Lynis 2.6.2 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade noteChanges:——–* Bugfix for Arch Linux (binary detection)* Textual changes for several tests* Update of tests databaseDownload Lynis 2.6.2

Link: http://feedproxy.google.com/~r/PentestTools/~3/vGkfwda54AA/lynis-262-security-auditing-tool-for.html

Lynis 2.6.1 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade noteChanges:——–* Tests can have more than 1 required OS (e.g. Linux OR NetBSD)* Added ‘system-groups’ option to profile (Enterprise users)* Overhaul of default profile and migrate to new style (setting=value)* Show warning if old profile options are used* Improved detection of binaries* New group ‘usb’ for tests related to USB devicesTests:——* [FILE-6363] – New test for /var/tmp (sticky bit)* [MAIL-8802] – Added exim4 process name to improve detection of Exim* [NETW-3030] – Changed name of dhcp client name process and added udhcpc* [SSH-7408] – Restored UsePrivilegeSeparation* [TIME-3170] – Added chrony configuration file for NetBSDDownload Lynis 2.6.1

Link: http://feedproxy.google.com/~r/PentestTools/~3/AIu0Z3mo1gE/lynis-261-security-auditing-tool-for.html

Lynis 2.5.9 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade noteChanges:——–* Don’t show upgrade notice when being quiet/silent* Added –noplugins as an alias to skip execution of plugins* Use PATH variable for path detection, with predefined list as a backupTests:——* [KRNL-6000] Multiple values are now allowed per sysctl key* [KRNL-6000] Individual tests can be skipped (skip-test=KRNL-6000:Download Lynis 2.5.9

Link: http://feedproxy.google.com/~r/PentestTools/~3/ZZ-doxYR9rw/lynis-259-security-auditing-tool-for.html

Wapiti 3.0.0 – The Web-Application Vulnerability Scanner

Wapiti allows you to audit the security of your websites or web applications.It performs “black-box" scans (it does not study the source code) of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data.Once it gets the list of URLs, forms and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.What’s new in Wapiti 3.0.0 ?Wapiti can detect the following vulnerabilities :File disclosure (Local and remote include/require, fopen, readfile…)Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)XSS (Cross Site Scripting) injection (reflected and permanent)Command Execution detection (eval(), system(), passtru()…)CRLF Injection (HTTP Response Splitting, session fixation…)XXE (XML External Entity) injectionUse of know potentially dangerous files (thanks to the Nikto database)Weak .htaccess configurations that can be bypassedPresence of backup files giving sensitive information (source code disclosure)Shellshock (aka Bash bug)A buster module also allows to brute force directories and files names on the target webserver.Wapiti supports both GET and POST HTTP methods for attacks.It also supports multipart forms and can inject payloads in filenames (upload).Warnings are raised when an anomaly is found (for example 500 errors and timeouts)Wapiti is able to make the difference beetween permanent and reflected XSS vulnerabilities.General features :Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…)Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases)Can give you colors in the terminal to highlight vulnerabilitiesDifferent levels of verbosityFast and easy way to activate/deactivate attack modulesAdding a payload can be as easy as adding a line to a text fileBrowsing features:Support HTTP, HTTPS and SOCKS5 proxiesAuthentication via several methods : Basic, Digest, Kerberos or NTLMAbility to restrain the scope of the scan (domain, folder, page, url)Automatic removal of one are more parameters in URLsMultiple safeguards against scan endless-loops (ifor example, limit of values for a parameter)Possibility to set the first URLs to explore (even if not in scope)Can exclude some URLs of the scan and attacks (eg: logout URL)Import of cookies (get them with the wapiti-getcookie tool)Can activate / deactivate SSL certificates verificationExtract URLs from Flash SWF filesTry to extract URLs from javascript (very basic JS interpreter)HTML5 aware (understand recent HTML tags)Several options to control the crawler behavior and limits.Skipping some parameter names during attack.Setting a maximum time for the scan process.Adding some custom HTTP headers or setting a custom User-Agent.Wapiti is a command-line application.Here is an exemple of output against a vulnerable web application.You may find some useful informations in the README and the INSTALL files.Have any questions ? You may find answers in the FAQ. Usage ██╗ ██╗ █████╗ ██████╗ ██╗████████╗██╗██████╗ ██║ ██║██╔══██╗██╔══██╗██║╚══██╔══╝██║╚════██╗ ██║ █╗ ██║███████║██████╔╝██║ ██║ ██║ █████╔╝ ██║███╗██║██╔══██║██╔═══╝ ██║ ██║ ██║ ╚═══██╗ ╚███╔███╔╝██║ ██║██║ ██║ ██║ ██║██████╔╝ ╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ╚═╝╚═════╝ Wapiti-3.0.0 (wapiti.sourceforge.net)usage: wapiti [-h] [-u URL] [–scope {page,folder,domain,url}] [-m MODULES_LIST] [–list-modules] [-l LEVEL] [-p PROXY_URL] [-a CREDENTIALS] [–auth-type {basic,digest,kerberos,ntlm}] [-c COOKIE_FILE] [–skip-crawl] [–resume-crawl] [–flush-attacks] [–flush-session] [-s URL] [-x URL] [-r PARAMETER] [–skip PARAMETER] [-d DEPTH] [–max-links-per-page MAX] [–max-files-per-dir MAX] [–max-scan-time MINUTES] [–max-parameters MAX] [-S FORCE] [-t SECONDS] [-H HEADER] [-A AGENT] [–verify-ssl {0,1}] [–color] [-v LEVEL] [-f FORMAT] [-o OUPUT_PATH] [–no-bugreport] [–version]wapiti: error: one of the arguments -u/–url –list-modules is requiredShortest way (with default options) to launch a Wapiti scan : wapiti -u http://target/Every option is detailed in the wapiti(1) manpage.Wapiti also comes with an utility to fetch cookies from websites called wapiti-getcookie. The corresponding manpage is here.Download Wapiti 3.0.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/vKJRPx9xvts/wapiti-300-web-application.html

fuxploider – File Upload Vulnerability Scanner And Exploitation Tool

fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.Installationgit clone https://github.com/almandin/fuxploider.gitcd fuxploiderpip3 install -r requirements.txtUsageTo get a list of basic options and switches use :python fuxploider.py -hBasic example :python fuxploider.py –url https://awesomeFileUploadService.com –not-regex “wrong file type"Download fuxploider

Link: http://feedproxy.google.com/~r/PentestTools/~3/bnji-qfLIeo/fuxploider-file-upload-vulnerability.html