• Breaking News

    Saturday, December 28, 2019

    Home Unlabelled endlessh: SSH tarpit that slowly sends an endless banner Security News & Discussion

    endlessh: SSH tarpit that slowly sends an endless banner Security News & Discussion

    December 28, 2019

    endlessh: SSH tarpit that slowly sends an endless banner Security News & Discussion

    endlessh: SSH tarpit that slowly sends an endless banner

    Posted: 28 Dec 2019 03:21 AM PST

    Sleuthing from public sources to figure out how the Hateful Eight leaker was caught

    Posted: 28 Dec 2019 11:54 AM PST

    CORS Misconfigurations

    Posted: 28 Dec 2019 08:25 AM PST

    Bumble: Finding dates and WiFi access points

    Posted: 28 Dec 2019 08:55 AM PST

    Parsuite: A Modularized Parser Framework Written in Python 3

    Posted: 27 Dec 2019 11:04 AM PST

    https://github.com/arch4ngel/parsuite

    I came across 0bs1d1an-'s post about a really cool parser yesterday that supports input files from various sources and it inspired me to share this modular parser I've been working on. I put it together when I decided too much time was being spent using grep and awk during my day-to-day as a penetration tester.

    Hope someone finds it useful!

    Framework Capabilities

    • You can create simple parser modules and drop them in the parsuite.modules path as described in the wiki, which'll make them appear in the interface.
    • abstractions can be used to represent elements from Nessus, NMap, Masscan, and Burp XML files as Python objects (it's not one-to-one, but enough to get the job done in most cases)
    • parsers can be used to parse XML objects on the quick

    Current Modules

    There are several super useful modules already implemented, but here are the three I use most often:

    nessus_api_host_dumper

    Contrary to the name, this module dumps output from a Nessus scan using the JSON API to while using the filesystem as an improvised database, i.e. each vulnerability receives a folder that contains a list of affected hosts, ports, and sockets. The directory structure is: <output directory>/<severity>/<vulnerability name>.

    This module is particularly useful when long scans are running or when the user interface stops working due to large data sets (thanks Tenable).

    ``` archangel@deskjet~> parsuite nessus_api_host_dumper --url https://www.somenessus.com:8834 -od nessus_output -i --scan-names TestScan [+] Starting the parser [+] Loading modules [+] Executing module: nessus_api_host_dumper [+] Getting user credentials...

    [+] Attempting to dump hosts from TestScan [+] Processing: TestScan [+] Processing scan hosts [+] Processing scan plugins (this may take some time) [+] Processing target plugin ids [+] [INFO] traceroute_information [+] [INFO] nessus_scan_information [+] [INFO] additional_dns_hostnames [+] [INFO] tls_version_1_1_protocol_detection [+] [INFO] tls_npn_supported_protocol_enumeration [+] [INFO] tls_next_protocols_supported [+] [INFO] tls_alpn_supported_protocol_enumeration [+] [INFO] ssl_root_certification_authority_certificate_infor [+] [INFO] ssl_perfect_forward_secrecy_cipher_suites_supporte [+] [INFO] ssl_cipher_suites_supported [+] [INFO] ssl_cipher_block_chaining_cipher_suites_supported [+] [INFO] ssl_certificate_signed_using_weak_hashing_algorith [+] [INFO] ssl_certificate_information [+] [INFO] ssl_tls_versions_supported [+] [INFO] hsts_missing_from_https_server [+] [INFO] nessus_tcp_scanner [+] [INFO] hypertext_transfer_protocol_http_information [+] [INFO] http_server_type_and_version [+] [INFO] service_detection [+] Module execution complete. Exiting. ```

    ...and the directory structure looks like

    ``` archangel@deskjet~> head nessus_output/info/additional_dns_hostnames/additional_information

    Plugin Name: Additional DNS Hostnames

    Plugin ID: 46180

    Severity: INFO

    Description:

    Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.

    Different web servers may be hosted on name-based virtual hosts. ```

    xml_dumper

    Extract output from NMap, Nessus, and Masscan XML files in various formats.

    Here's an example of dumping records in URI format while searching for HTTP services.

    root@deskjet:recon~> parsuite xml_dumper -ifs full_aggressive.xml --format uri --sreg --service-search 'https?' [+] Starting the parser [+] Loading modules [+] Executing module: xml_dumper [+] Module execution complete. Exiting. http-proxy://192.168.1.92:8080 http://192.168.1.92:2053 http://192.168.1.92:2083 http://192.168.1.92:2087 http://192.168.1.92:2096 http://192.168.1.92:80 https-alt://192.168.1.92:8443 https://192.168.1.92:443 ...

    templatizer

    Define a template and to create new outputs using inputs from a CSV file

    I use this to create things like phishing emails. Here's a (bad) example of how you could create some links with random values and an email from a csv file.

    Input CSV file:

    root@deskjet:parsuite~> cat sample.csv first,last,add Blue,Jay,arbitrary_at_domain Red,Herring,innocuous_at_domain

    Output:

    root@Jdeskjet:parsuite~> parsuite templatizer -csv sample.csv --text-templates 'https://www.evillanding.com?uid=<<<:RAND:>>>&addr=<<<:add:url_encode>>>' [+] Starting the parser [+] Loading modules [+] Executing module: templatizer https://www.evillanding.com?uid=y1d416smo0&addr=arbitrary_at_domain https://www.evillanding.com?uid=oI2f4k6717&addr=innocuous_at_domain [+] Module execution complete. Exiting.

    submitted by /u/arch4ng3l86
    [link] [comments]

    D-Link DIR-859 — Unautenticated RCE (CVE-2019–17621)

    Posted: 26 Dec 2019 06:15 PM PST
    Read more
    at

    No comments:

    Post a Comment