XIP – Tool To Generate A List Of IP Addresses By Applying A Set Of Transformations Used To Bypass Security Measures E.G. Blacklist Filtering, WAF, Etc.

XIP generates a list of IP addresses by applying a set of transformations used to bypass security measures e.g. blacklist filtering, WAF, etc.Further explaination on our blog post articleUsagepython3 xip.py –helpDocker alternativeOfficial imageYou can pull the official Drupwn image from the dockerhub registry using the following command:docker pull immunit/XIPBuildTo build the container, just use this command:docker build -t xip .Docker will download the Alpine image and then execute the installation steps.Be patient, the process can be quite long the first time.RunOnce the build process is over, get and enjoy your new tool.docker run –rm -it xip –helpLoggingThe output generated is stored in the /tmp/ folder. When using docker, run your container using the following option-v YOUR_PATH_FOLDER:/tmp/Download XIP

Link: http://www.kitploit.com/2019/02/xip-tool-to-generate-list-of-ip.html

Scanner-Cli – A Project Security/Vulnerability/Risk Scanning Tool

The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines.Running and configuring the scannerThe Hawkeye scanner-cli assumes that your directory structure is such that it keeps the toolchain’s files on top level. Roughly, this is what it boils down to:Node.js projects have a package.json on top levelRuby projects will have a Gemfile on top levelPython projects will have a requirements.txt on top levelPHP projects will have a composer.lock on top levelJava projects will have a build (gradle) or target (maven) folder, and include .java and .jar filesThis is not exhaustive as sometimes tools require further files to exist. To understand how the modules decide whether they can handle a project, please check the How it works section and the modules folder.Docker (recommended)The docker image is hands-down the easiest way to the scanner. Please note that your project root (e.g. $PWD) needs to be mounted to /target.docker run –rm -v $PWD:/target hawkeyesec/scanner-cliThe docker build is also the recommended way to run the scanner in your CI pipelines. This is an example of running Hawkeye against one of your projects in GoCD:

Link: http://feedproxy.google.com/~r/PentestTools/~3/JoL8_BBnrhQ/scanner-cli-project-securityvulnerabili.html

Android, Nest, & Linux Malware – Paul’s Security Weekly #591

Cellular carriers are implementing services to identify cell scam leveraging, New Android Malware uses motion sensor to avoid detection, Linux Malware disables security software to mine cryptocurrency, and how a Hacker threatened a family using a Nest Camera to broadcast a fake missile attack alert! Paul’s Stories The 51 Things Most Homeowners Arent Doing But […]
The post Android, Nest, & Linux Malware – Paul’s Security Weekly #591 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/Cr-ZonTpijY/

Chris Morales, Vectra – Paul’s Security Weekly #591

Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes. Full Show Notes Follow us on […]
The post Chris Morales, Vectra – Paul’s Security Weekly #591 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/U-vjo_DCA_k/

Topics & Questions – Paul’s Security Weekly #591

In our second segment, the Security Weekly hosts talks about some of our favorite hacker movies, influencers in the community, and what software and devices make appearances in our labs! Full Show NotesFollow us on Twitter: https://www.twitter.com/securityweekly Hosts Announcements RSA Conference 2019 is coming up March 4 – 8 in San Francisco! Go to rsaconference.com/securityweekly-us19 […]
The post Topics & Questions – Paul’s Security Weekly #591 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/RAo7gh_ZlEk/

LinkedIn, MySQL, & Cyber Attacks – Hack Naked News #204

    A flaw in MySQL could allow rogue servers to steal files, a state agency exposes 3TB of data including FBI info, how cybercriminals clean their dirty money, a critical RCE flaw in Linux APT allows remote attackers to hack systems, and how to protect against a new breed of cyber attack! Jason Wood […]
The post LinkedIn, MySQL, & Cyber Attacks – Hack Naked News #204 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/wxbXbYGhYOA/

Conpot – An Open Industrial Control Honeypot

Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systemsDocumentationThe build of the documentations source can be found here. There you will also find the instructions on how to install conpot and the FAQ.Easy install using DockerVia a pre-built imageInstall DockerRun docker pull honeynet/conpotRun docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp –network=bridge honeynet/conpot:latest /bin/shFinally run conpot -f –template defaultNavigate to http://MY_IP_ADDRESS to confirm the setup.Build docker image from sourceInstall DockerClone this repo with git clone https://github.com/mushorg/conpot.git and cd conpot/dockerRun docker build -t conpot .Run docker run -it -p 80:8800 -p 102:10201 -p 502:5020 -p 161:16100/udp -p 47808:47808/udp -p 623:6230/udp -p 21:2121 -p 69:6969/udp -p 44818:44818 –network=bridge conpotNavigate to http://MY_IP_ADDRESS to confirm the setup.Build from source and run with docker-composeInstall docker-composeClone this repo with git clone https://github.com/mushorg/conpot.git and cd conpot/dockerBuild the image with docker-compose buildTest if everything is running correctly with docker-compose upPermanently run as a daemon with docker-compose up -dSample output::# conpot –template default _ ___ ___ ___ ___ ___| |_ | _| . | | . | . | _| |___|___|_|_| _|___|_| |_| Version 0.6.0 MushMush Foundation 2018-08-09 19:13:15,085 Initializing Virtual File System at ConpotTempFS/__conpot__ootc_k3j. Source specified : tar://conpot-0.6.0-py3.6/conpot/data.tar2018-08-09 19:13:15,100 Please wait while the system copies all specified files2018-08-09 19:13:15,172 Fetched x.x.x.x as external ip.2018-08-09 19:13:15,175 Found and enabled (‘modbus’, ) protocol.2018-08-09 19:13:15,177 Found and enabled (‘s7comm’, <conpot.protocols.s7comm.s7_server.S7Server object at 0x7f1af5ad1f60>) protocol.2018-08-09 19:13:15,178 Found and enabled (‘http’, <conpot.protocols.http.web_server.HTTPServer object at 0x7f1af4fc2630>) protocol.2018-08-09 19:13:15,179 Found and enabled (‘snmp’, <conpot.protocols.snmp.snmp_server.SNMPServer object at 0x7f1af4fc2710>) protocol.2018-08-09 19:13:15,181 Found and enabled (‘bacnet’, <conpot.protocols.bacnet.bacnet_server.BacnetServer object at 0x7f1af4fc22e8>) protocol.2018-08-09 19:13:15,182 Found and enabled (‘ipmi’, <conpot.protocols.ipmi.ipmi_server.IpmiServer object at 0x7f1af5aaa1d0>) protocol.2018-08-09 19:13:15,185 Found and enabled (‘enip’, <conpot.protocols.enip.enip_server.EnipServer object at 0x7f1af5aaa0f0>) protocol.2018-08-09 19:13:15,199 Found and enabled (‘ftp’, <conpot.protocols.ftp.ftp_server.FTPServer object at 0x7f1af4fcec18>) protocol.2018-08-09 19:13:15,206 Found and enabled (‘tftp’, <conpot.protocols.tftp.tftp_server.TftpServer object at 0x7f1af4fcef28$) protocol.2018-08-09 19:13:15,206 No proxy template found. Service will remain unconfigured/stopped. 2018-08-09 19:13:15,206 Modbus server started on: (‘’, 5020) 2018-08-09 19:13:15,206 S7Comm server started on: (‘’, 10201) 2018-08-09 19:13:15,207 HTTP server started on: (‘’, 8800) 2018-08-09 19:13:15,402 SNMP server started on: (‘’, 16100) 2018-08-09 19:13:15,403 Bacnet server started on: (‘’, 47808) 2018-08-09 19:13:15,403 IPMI server started on: (‘’, 6230) 2018-08-09 19:13:15,403 handle server PID [23183] running on (‘’, 44818) 2018-08-09 19:13:15,404 handle server PID [23183] responding to external done/disable signal in object 1397536723090642018-08-09 19:13:15,404 FTP server started on: (‘’, 2121) 2018-08-09 19:13:15,404 Starting TFTP server at (‘’, 6969)Intro videoDownload Conpot

Link: http://feedproxy.google.com/~r/PentestTools/~3/Khos5GRsxrw/conpot-open-industrial-control-honeypot.html

Sitadel – Web Application Security Scanner

Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and implement new features :Frontend framework detectionContent Delivery Network detectionDefine Risk Level to allow for scansPlugin systemDocker image available to build and runInstallation$ git clone https://github.com/shenril/Sitadel.git$ cd Sitadel$ pip install .$ python sitadel.py –helpFeaturesFingerprints ServerWeb Frameworks (CakePHP,CherryPy,…)Frontend Frameworks (AngularJS,MeteorJS,VueJS,…)Web Application Firewall (Waf)Content Management System (CMS)Operating System (Linux,Unix,..)Language (PHP,Ruby,…)Cookie SecurityContent Delivery Networks (CDN)Attacks: Bruteforce Admin InterfaceCommon BackdoorsCommon Backup DirectoryCommon Backup FileCommon DirectoryCommon FileLog FileInjection HTML InjectionSQL InjectionLDAP InjectionXPath InjectionCross Site Scripting (XSS)Remote File Inclusion (RFI)PHP Code InjectionOther HTTP Allow MethodsHTML ObjectMultiple IndexRobots PathsWeb DavCross Site Tracing (XST)PHPINFO.ListingVulnerabilities ShellShockAnonymous Cipher (CVE-2007-1858)Crime (SPDY) (CVE-2012-4929)Struts-ShockExampleSimple runpython sitadel http://website.com Run with risk level at DANGEROUS and do not follow redirectionspython sitadel http://website.com -r 2 –no-redirectRun specifics modules only and full verbositypython sitadel http://website.com -a admin backdoor -f header server -vvvRun with dockerdocker build -t sitadel .docker run sitadel http://example.comDownload Sitadel

Link: http://feedproxy.google.com/~r/PentestTools/~3/zfPWuXefLsw/sitadel-web-application-security-scanner.html

Etherium, Zerodium, Containers – Hack Naked News #202

    Etherium hit by Double Spend attack, NSA to release reverse engineering tool for free, a Skype Glitch allowed Android Authentication Bypass, Zerodium offers $2Million for remote iOS jailbreaks, and Tens of Thousands of Hot Tubs are exposed to hack! Our CEO Matt Alderman joins us for expert commentary on Container Security Lags Amidst […]
The post Etherium, Zerodium, Containers – Hack Naked News #202 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/NbmtVrG1SxA/