Dawnscanner – Dawn Is A Static Analysis Security Scanner For Ruby Written Web Applications (Sinatra, Padrino And ROR Frameworks)

dawnscanner is a source code scanner designed to review your ruby code for security issues.dawnscanner is able to scan plain ruby scripts (e.g. command line applications) but all its features are unleashed when dealing with web applications source code. dawnscanner is able to scan major MVC (Model View Controller) frameworks, out of the box:Ruby on RailsSinatraPadrinoQuick update from November, 2018As you can see dawnscanner is on hold since more then an year. Sorry for that. It’s life. I was overwhelmed by tons of stuff and I dedicated free time to Offensive Security certifications. True to be told, I’m starting OSCE journey really soon.The dawnscanner project will be updated soon with new security checks and kickstarted again.Paolodawnscanner version 1.6.6 has 235 security checks loaded in its knowledge base. Most of them are CVE bulletins applying to gems or the ruby interpreter itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.An overall introductionWhen you run dawnscanner on your code it parses your project Gemfile.lock looking for the gems used and it tries to detect the ruby interpreter version you are using or you declared in your ruby version management tool you like most (RVM, rbenv, …).Then the tool tries to detect the MVC framework your web application uses and it applies the security check accordingly. There checks designed to match rails application or checks that are appliable to any ruby code.dawnscanner can also understand the code in your views and to backtrack sinks to spot cross site scripting and sql injections introduced by the code you actually wrote. In the project roadmap this is the code most of the future development effort will be focused on.dawnscanner security scan result is a list of vulnerabilities with some mitigation actions you want to follow in order to build a stronger web application.InstallationYou can install latest dawnscanner version, fetching it from Rubygems by typing:$ gem install dawnscanner If you want to add dawn to your project Gemfile, you must add the following:group :development do gem ‘dawnscanner’, :require=>falseendAnd then upgrade your bundle$ bundle installYou may want to build it from source, so you have to check it out from github first:$ git clone https://github.com/thesp0nge/dawnscanner.git$ cd dawnscanner$ bundle install$ rake installAnd the dawnscanner gem will be built in a pkg directory and then installed on your system. Please note that you have to manage dependencies on your own this way. It makes sense only if you want to hack the code or something like that.UsageYou can start your code review with dawnscanner very easily. Simply tell the tool where the project root directory.Underlying MVC framework is autodetected by dawnscanner using target Gemfile.lock file. If autodetect fails for some reason, the tool will complain about it and you have to specify if it’s a rails, sinatra or padrino web application by hand.Basic usage is to specify some optional command line option to fit best your needs, and to specify the target directory where your code is stored.$ dawn [options] targetIn case of need, there is a quick command line option reference running dawn -h at your OS prompt.$ dawn -hUsage: dawn [options] target_directoryExamples: $ dawn a_sinatra_webapp_directory $ dawn -C the_rails_blog_engine $ dawn -C –json a_sinatra_webapp_directory $ dawn –ascii-tabular-report my_rails_blog_ecommerce $ dawn –html -F my_report.html my_rails_blog_ecommerce -G, –gem-lock force dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock (DEPRECATED) -d, –dependencies force dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lockReporting -a, –ascii-tabular-report cause dawn to format findings using tables in ascii art (DEPRECATED) -j, –json cause dawn to format findings using json -K, –console cause dawn to format findings using plain ascii text -C, –count-only dawn will only count vulnerabilities (useful for scripts) -z, –exit-on-warn dawn will return number of found vulnerabilities as exit code -F, –file filename tells dawn to write output to filename -c, –config-file filename tells dawn to load configuration from filenameDisable security check family –disable-cve-bulletins disable all CVE security checks –disable-code-quality disable all code quality checks –disable-code-style disable all code style checks –disable-owasp-ror-cheatsheet disable all Owasp Ruby on Rails cheatsheet checks –disable-owasp-top-10 disable all Owasp Top 10 checksFlags useful to query Dawn -S, –search-knowledge-base [check_name] search check_name in the knowledge base –list-knowledge-base list knowledge-base content –list-known-families list security check families contained in dawn’s knowledge base –list-known-framework list ruby MVC frameworks supported by dawn –list-scan-registry list past scan informations stored in scan registry Service flags -D, –debug enters dawn debug mode -V, –verbose the output will be more verbose -v, –version show version information -h, –help show this helpRake taskTo include dawnscanner in your rake task list, you simply have to put this line in your Rakefilerequire ‘dawn/tasks’Then executing $ rake -T you will have a dawn:run task you want to execute.$ rake -T…rake dawn:run # Execute dawnscanner on the current directory…Interacting with the knowledge baseYou can dump all security checks in the knowledge base this way$ dawn –list-knowledge-baseUseful in scripts, you can use –search-knowledge-base or -S with as parameter the check name you want to see if it’s implemented as a security control or not.$ dawn -S CVE-2013-642107:59:30 [*] dawn v1.1.0 is starting upCVE-2013-6421 found in knowledgebase.$ dawn -S this_test_does_not_exist08:02:17 [*] dawn v1.1.0 is starting upthis_test_does_not_exist not found in knowledgebasedawnscanner security scan in actionAs output, dawnscanner will put all security checks that are failed during the scan.This the result of Codedake::dawnscanner running against a Sinatra 1.4.2 web application wrote for a talk I delivered in 2013 at Railsberry conference.As you may see, dawnscanner first detects MVC running the application by looking at Gemfile.lock, than it discards all security checks not appliable to Sinatra (49 security checks, in version 1.0, especially designed for Ruby on Rails) and it applies them.$ dawn ~/src/hacking/railsberry201318:40:27 [*] dawn v1.1.0 is starting up18:40:27 [$] dawn: scanning /Users/thesp0nge/src/hacking/railsberry201318:40:27 [$] dawn: sinatra v1.4.2 detected18:40:27 [$] dawn: applying all security checks18:40:27 [$] dawn: 109 security checks applied – 0 security checks skipped18:40:27 [$] dawn: 1 vulnerabilities found18:40:27 [!] dawn: CVE-2013-1800 check failed18:40:27 [$] dawn: Severity: high18:40:27 [$] dawn: Priority: unknown18:40:27 [$] dawn: Description: The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.18:40:27 [$] dawn: Solution: Please use crack gem version 0.3.2 or above. Correct your gemfile18:40:27 [$] dawn: Evidence:18:40:27 [$] dawn: Vulnerable crack gem version found: 0.3.118:40:27 [*] dawn is leavingWhen you run dawnscanner on a web application with up to date dependencies, it’s likely to return a friendly no vulnerabilities found message. Keep it up working that way!This is dawnscanner running against a Padrino web application I wrote for a scorecard quiz game about application security. Italian language only. Sorry.18:42:39 [*] dawn v1.1.0 is starting up18:42:39 [$] dawn: scanning /Users/thesp0nge/src/CORE_PROJECTS/scorecard18:42:39 [$] dawn: padrino v0.11.2 detected18:42:39 [$] dawn: applying all security checks18:42:39 [$] dawn: 109 security checks applied – 0 security checks skipped18:42:39 [*] dawn: no vulnerabilities found.18:42:39 [*] dawn is leavingIf you need a fancy HTML report about your scan, just ask it to dawnscanner with the –html flag used with the –file since I wanto to save the HTML to disk.$ dawn /Users/thesp0nge/src/hacking/rt_first_app –html –file report.html09:00:54 [*] dawn v1.1.0 is starting up09:00:54 [*] dawn: report.html created (2952 bytes)09:00:54 [*] dawn is leavingUseful linksProject homepage: http://dawnscanner.orgTwitter profile: @dawnscannerGithub repository: https://github.com/thesp0nge/dawnscannerMailing list: https://groups.google.com/forum/#!forum/dawnscannerThanks tosaten: first issue posted about a typo in the READMEpresidentbeef: for his outstanding work that inspired me creating dawn and for double check comparison matrix. Issue #2 is yours :)marinerJB: for misc bug reports and further ideasMatteo: for ideas on API and their usage with github.com hooksDownload Dawnscanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/gox5JYdlGTc/dawnscanner-dawn-is-static-analysis.html

Cameradar v2.1.0 – Hacks Its Way Into RTSP Videosurveillance Cameras

  An RTSP stream access tool that comes with its libraryCameradar allows you toDetect open RTSP hosts on any accessible target hostDetect which device model is streamingLaunch automated dictionary attacks to get their stream route (e.g.: /live.sdp)Launch automated dictionary attacks to get the username and password of the camerasRetrieve a complete and user-friendly report of the resultsDocker Image for CameradarInstall docker on your machine, and run the following command:docker run -t ullaakut/cameradar -t <other command-line options>See command-line options.e.g.: docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l will scan the ports 554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and attack the discovered RTSP streams and will output debug logs.YOUR_TARGET can be a subnet (e.g.: 172.16.100.0/24), an IP (e.g.: 172.16.100.10), or a range of IPs (e.g.: 172.16.100.10-20).If you want to get the precise results of the nmap scan in the form of an XML file, you can add -v /your/path:/tmp/cameradar_scan.xml to the docker run command, before ullaakut/cameradar.If you use the -r and -c options to specify your custom dictionaries, make sure to also use a volume to add them to the docker container. Example: docker run -t -v /path/to/dictionaries/:/tmp/ ullaakut/cameradar -r /tmp/myroutes -c /tmp/mycredentials.json -t mytargetInstalling the binary on your machineOnly use this solution if for some reason using docker is not an option for you or if you want to locally build Cameradar on your machine.DependenciesgodepInstalling depOSX: brew install dep and brew upgrade depOthers: Download the release package for your OS hereSteps to installMake sure you installed the dependencies mentionned above.go get github.com/Ullaakut/cameradarcd $GOPATH/src/github.com/Ullaakut/cameradardep ensurecd cameradargo installThe cameradar binary is now in your $GOPATH/bin ready to be used. See command line options here.LibraryDependencies of the librarycurl-dev / libcurl (depending on your OS)nmapgithub.com/pkg/errorsgopkg.in/go-playground/validator.v9github.com/andelf/go-curlInstalling the librarygo get github.com/Ullaakut/cameradarAfter this command, the cameradar library is ready to use. Its source will be in:$GOPATH/src/pkg/github.com/Ullaakut/cameradarYou can use go get -u to update the package.Here is an overview of the exposed functions of this library:DiscoveryYou can use the cameradar library for simple discovery purposes if you don’t need to access the cameras but just to be aware of their existence.This describes the nmap time presets. You can pass a value between 1 and 5 as described in this table, to the NmapRun function.AttackIf you already know which hosts and ports you want to attack, you can also skip the discovery part and use directly the attack functions. The attack functions also take a timeout value as a parameter.Data modelsHere are the different data models useful to use the exposed functions of the cameradar library.Dictionary loadersThe cameradar library also provides two functions that take file paths as inputs and return the appropriate data models filled.ConfigurationThe RTSP port used for most cameras is 554, so you should probably specify 554 as one of the ports you scan. Not specifying any ports to the cameradar application will scan the 554 and 8554 ports.docker run -t –net=host ullaakut/cameradar -p “18554,19000-19010" -t localhost will scan the ports 18554, and the range of ports between 19000 and 19010 on localhost.You can use your own files for the ids and routes dictionaries used to attack the cameras, but the Cameradar repository already gives you a good base that works with most cameras, in the /dictionaries folder.docker run -t -v /my/folder/with/dictionaries:/tmp/dictionaries \ ullaakut/cameradar \ -r "/tmp/dictionaries/my_routes" \ -c "/tmp/dictionaries/my_credentials.json" \ -t 172.19.124.0/24This will put the contents of your folder containing dictionaries in the docker image and will use it for the dictionary attack instead of the default dictionaries provided in the cameradar repo.Check camera accessIf you have VLC Media Player, you should be able to use the GUI or the command-line to connect to the RTSP stream using this format : rtsp://username:password@address:port/routeWith the above result, the RTSP URL would be rtsp://admin:12345@173.16.100.45:554/live.sdpCommand line options"-t, –target": Set target. Required. Target can be a file (see instructions on how to format the file), an IP, an IP range, a subnetwork, or a combination of those."-p, –ports": (Default: 554,8554) Set custom ports."-s, –speed": (Default: 4) Set custom nmap discovery presets to improve speed or accuracy. It’s recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. See this for more info on the nmap timing templates."-T, –timeout": (Default: 2000) Set custom timeout value in miliseconds after which an attack attempt without an answer should give up. It’s recommended to increase it when attempting to scan unstable and slow networks or to decrease it on very performant and reliable networks."-r, –custom-routes": (Default: <CAMERADAR_GOPATH>/dictionaries/routes) Set custom dictionary path for routes"-c, –custom-credentials": (Default: <CAMERADAR_GOPATH>/dictionaries/credentials.json) Set custom dictionary path for credentials"-o, –nmap-output": (Default: /tmp/cameradar_scan.xml) Set custom nmap output path"-l, –log": Enable debug logs (nmap requests, curl describe requests, etc.)"-h" : Display the usage informationFormat input fileThe file can contain IPs, hostnames, IP ranges and subnetwork, separated by newlines. Example:0.0.0.0localhost192.17.0.0/16192.168.1.140-255192.168.2-3.0-255Environment VariablesCAMERADAR_TARGETThis variable is mandatory and specifies the target that cameradar should scan and attempt to access RTSP streams on.Examples:172.16.100.0/24192.168.1.1localhost192.168.1.140-255192.168.2-3.0-255CAMERADAR_PORTSThis variable is optional and allows you to specify the ports on which to run the scans.Default value: 554,8554It is recommended not to change these except if you are certain that cameras have been configured to stream RTSP over a different port. 99.9% of cameras are streaming on these ports.CAMERADAR_NMAP_OUTPUT_FILEThis variable is optional and allows you to specify on which file nmap will write its output.Default value: /tmp/cameradar_scan.xmlThis can be useful only if you want to read the files yourself, if you don’t want it to write in your /tmp folder, or if you want to use only the RunNmap function in cameradar, and do its parsing manually.CAMERADAR_CUSTOM_ROUTES, CAMERADAR_CUSTOM_CREDENTIALSThese variables are optional, allowing to replace the default dictionaries with custom ones, for the dictionary attack.Default values: <CAMERADAR_GOPATH>/dictionaries/routes and <CAMERADAR_GOPATH>/dictionaries/credentials.jsonCAMERADAR_SPEEDThis optional variable allows you to set custom nmap discovery presets to improve speed or accuracy. It’s recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. See this for more info on the nmap timing templates.Default value: 4CAMERADAR_TIMEOUTThis optional variable allows you to set custom timeout value in miliseconds after which an attack attempt without an answer should give up. It’s recommended to increase it when attempting to scan unstable and slow networks or to decrease it on very performant and reliable networks.Default value: 2000CAMERADAR_LOGSThis optional variable allows you to enable a more verbose output to have more information about what is going on.It will output nmap results, cURL requests, etc.Default: falseContributionBuildDocker buildTo build the docker image, simply run docker build -t . cameradar in the root of the project.Your image will be called cameradar and NOT ullaakut/cameradar.Go buildTo build the project without docker:Install depOSX: brew install dep and brew upgrade depOthers: Download the release package for your OS heredep ensurego build to build the librarycd cameradar && go build to build the binaryThe cameradar binary is now in the root of the directory.See the contribution document to get started.Frequently Asked QuestionsCameradar does not detect any camera!That means that either your cameras are not streaming in RTSP or that they are not on the target you are scanning. In most cases, CCTV cameras will be on a private subnetwork, isolated from the internet. Use the -t option to specify your target.Cameradar detects my cameras, but does not manage to access them at all!Maybe your cameras have been configured and the credentials / URL have been changed. Cameradar only guesses using default constructor values if a custom dictionary is not provided. You can use your own dictionaries in which you just have to add your credentials and RTSP routes. To do that, see how the configuration works. Also, maybe your camera’s credentials are not yet known, in which case if you find them it would be very nice to add them to the Cameradar dictionaries to help other people in the future.What happened to the C++ version?You can still find it under the 1.1.4 tag on this repo, however it was less performant and stable than the current version written in Golang.How to use the Cameradar library for my own project?See the example in /cameradar. You just need to run go get github.com/Ullaakut/cameradar and to use the cmrdr package in your code. You can find the documentation on godoc.I want to scan my own localhost for some reason and it does not work! What’s going on?Use the –net=host flag when launching the cameradar image, or use the binary by running go run cameradar/cameradar.go or installing itI don’t see a colored output :(You forgot the -t flag before ullaakut/cameradar in your command-line. This tells docker to allocate a pseudo-tty for cameradar, which makes it able to use colors.I don’t have a camera but I’d like to try Cameradar!Simply run docker run -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 ullaakut/rtspatt and then run cameradar and it should guess that the username is admin and the password is 12345. You can try this with any default constructor credentials (they can be found here)ExamplesRunning cameradar on your own machine to scan for default portsdocker run –net=host -t ullaakut/cameradar -t localhostRunning cameradar with an input file, logs enabled on port 8554docker run -v /tmp:/tmp –net=host -t ullaakut/cameradar -t /tmp/test.txt -p 8554 -lDownload Cameradar

Link: http://feedproxy.google.com/~r/PentestTools/~3/1bUGqwOggUY/cameradar-v210-hacks-its-way-into-rtsp.html

How To Add Startup Password in Google Chrome

Are you worried about the stored password in your browser? If you have a habit of storing passwords in the browser, there is a possibility that someone having access to your system can misuse your online accounts by that saved password. Not just your saved password, but other people can check your download history and web history. This […]
The post How To Add Startup Password in Google Chrome appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/vyeqUPqScYk/how-to-add-startup-password-in-google.html

“Dunkin” Donuts, Microsoft, & Marijuana – Paul’s Security Weekly #584

Hackers breach Dunkin Donuts, how insiders are serious threats to security in an organization, the return of email flooding, Microsoft helps police shut down fake tech support in India, and how Las Vegas police are cracking down on Black Market marijuana sales! Paul’s Stories Insiders Are Serious Threats to Cybersecurity in an Organization – Workforce – No […]
The post “Dunkin” Donuts, Microsoft, & Marijuana – Paul’s Security Weekly #584 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/kHt2vPIe-68/

Trape v2.0 – People Tracker On The Internet: OSINT Analysis And Research Tool

Trape is a OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control over their users through the browser, without them knowing, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.At the beginning of the year 2018 was presented at BlackHat Arsenal in Singapore: https://www.blackhat.com/asia-18/arsenal.html#jose-pino and in multiple security events worldwide.Some benefitsLOCATOR OPTIMIZATION: Trace the path between you and the target you’re tracking. Each time you make a move, the path will be updated, by means of this the location of the target is obtained silently through a bypass made in the browsers, allowing you not to skip the location request permit on the victim’s side , objective or person and at the same time maintain a precision of 99% in the locator.APPROACH: When you’re close to the target, Trape will tell you.REST API: Generates an API (random or custom), and through this you can control and monitor other Web sites on the Internet remotely, getting the traffic of all visitors. PROCESS HOOKS: Manages social engineering attacks or processes in the target’s browser.— SEVERAL: You can issue a phishing attack of any domain or service in real time as well as send malicious files to compromise the device of a target.— INJECT JS: You keep the JavaScript code running free in real time, so you can manage the execution of a keylogger or your own custom functions in JS which will be reflected in the target’s browser.— SPEECH: A process of audio creation is maintained which is played in the browser of the objective, by means of this you can execute personalized messages in different voices with languages in Spanish and English. PUBLIC NETWORK TUNNEL: Trape has its own API that is linked to ngrok.com to allow the automatic management of public network tunnels; By this you can publish your content of trape server executed locally to the Internet, to manage hooks or public attacks.CLICK ATTACK TO GET CREDENTIALS: Automatically obtains the target credentials, recognizing your connection availability on a social network or Internet service. NETWORK: You can get information about the user’s network.— SPEED: Viewing the target’s network speed. (Ping, download, upload, type connection)— HOSTS OR DEVICES: Here you can get a scan of all the devices that are connected in the target network automatically. PROFILE: Brief summary of the target’s behavior and important additional information about your device.— GPU — ENERGY 30-session recognitionSession recognition is one of trape most interesting attractions, since you as a researcher can know remotely what service the target is connected to.USABILITY: You can delete logs and view alerts for each process or action you run against each target.How to use itFirst unload the tool.git clone https://github.com/jofpin/trape.gitcd trapepython trape.py -hIf it does not work, try to install all the libraries that are located in the file requirements.txtpip install -r requirements.txtExample of executionExample: python trape.py –url http://example.com –port 8080HELP AND OPTIONSuser:~$ python trape.py –helpusage: python trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT] [-ak ACCESSKEY] [-l LOCAL] [–update] [-n] [-ic INJC]optional arguments: -h, –help show this help message and exit -v, –version show program’s version number and exit -u URL, –url URL Put the web page url to clone -p PORT, –port PORT Insert your port -ak ACCESSKEY, –accesskey ACCESSKEY Insert your custom key access -l LOCAL, –local LOCAL Insert your home file -n, –ngrok Insert your ngrok Authtoken -ic INJC, –injectcode INJC Insert your custom REST API path -ud UPDATE, –update UPDATE Update trape to the latest version–url In this option you add the URL you use to clone Live, which works as a decoy.–port Here you insert the port, where you are going to run the trape server.–accesskey You enter a custom key for the trape panel, if you do not insert it will generate an automatic key.–injectcode trape contains a REST API to play anywhere, using this option you can customize the name of the file to include, if it does not, generates a random name allusive to a token.–local Using this option you can call a local HTML file, this is the replacement of the –url option made to run a local lure in trape.–ngrok In this option you can enter a token, to run at the time of a process. This would replace the token saved in configurations.–version You can see the version number of trape.–update Option especially to upgrade to the latest version of trape.–help It is used to see all the above options, from the executable.DisclaimerThis tool has been published educational purposes in order to teach people how bad guys could track them or monitor them or obtain information from their credentials, we are not responsible for the use or the scope that may have the People through this project.We are totally convinced that if we teach how vulnerable things are, we can make the Internet a safer place.DeveloperThis development and others, the participants will be mentioned with name, Twitter and charge. CREATOR— Jose Pino – @jofpin – (Security Researcher)Download Trape v2.0

Link: http://www.kitploit.com/2018/11/trape-v20-people-tracker-on-internet.html

Janusec Application Gateway – Tool Which Provides WAF, CC Attack Defense, Unified Web Administration Portal, Private Key Protection, Web Routing And Scalable Load Balancing

Janusec Application Gateway, an application security solutions which provides WAF (Web Application Firewall), unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications.Key FeaturesWAF (Web Application Firewall), block SQL Injection, Cross-site Scripting, Sensitive Data Leakage, CC Attacks etc.Group Policy (Cooperation with Multiple Check Points)CAPTCHA supportUnified Web AdministrationHTTPS support, No Agent Required.Certificate Protection with Private Key Encrypted StorageScalable Architecture, Load Balance and Multiple Nodes SupportScreenshotsSQL Injection ScreenshotSensitive Data Leakage ScreenshotOfficial Web Sitehttps://www.janusec.com/Detailed documentation is available at Janusec Application Gateway Documentation.RequirementsPostgreSQL 9.3~9.6 or 10 (Required by Development and Master Node of Deployment)CentOS/RHEL 7, Debian 9systemdGolang 1.9+ (Required by Development Only)Quick Start for Deploymenthttps://www.janusec.com/documentation/quick-start/Quick Start for Developergo get -u github.com/Janusec/januseccd $GOPATH/src/github.com/Janusec/janusecEdit config.json with PostgreSQL”host": "127.0.0.1","port": "5432","user": "janusec","password": "123456","dbname": "janusec"Janusec will encrypt the password automatically.Then:go buildsu (switch to root)./janusecWeb Administrationhttp://127.0.0.1:9080/ (The first address)Janusec Application Gateway ConfigurationReleasego build./release.sh (Only support Linux Now)The release package is under ./dist .Web Administration PortalRelease directory is ./static/ , and source code is available at Janusec-Admin Github with Angular 5.SupportWebsite: https://www.janusec.com/Email: support#janusec.comQQ Group: 776900157 , @U2 (The Author)Download Janusec

Link: http://feedproxy.google.com/~r/PentestTools/~3/WzzK4UaQAng/janusec-application-gateway-tool-which.html

Mimecast, Endpoint Security, & Tufin – Enterprise Security Weekly #16

Israeli cybersecurity company Tufin plans NASDAQ IPO, F-Secure boosts endpoint detection and response, Mimecast joins IBM Security app exchange community, and Awake Security debuts Network Traffic Analysis Platform to detect risks! Enterprise News Riverbed announces enhancements to SD-WAN solution | Israeli cybersecurity co Tufin plans Nasdaq IPO Flexera AdminStudio 2018 decreases the need for repackaging […]
The post Mimecast, Endpoint Security, & Tufin – Enterprise Security Weekly #16 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/Zalw2Qma2yc/