plugins to run and name it RTA (Case sensitive – use full uppercase). Once the config file has the correct Nessus information (url, username, password), use the flag –nessus while running RTA to launch nessus scan over the entire subdomains gathered by RTA (one single scan initiated with all the subdomains gathered). Usage Short Form Long Form Description -u –url Domain URL to scan -v –verbose Enable the verbose mode and display results in realtime -n –nessus Launch a Nessus scan with all the subdomains -s –scraper Run scraper based on config keywords -h –help show the help message and exit Sample Outputa0xnirudh@exploitbox /RTA (master*) $ python rta.py –url “0daylabs.com" -v -s ____ _ _____ _ _ | _ \ ___ __| | |_ _|__ __ _ _ __ ___ / \ _ __ ___ ___ _ __ __ _| | | |_) / _ \/ _` | | |/ _ \/ _` | ‘_ ` _ \ / _ \ | ‘__/ __|/ _ \ ‘_ \ / _` | | | _ < __/ (_| | | | __/ (_| | | | | | | / ___ \| | \__ \ __/ | | | (_| | | |_| \_\___|\__,_| |_|\___|\__,_|_| |_| |_| /_/ \_\_| |___/\___|_| |_|\__,_|_|[i] Checking for Zonetransfer[i] Zone Transfer is not enabled[i] Checking for SPF records[+] SPF record lookups is good. Current value is: 9[-] Enumerating subdomains now for 0daylabs.com[-] Searching now in Baidu..[-] Searching now in Yahoo..[-] Searching now in Google..[-] Searching now in Bing..[-] Searching now in Ask..[-] Searching now in Netcraft..[-] Searching now in DNSdumpster..[-] Searching now in Virustotal..[-] Searching now in ThreatCrowd..[-] Searching now in SSL Certificates..[-] Searching now in PassiveDNS..[-] Total Unique Subdomains Found: 3blog.0daylabs.comwww.0daylabs.comtest.0daylabs.com[+] Verifying Subdomains and takeover options[+] Possible subdomain takeovers (Manual verification required): test.0daylabs.com[i] Verified and Analyzed Subdomains:[i] URL: blog.0daylabs.com[i] Wappalyzer: [u'jQuery', u'Varnish', u'Font Awesome', u'Twitter Bootstrap', u'Google Analytics', u'Google Font API', u'Disqus', u'Google AdSense'][i] Scraper Results[+] ShodanHostname: test.0daylabs.com IP: Ports: 179Hostname: test.0daylabs.com IP: Ports: 179[+] TwitterURL: https://twitter.com/tweetrpersonal9/status/832624003751694340 search string: 0daylabsURL: https://twitter.com/ratokeshi/status/823957535564644355 search string: 0daylabsNotificationsConfiguring Slack:RTA can also do push notifications to slack which includes the main scan highlight along with Nessus and other integrated scanner reports divided on the basis of severity.In your slack, create an incoming webhook and point it to the channel where you need the RTA to send the report. You can read more about creating incoming webhooks on slack documentation. In the config file, update the URL in the slack section with full URL (including https://) for the incoming webhook. Once slack is configured, you will automatically start getting reports on your configured slack channelRoadmapHere are couple of ideas which we have in mind to do going ahead with RTA. If you have any ideas/feature requests which is not listed below, feel free to raise an issue in github.Email the results once the scan is completed. Extend the current RTA API so that we can launch custom scans with required options via the API. Launch custom scans based on Wappalyzer results (eg: wpscan if wordpress is detected) Investigate and integrate more web security scanners including but not limited to Arachni, Wapiti, Skipfish and others ! JSON/XML output formatting for the RTA scan result. Improving the logic for Subdomain takeover. Multi threading support for faster scan comple. ContributorsAwesome people who built this project:Lead Developers:Anirudh Anand (@a0xnirudh)Project Contributors:Mohan KK (@MohanKallepalli)Ankur Bhargava (@_AnkurB)Prajal Kulkarni (@prajalkulkarni)Himanshu Kumar Das (@mehimansu)Special ThanksSublist3rDownload RTA

Link: http://feedproxy.google.com/~r/PentestTools/~3/MXF7YfYc5U8/rta-red-team-arsenal-intelligent.html

How Can Manufacturing Companies Improve Network Access and Security?

The manufacturing industry faces complex challenges other sectors of the economy need not worry about. Manufacturers rely heavily on everything from positive global economic trends to laws that lift certain burdens. And companies involved with manufacturing consistently focus on increased productivity with an eye for maintaining a cost-effective bottom line. While all these things present unique challenges. Arguably, among the most difficult challenges come from maximizing security on all levels. Computers, IT networks, and data storage locations must remain secure or else all kinds of chaos may reign down on a company. Taking steps to improve security must be a multi-faceted process. Anything left unsecured simply presents a troubling hazard. What contributes to security complexities in the manufacturing world? A simple answer would be “many things." One of the more specific reasons reveals itself when examining issues surrounding third-parties and manufacturing companies. Manufacturing companies do not exist as islands unto themselves.Third-Party ConcernsManufacturers do need to move and sell merchandise. Therefore, manufacturers maintain close relationships with distributors and vendors. To eliminate cumbersome steps and unwanted costs, third-parties may be given access to private networks and data in a manufacturing company. To speed up access, these third-parties might receive single sign on privileges. Clearly, the various third-party actors should not be accessing anything until the company has a strong permissions system in place. Controlling access and auditing those granted permissions could assist with any decisions to better enhance third-party security in the future.Exploring the services offered by OneLogin reveals insight into how SSO and access management can be performed. Based in San Francisco, OneLogin assists many clients with access management needs. OneLogin has also published information on its website to contribute free advice on how to raise awareness about security and access management issues.Don’t Make Compromising Security EasyUtilizing single sign on (SSO) programs does make it easier for everyone to log into a company’s system. So, creating better and more complicated passwords makes sense since the sign on process has been made easier. And complicated, difficult-to-crack passwords deliver significant benefits to a manufacturing business worried about security. Stolen or otherwise compromised passwords and credentials account for a tremendous number of unauthorized breaches to a network. As shocking as it sounds, staff and management in many companies use highly-common and easily-guessable passwords. They also do not secure passwords. Writing down a password and leaving it on a desk or in a public place hardly cute down on the potential for unauthorized access.Password and other credentials must be kept secure. Otherwise, security breach risks increase dramatically. As simple as this basic truism remains, people don’t always heed the advice.Beware of HackersActually, manufacturing companies must do more than just be on the alert for hackers. Specific steps must be taken to protect computers and networks from hackers, viruses, and other risks capable fo threatening the system. Perhaps the time has arrived to bring in a security expert to perform a critical audit. If the audit reveals deficiencies, direct steps must be taken to close them up. Otherwise, an ajar or outright open security window exists to create easy access for troublemakers. Yes, there may be additional expenses required to boost computer and network security. These costs may be well worth the expense considering the protections they deliver.Address Current Identity Management IssuesCertain identity management operational systems might be the same ones used by a company for years. The classic "support ticket" approach to dealing with network problems or concerns never seems to be upgraded at various businesses. While things may seem to be working fine, the slow, unproductive, and potentially costly nature of using an outdated system cries for an upgrade. When identity management issues run the risk of being improperly handled due to old and outdated approaches.Upgrades should be performed at all levels of operations when appropriate. Companies such as OneLogin do strive to modernize access management in manufacturing and other industries. Looking at how this company works for inspiration might be worth the time commitment.

Link: http://feedproxy.google.com/~r/PentestTools/~3/Nb3bIEi7Rl4/how-can-manufacturing-companies-improve.html

Cisco, Tufin, Infocyte, & ObserveIT – Enterprise Security Weekly #87

In the news this week, Product announcements from Infoblox, Infocyte, ObserveIT, ThreatQuotient, Cisco and Tufin. Symantec could be in hot water, and CA and Palo Alto both made a recent acquisition, and more on this episode of Enterprise Security Weekly! Enterprise News Infoblox Enhances SaaS based Security to Address the DNS Cybersecurity Blind Spot Linux […]
The post Cisco, Tufin, Infocyte, & ObserveIT – Enterprise Security Weekly #87 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/W3fJbKpQ4kQ/

JShielder – Automates The Process Of Installing All The Necessary Packages To Host A Web Application And Hardening A Linux Server

JSHielder is an Open Source tool developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server with little interaction from the user. Newly added script follows CIS Benchmark Guidance to establish a Secure configuration posture for Linux systems.This tool is a Bash Script that hardens the Linux Server security automatically and the steps followed are:Configures a HostnameReconfigures the TimezoneUpdates the entire SystemCreates a New Admin user so you can manage your server safely without the need of doing remote connections with root.Helps user Generate Secure RSA Keys, so that remote access to your server is done exclusive from your local pc and no Conventional passwordConfigures, Optimize and secures the SSH Server (Some Settings Following CIS Benchmark Ubuntu 16.04)Configures IPTABLES Rules to protect the server from common attacksProtects the server against Brute Force attacks by installing a configuring fail2banStop Portscans by blocking intrusive IP via IPTABLES using portsentryInstall, configure, and optimize MySQLInstall the Apache Web ServerInstall, configure and secure PHPSecure Apache via configuration file and with installation of the Modules ModSecurity, ModEvasive, Qos and SpamHausInstalls RootKit HunterSecures Root Home and Grub Configuration FilesInstalls Unhide to help Detect Malicious Hidden ProcessesInstalls Tiger, A Security Auditing and Intrusion Prevention systemRestrict Access to Apache Config FilesDisable CompilersCreates Daily Cron job for System UpdatesKernel Hardening via sysctl configuration File (Tweaked)Other Hardening StepsAdded PHP Suhosin Installation to protect PHP Code and Core for Known and Unknown flaws (Removed on Ubuntu 16.04)Use of Function for code execution customizationDistro Selection MenuFunction Selection MenuDeployment Selection Menu (LAMP, LEMP, Reverse Proxy)Added LEMP Deployment with ModSecurityAdded /tmp folder HardeningAdded PSAD IDS installationAdded Process AccountingAdded Unattended UpgradesAdded MOTD and Banners for Unauthorized accessDisable USB Support for Improved Security (Optional)Restrictive Default UMASKAdded Additional Hardening StepsAuditd installSysstat installArpWatch installHardening steps following CIS BenchmarkSecures CronDisables Unused Filesystems and Uncommon Network protocolsConfigure Auditd rules following CIS benchmark (Ubuntu 16.04)Automates the process of setting a GRUB Bootloader PasswordSecures Boot SettingsSets Secure File Permissions for Critical System FilesNEWLY ADDED FUNCTIONSeparate Hardening Script Following CIS Benchmark Guidance https://www.cisecurity.org/benchmark/ubuntu_linux/ (Ubuntu 16.04)To Run the tool./jshielder.shAs the Root userIssuesHaving Problems, please open a New Issue for JShielder on Github.Distro AvailabilityUbuntu Server 14.04LTSUbuntu Server 16.04LTSNotesAfter Final Release of Ubuntu 18.04LTS, will not be maintaining Jshielder for Ubuntu 14.04. Will focus on last 2 major LTS Releases.ChangeLogv2.3 More Hardening steps Following some CIS Benchmark items for LAMP Deployerv2.2.1 Removed suhosing installation on Ubuntu 16.04, Fixed MySQL Configuration, GRUB Bootloader Setup function, Server IP now obtain via ip route to not rely on interface namingv2.2 Added new Hardening option following CIS Benchmark Guidancev2.1 Hardened SSH Configuration, Tweaked Kernel Security Config, Fixed iptables rules not loading on Boot. Added auditd, sysstat, arpwatch install.v2.0 More Deployment Options, Selection Menu, PHP Suhosin installation, Cleaner Code,v1.0 – New CodeDeveloped by Jason Sotohttps://www.jasonsoto.comhttps://github.com/jsitechTwitter = @JsiTechDownload JShielder

Link: http://feedproxy.google.com/~r/PentestTools/~3/YI0WA71K2Mw/jshielder-automates-process-of.html

How to check if your Facebook data was sold in Cambridge Analytica scandal

Facebook caught itself in a big trouble after it was reported how Cambridge Analytica harvested data of over 87 million users and sold it to third party. The data was even used in 2016 U.S. presidential election. After that, Facebook is working hard to rebuild its reputation and trying hard to convince users that it […]
The post How to check if your Facebook data was sold in Cambridge Analytica scandal appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/4z51psHYyd8/how-to-check-if-your-facebook-data-was-sold-in-cambridge-analytica-scandal.html